Shanghai: China’s cyberspace regulator has launched an investigation into the ride-hailing giant Didi Global A few days after it went public in a $4.4 billion New York stock sale, it called for the app to stop adding new users and remove it from the App Store.
The move comes amid strict policies around data control and privacy and a broader crackdown on tech firms, following similar actions against two other Chinese firms recently listed in the US.
What are the charges against Didi?
Cyberspace Administration of China (CAC) on July 2 Elder sister Citing China’s cybersecurity law, a comprehensive piece of legislation enacted in 2017 to stop accepting new user registrations.
Two days later, the CAC said Didi’s app “contains serious violations of laws and regulations relating to the collection of personal information.”
The CAC has not publicly specified the violations.
What user data does Didi collect?
Didi, China’s largest ride-hailing company, offers 20 million rides a day in China to users who sign up through an app that uses a phone number and password.
Didi collects user location and travel route data for security and data analysis. It regularly publishes its big data analytics reports showing, for example, what time people finish work in certain cities, or which employers have the longest working hours.
Didi equips cars with cameras monitoring road conditions, and what’s happening in the car, collecting data on 100 billion kilometers of Chinese roads per year.
Didi stores all Chinese user and roads data on home servers. A Didi executive said on Saturday it was impossible to pass the data to the United States.
Why did CAC target Didi?
China is in the process of reforming its policy on privacy and data protection.
At the end of April, China released the second version of the draft personal information protection law, which calls on tech platforms to take stringent measures to ensure the secure storage of user data.
In September, China is set to implement its data protection law, which requires companies processing “critical data” to conduct risk assessments and submit reports to authorities. It also calls on organizations that submit data affecting China’s national security to an annual review.
Michael Tan, who heads international law firm Taylor Weising’s China TMC practice, says these laws are based on cybersecurity legislation, and the actions against Didi and other companies publicly demonstrate how seriously the government is taking the new law. will apply from
In May, the CAC indicted 105 apps, including ByteDance’s Douin and MicrosoftBing, for collecting excessive amounts of users’ personal information and accessing it illegally.
What’s with time?
The move has drawn comparisons late last year when Ant Group, fintech Alibaba’s affiliate saw its largely planned Shanghai and Hong Kong IPOs thwarted after regulators announced an investigation a few days ago because of the listing.
Some investors and experts suspect that by targeting a high-profile tech company listed in the United States, Beijing is indicating that it wants to list its data-rich tech firms domestically, not for security reasons. abroad.
Late on Tuesday, China’s cabinet said Beijing would monitor Chinese firms listed offshore and strengthen regulation of cross-border data flow and security.
“When companies go public, they need to disclose a lot of detail about how their supply chains actually operate,” said Nico Bahmanyar, who oversees Chinese data policy at Beijing-based law firm Leaf. ”
“So if China sees risk there, it will be easier to control the Hong Kong stock exchange than the US stock exchange.”
The move comes amid strict policies around data control and privacy and a broader crackdown on tech firms, following similar actions against two other Chinese firms recently listed in the US.
What are the charges against Didi?
Cyberspace Administration of China (CAC) on July 2 Elder sister Citing China’s cybersecurity law, a comprehensive piece of legislation enacted in 2017 to stop accepting new user registrations.
Two days later, the CAC said Didi’s app “contains serious violations of laws and regulations relating to the collection of personal information.”
The CAC has not publicly specified the violations.
What user data does Didi collect?
Didi, China’s largest ride-hailing company, offers 20 million rides a day in China to users who sign up through an app that uses a phone number and password.
Didi collects user location and travel route data for security and data analysis. It regularly publishes its big data analytics reports showing, for example, what time people finish work in certain cities, or which employers have the longest working hours.
Didi equips cars with cameras monitoring road conditions, and what’s happening in the car, collecting data on 100 billion kilometers of Chinese roads per year.
Didi stores all Chinese user and roads data on home servers. A Didi executive said on Saturday it was impossible to pass the data to the United States.
Why did CAC target Didi?
China is in the process of reforming its policy on privacy and data protection.
At the end of April, China released the second version of the draft personal information protection law, which calls on tech platforms to take stringent measures to ensure the secure storage of user data.
In September, China is set to implement its data protection law, which requires companies processing “critical data” to conduct risk assessments and submit reports to authorities. It also calls on organizations that submit data affecting China’s national security to an annual review.
Michael Tan, who heads international law firm Taylor Weising’s China TMC practice, says these laws are based on cybersecurity legislation, and the actions against Didi and other companies publicly demonstrate how seriously the government is taking the new law. will apply from
In May, the CAC indicted 105 apps, including ByteDance’s Douin and MicrosoftBing, for collecting excessive amounts of users’ personal information and accessing it illegally.
What’s with time?
The move has drawn comparisons late last year when Ant Group, fintech Alibaba’s affiliate saw its largely planned Shanghai and Hong Kong IPOs thwarted after regulators announced an investigation a few days ago because of the listing.
Some investors and experts suspect that by targeting a high-profile tech company listed in the United States, Beijing is indicating that it wants to list its data-rich tech firms domestically, not for security reasons. abroad.
Late on Tuesday, China’s cabinet said Beijing would monitor Chinese firms listed offshore and strengthen regulation of cross-border data flow and security.
“When companies go public, they need to disclose a lot of detail about how their supply chains actually operate,” said Nico Bahmanyar, who oversees Chinese data policy at Beijing-based law firm Leaf. ”
“So if China sees risk there, it will be easier to control the Hong Kong stock exchange than the US stock exchange.”
.