China’s Cyberspace Administration says the Beijing-based startup has been illegally collecting user data since 2015.
China has fined ride-hailing giant Didi nearly $1.2 billion for ‘gross’ breaches of data security rules, ending a year-long investigation that torpedoed its share price. the startup and forced its delisting from the US stock market.
The Cyberspace Administration of China (CAC) announced on Thursday that it had fined the startup 8.026 billion yuan after it discovered that it had illegally collected customer information since 2015 and processed data in a way that endangered national security.
The alleged breaches included unlawfully storing the personal information of more than 57 million drivers in an insecure format and analyzing passenger details such as cellphone photos and facial recognition data without their knowledge or consent. .
“Didi’s illegal operations have resulted in serious security risks to the country’s key information infrastructure and data security,” the ACC said in a statement.
The penalty amounts to more than 4% of Didi’s annual revenue, which amounted to $27.3 billion in 2021.
The CAC said it also fined Didi founder and chief executive Cheng Wei and chairman Jean Liu 1 million yuan ($148,000) each.
The Beijing-based startup said in a statement on its Weibo account that it accepts the regulator’s sanction and will reflect on its actions and how to improve its practices.
“Although it seems counterintuitive, Didi will probably feel quite relieved,” Kendra Schaefer, a China technology analyst with Beijing-based policy research group Trivium, told Al Jazeera.
“This investigation has held the company back in almost every other way, and at this point the company is likely to be willing to pay anything to get rid of this albatross.”
Schaefer said the fine against Didi is consistent with past regulatory actions against Alibaba and Meituan, which were fined approximately four percent and three percent of their annual revenue, respectively, for alleged unrelated violations. .
China’s regulator began its investigation into Didi after it debuted on the New York Stock Exchange in June 2021, although it was asked to delay the listing due to concerns over the release of sensitive data.
Didi lost 80% of his market capitalization, or more than $60 billion in value, after facing regulatory scrutiny, becoming one of the most high-profile victims of Beijing’s sweeping crackdown on Israel. private industry, which has targeted sectors ranging from technology to real estate and education.
Schaefer said the settlement’s decision and stated justification leave unanswered questions about the nature of Didi’s alleged wrongdoing.
“What’s a little weird here is that the CAC found that Didi violated the Personal Information Protection Act, which didn’t come into effect until November 2021, months after the launch of the Didi investigation,” she said.
“There are further discrepancies in the ACC announcements – ultimately the original reason why Didi was investigated, the alleged national security violations, was never clarified. Sad trombone.