Didi Global was fined 8 billion yuan (1.18 billion euros) for violating China’s cybersecurity and data security laws. The Chinese ride-sharing operator is accused of 16 illegal practices involving the collection of passenger data.
The Cyberspace Administration of China (CAC) said on Thursday that Didi violated the country’s cybersecurity and data security laws. The industry regulator cited the Cybersecurity Law, Data Security Law and Personal Information Protection Law (PIPL) to enforce the penalty, China Daily reported.
The CAC said Didi illegally collected its users’ personal data, including 107 million passengers’ facial recognition data, as well as their photos and text messages.
Didi delisted from the New York Stock Exchange
In addition, the company’s CEO, Cheng Wei, and its chairman, Liu Qing, were fined 1 million yuan (148,070 euros) each.
Didi released a statement Thursday on Weibo acknowledging the government’s decision. She said she would comply with the fine. The Beijing-based company added that it would conduct an internal assessment and strengthen its cybersecurity, data security and personal data security measures.
Thursday’s announcement comes a year after the CAC’s investigation into Didi’s cybersecurity practices, which began just days after the company listed on the New York Stock Exchange. In July 2021, Didi was ordered to remove her app from local app stores, after the CAC said she breached regulations governing the collection and use of personal data.
The regulator had placed the company under cybersecurity surveillance to “prevent national data security risks”.
Didi was delisted from the New York Stock Exchange in June 2022.
Data security, a hot topic in China
Earlier this month, hackers claimed to have access to the personal data of one billion residents of China, after putting the information up for sale via an online forum. They reportedly retrieved this data from the Shanghai National Police, but the Chinese government has yet to publicly acknowledge the leak.
Last week, Alibaba was summoned by authorities in Shanghai over the leak. According to the Wall Street Journal, which cites unnamed sources, the data remained accessible online, without password protection, for more than a year. The data was hosted on Alibaba Cloud.
In January this year, the CAC published bills that, among other things, require publishers of mobile applications to obtain a license and undergo a security assessment. They must also adhere to cybersecurity guidelines. The proposed legislation would further regulate the services provided by mobile apps and ensure they operate alongside other laws in the country, including the PIPL and the Data Security Act, the CAC said.
Source: “ZDNet.com”