Chinese regulator fines Didi Global $1.19 billion for breaking data security laws
Published: Jul 21, 2022 03:23 PM
Headquarters of Didi Chuxing in Beijing File photo: VCG

Headquarters of Didi Chuxing in Beijing File photo: VCG

Chinese internet regulator on Thursday fined ride-hailing giant Didi Global 8.026 billion yuan ($1.19 billion) after deciding the company violated 16 Chinese laws, including the network security law, data security law and personal information protection law.

The staggering fine is to date the largest regulatory penalty imposed on a Chinese mainland-based tech company since e-commerce titan Alibaba Group and delivery giant Meituan were fined $2.75 billion and $527 million respectively last year by China's antitrust regulator.

China's internet regulator, the Cyberspace Administration of China (GAC) said on Thursday that Didi was found of illegal collection of 11.963 million screenshot grabs from its users' mobile phone albums, as well as excessive collection of user clipboard information and 8.323 billion pieces of application list information. 

The rider-hailer also over-collected 107 million instances of passengers' facial recognition information, and analyzed 53.976 billion sets of passenger travel intention information without informing the passengers in advance.

The CAC said Didi's violation of law and regulations were based on very clear facts and conclusive evidences, while the company's violations are severe and the actions of the firm were malicious.

Didi's illegal operations have brought about serious security risks which could compromise the country's key information infrastructure and crucial data security, the CAC noted.

Didi issued a statement on Thursday, which was obtained by the Global Times, saying that the company sincerely acknowledges the regulatory decision, will resolutely obey the rulings, and will strictly follow the penalty decision and relevant laws and regulations, while pledging to earnestly conduct a comprehensive internal review.

The company said that they will treat this as a warning, and insist on paying equal attention to operational security and corporate development, strengthen the construction of its networks and data security, as well as ramp up protection of personal information.

Didi's penalty could pave the way for the regulator to ease a restriction banning it from adding new users to its platform and allow its apps to be restored on domestic app stores, Chinese industry insiders said.

In addition to the fine handed to the company, Cheng Wei, chairman and CEO of Didi Global Co, and Liu Qing, president of Didi Global Co, were each fined one million yuan.

In July 2021, in order to prevent national data security risks, maintain national security, and protect the public interest, a cybersecurity review was conducted into Didi in accordance with the national security laws and the country's cybersecurity regulation.

Didi announced it would delist from the New York Stock Exchange in December 2021, and won its shareholders' nod for the delisting plan in May this year.

On July 16, Didi Chuxing found itself in the news headlines after its subsidiary Didi Pay, a business unit focused mainly on providing digital payment service for Didi Chuxing's ride-hailing business, received a warning from the Operation Office (Beijing) of the People's Bank of China, the country's central bank, and it was fined 4.27 million yuan ($632,000) for violations.

Global Times