China’s ride-hailing leader Didi has been fined 8.026 billion yuan (about 1.2 billion euros) for violating cybersecurity rules, the Cyberspace Administration of China (ACC) announced on Thursday. July 21. This is one of the largest fines imposed on a company in China, after that of 2.7 billion euros aimed at Alibaba, in 2021. It concludes a particularly painful saga for Didi, since the Chinese web regulator had launched its investigation just a few days after the group’s introduction on Wall Street, which had enabled it to raise 4.4 billion dollars (4.3 billion euros) on June 30, 2021, valuing it at 67 billion dollars.
Throughout the investigation, Didi had been banned from Chinese app stores and prevented from recruiting new users. In December 2021, the company announced its exit from the American Stock Exchange, which became effective four months later. In the meantime, the share price had fallen by 80%.
Beyond Didi, the case had cast a chill over the Chinese tech giants, already under fire from a series of attacks from the country’s various regulators since the end of 2020 and the cancellation in extremis of the introduction on the stock exchange of the financial subsidiary of Alibaba. After tightening the rules governing online finance, then those governing sales and delivery platforms, the authorities opened a new chapter in their campaign, with the thorny issue of data security.
Long left to the discretion of companies, it is the subject of increased attention from the public authorities. Beijing adopted a first cybersecurity law in 2017, in particular requiring companies to keep data relating to Chinese users in the country. In 2021, the country adopted a new text specifically targeting the issue of data collection and use. As often in China, the text is vague and leaves wide latitude to the authorities. A real challenge for companies, required to comply.
“Serious risks”
With Didi, Beijing sends them a clear message. In its press release, the ACC claims to have “incontrovertible evidence” that Didi has repeatedly violated Chinese law: ” [Ses] Illegal operations have posed serious risks to the country’s strategic information infrastructure and data security. » The company is accused of having stored the identity information of more than 57 million drivers in an unsecured format and of having analyzed user data, including their photo and their telephone number, without informing them. Didi is also accused of not having taken measures to rectify the situation, despite several calls to order. In addition to the sanctions imposed on the group, its two leaders, Cheng Wei and Liu Qing, were each fined one million yuan.
You have 34.05% of this article left to read. The following is for subscribers only.