Fines on Didi show China’s determination to protect data security

As one of China's biggest and most influential tech companies, Didi failed to fulfill its responsibility to protect users' information.


A Didi vehicle that provides ride-hailing service runs on a street in Huai'an, Jiangsu province. [Photo by ZHAO QIRUI/FOR CHINA DAILY]

July 22, 2022

BEIJING – Chinese authorities have been reiterating they are committed to protecting people’s privacy and personal information. And the heavy fines they imposed on China’s local ride-hailing giant and its top executives show they mean what they say.

China’s cybersecurity regulator said on Thursday that it has fined Didi Global Inc. more than 8 billion yuan ($1.18 billion) for abusing data security and personal information protection laws following a yearlong cybersecurity review.

The Cyberspace Administration of China (CAC) said its investigation found the ride-hailing giant had illegally collected millions of pieces of users’ information since June 2015, and carried out data processing that seriously affected national security.

Aside from the over 8 billion yuan fine on Didi on the penalty, the cybersecurity regulator also fined the company’s founder and chief executive Cheng Wei and president Liu Qing 1 million yuan each.

Shortly after the regulator’s announcement, Didi responded in a statement on its Weibo account that it accepted the CAC’s decision and will conduct an in-depth self-examination and rectify its actions.

The tech company’s penalty demonstrates Chinese authorities’ commitment to safeguard cybersecurity, so as to promote the healthy development of the digital economy, which is becoming a new driver of China’s high-quality development. But since data security has become an important part of national security, more efforts are needed to boost vigilance and bolster the fight against data piracy.

As one of China’s biggest and most influential tech companies, Didi, unfortunately, failed to fulfill its responsibility to protect users’ information and thus abused their trust.

In today’s digitalized era, a user’s information including facial recognition, age, photograph, occupation and short messages can be easy targets of cyber attacks. So, online platforms and high-tech companies should be banned from illegally collecting users’ information to reduce the chances of customers falling prey to data leakage.

China has made progress in strengthening the legal framework for cybersecurity in recent years by, among other things, improving regulations and mechanisms for collecting, processing, managing and making good use of data resources.

For example, the ministries including the CAC and the Ministry of Public Security jointly issued a document last year that listed clearly the necessary personal information that 39 categories of apps can collect. Among them, a ride-hailing app can only obtain a user’s name, telephone number and location, because such information is necessary. The user’s photograph and gender are unnecessary details and hence the app should not collect them.

By defining what constitutes “necessary personal information”, the document made it clear that apps should refrain from obtaining detailed personal information.

Didi has paid a heavy price for its illegal practices. Hopefully, the case will be a new beginning for the tech platform and its peers, and they will better respect and protect users’ information, especially personal information.

scroll to top