Who owns Didi?
CHENG WEI, the billionaire founder and chief executive of Didi Global, had scarcely a moment to revel in his firm's $4.4bn New York listing. Within 48 hours of the initial public offering (IPO), which valued the Chinese ride-hailing giant at around $70bn, cyber-regulators in Beijing spoiled the party. The EconomistDidi's removal from China's app stores marks a growing crackdown
07 July, 2021 - 05:00pm
07 July, 2021 - 05:00pm
Editorials represent the views of the South China Morning Post on the issues of the day.
07 July, 2021 - 07:10am
The Cyberspace Administration of China (CAC) on July 2 called for Didi to stop accepting new user registrations, citing China’s Cybersecurity Law, a sweeping piece of legislation implemented in 2017.
Two days later, the CAC said Didi’s app “has serious violations of laws and regulations pertaining to the collection of personal information.”
The CAC has not publicly specified the violations.
Didi, China’s biggest ride-hailing company, provides 20 million rides a day in China to users who sign up through an app that uses a phone number and password.
Didi collects user location and trip route data, for safety and data analysis. It routinely publishes reports illustrating its big data analytics, showing, for example, what times people in certain cities finish work, or which employers have the longest work hours.
Didi also equips cars with cameras monitoring road conditions, and what is happening in the car, collecting data on 100 billion kilometres of Chinese roads per year.
Didi stores all Chinese user and roads data on domestic servers. A Didi executive said on Saturday it was impossible that it passed data to the United States.
China is in the process of revamping its policy towards privacy and data security.
In late April, China issued a second version of a draft Personal Information Protection Law, which calls for tech platforms to impose stricter measures to ensure secure storage of user data.
In September, China is set to implement its Data Security Law, which requires companies that process “critical data” to conduct risk assessments and submit reports to authorities. It also calls on organizations that process data affecting China’s national security to submit to annual reviews.
Michael Tan, who heads the China TMC practice of international law firm Taylor Wessing, says these laws build on the Cybersecurity Law, and the actions against Didi and other companies publicly demonstrate how seriously the government will enforce the new legislation.
In May, the CAC accused 105 apps, including Bytedance’s Douyin and Microsoft’s Bing, of collecting excessive amounts of users’ personal information and illegally accessing it.
The move has drawn comparisons to late last year when Ant Group, the fintech affiliate of Alibaba, saw its massive planned Shanghai and Hong Kong IPO thwarted when regulators announced an investigation days before it was due to list.
Some investors and experts suspect that by targeting a high-profile tech company that listed in the United States, Beijing is signaling it wants its data-rich tech firms to list domestically, not overseas, for security reasons.
Late on Tuesday, China’s cabinet said Beijing will step up supervision of Chinese firms listed offshore and bolster regulation of cross-border data flows and security.
“When companies go public they need to disclose a lot of detail about how their supply chain actually operates,” said Nico Bahmanyar, who tracks Chinese data policy at Beijing-based law firm Leaf.
“So if China sees a risk there, it will be easier to control on the Hong Kong stock exchange than the U.S. stock exchange.”
Reporting by Josh Horwitz and Yilei Sun; Editing by Mark Potter
Our Standards: The Thomson Reuters Trust Principles.