China fines Didi Global US$1.2 billion, ends year-long probe

  • The Cyberspace Administration of China has imposed a fine of 8.026 billion yuan (US$1.2 billion) against Didi Global
  • Senior executives Will Cheng Wei and Jean Liu Qing were each fined 1 million yuan, the regulator said

The Cyberspace Administration of China (CAC) has imposed a fine of 8.026 billion yuan (US$1.2 billion) against Didi Global, the country’s ride-hailing giant, for data violations, putting an end to a year-long investigation into the Beijing-based company.

Senior executives Will Cheng Wei and Jean Liu Qing were each fined 1 million yuan, the regulator said in a statement on Thursday.

Authorities did not say whether Didi’s apps, 26 of which were removed from domestic app stores in July 2021, would be restored.

The decision comes more than a year after authorities initiated an unprecedented cybersecurity probe into the company, days after it launched a US$4.4 billion initial public offering in New York on June 30, 2021.

The abrupt investigation shook investor confidence in Chinese technology stocks. Since then, few Chinese companies have chosen to list in the US.

Last month, Didi started trading on the over-the-counter market after shareholders voted to delist the company from the New York Stock Exchange.

The CAC said in its statement that Didi had committed 16 offences involving the illegal collection of data from drivers and passengers. They include the illegal processing of 64.7 billion personal information entries over the span of seven years since June 2015.

“Didi has failed to perform its duty to maintain cyberspace security, data security, and personal information protection … bringing serious risks to national cyberspace security and data security,” the regulator said.

“Moreover, even with clear orders from regulatory authorities to correct the issues, Didi failed to carry out comprehensive and in-depth rectifications. The nature of the offences was egregious.”

The CAC did not disclose what security threats Didi had caused to “the nation’s crucial information infrastructure and data security”, citing national security reasons.

Didi was found to have illegally collected nearly 12 million pieces of photo information from users’ phones, 107 million entries of facial recognition data, 53.5 million entries of age data, 16.3 million entries of occupation data, and 1.4 million entries of data about family relations.

Didi was also accused of gathering 153 million entries of home and company address data and 167 million entries of location information. Didi analysed, without user consent, 54 billion entries regarding the travel purposes of passengers.

“The investigation also found that Didi had engaged in data processing activities that seriously affected national security, and refused to fulfil the requirements of regulatory authorities, among other illegal issues, such as false compliance and malicious evasion of supervision,” the statement said.

Didi said on its Weibo account on Thursday that it fully accepted the regulator’s decision and would rectify its wrongdoings.

Author: Che Pan, SCMP

You might also like