Last year, Didi Global, China’s ride-hailing giant that dominantly eclipsed Uber in the Southeast Asia markets, got into the wrong book of the Chinese authorities. The company had just listed in New York Stock Exchange before regulators opened investigation into its operation over alleged gross wrongdoings.
Chinese regulators had asked Didi to delist from the New York Stock Exchange after 26 of its apps were removed from domestic app stores mid last year.
For more than a year since the probe began, Didi has been under the weather, losing billions of dollars in investment funds. Didi’s ordeal, which was part of larger China’s regulatory crackdown on its tech industry, impacted investors’ confidence. Many now shy away from the Chinese market.
Tekedia Mini-MBA edition 16 (Feb 10 – May 3, 2025) opens registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
However, the embattled ride-hailing giant has got a reprieve though not without a heavy punch.
The SCMP reports below that the Cyberspace Administration of China (CAC) has imposed a fine of 8.026 billion yuan (US$1.2 billion) against Didi for data violations, putting an end to a year-long investigation into the Beijing-based company.
Senior executives Will Cheng Wei and Jean Liu Qing were each fined 1 million yuan, the regulator said in a statement on Thursday.
Authorities did not say whether Didi’s apps, 26 of which were removed from domestic app stores in July 2021, would be restored.
Didi said on its Weibo account on Thursday that it fully accepted the regulator’s decision and would rectify its wrongdoings.
The CAC’s decision comes more than a year after authorities initiated an unprecedented cybersecurity probe into the company, days after it launched a US$4.4 billion initial public offering in New York on June 30, 2021.
Ahead of the IPO, Didi granted its senior executives and directors US$3 billion in stock options.
However, the abrupt investigation shook investor confidence in Chinese technology stocks. Since then, few Chinese companies have chosen to list in the US.
Last month, Didi started trading on the over-the-counter market after shareholders voted to delist the company from the New York Stock Exchange.
The CAC said in its statement that Didi had committed 16 offences involving the illegal collection of data from drivers and passengers. They include the illegal processing of 64.7 billion personal information entries over the span of seven years since June 2015.
“Didi has failed to perform its duty to maintain cyberspace security, data security, and personal information protection … bringing serious risks to national cyberspace security and data security,” the regulator said.
“Moreover, even with clear orders from regulatory authorities to correct the issues, Didi failed to carry out comprehensive and in-depth rectifications. The nature of the offence was egregious.”
The CAC did not disclose what security threats Didi had caused to “the nation’s crucial information infrastructure and data security”, citing national security reasons.
“Today’s CAC announcement signifies that the probe has basically come to a close”, said Sun Pengcheng, a lawyer specialising in data law at Dentons law firm.
He said, however, that the results lack meaningful implications for other data-rich internet companies regarding their data compliance practices because it is difficult to tell where the red line is when it comes to data-related national security issues.
While the investigation has ended, China’s regulatory crackdown on Big Tech players may not be over, according to Alex Capri, lecturer at the National University Singapore Business School and Lee Kuan Yew School of Public Policy.
“Beijing’s fixation on data as a national security issue virtually guarantees that tech companies from China, as well as foreign companies in China, will have to deal with rigid rules regarding data sharing, data localisation and data sovereignty,” he said, noting that the scrutiny on Didi’s data practices also applies to other tech giants.
“Investors should remain sceptical when it comes to investing in China tech,” according to Capri, partly because geopolitical tensions remain between China and the West
On Thursday, the CAC said Didi was found to have illegally collected nearly 12 million pieces of photo information from users’ phones, 107 million entries of facial recognition data, 53.5 million entries of age data, 16.3 million entries of occupation data, and 1.4 million entries of data about family relations.
Didi was also accused of gathering 153 million entries of home and company address data and 167 million entries of location information. Didi analysed, without user consent, 54 billion entries regarding the travel purposes of passengers.
“The investigation also found that Didi had engaged in data processing activities that seriously affected national security, and refused to fulfil the requirements of regulatory authorities, among other illegal issues, such as false compliance and malicious evasion of supervision,” the statement said.