The authorities in China on Thursday fined the country’s ride-hailing giant, Didi, $1.2 billion for data security violations, the latest in a string of regulatory actions that have laid low China’s once-soaring internet sector.
The penalty, announced by China’s internet regulator, the Cyberspace Administration of China, ended a yearlong investigation into the data practices of the ride-sharing giant that spoiled a blockbuster listing in the United States and ultimately led to a decision to delist from the New York Stock Exchange. The regulator said it would also fine two top executives at the company.
The firm violated several Chinese data security laws, the regulator said, by collecting millions of addresses, phone numbers, images of faces, and other data.
The eye-watering fine most likely clears the way for the one-time Wall Street-darling to list its shares in Hong Kong. But the regulator’s announcement did not mention whether it would allow Didi to put its app back on Chinese app stores and to restore its ability to register new users. The government had imposed the restrictions on Didi’s operations last July as part of its investigation.
Some analysts have argued there are signs that a frenzied period of rule-making and harsh enforcement by China’s regulators may be on the wane. Even so, more government oversight and a willingness to punish China’s innovation leaders appears to have become the new normal. In this month alone, China’s antitrust regulator punished Didi and other internet firms for failing to report mergers for antimonopoly review, while the country’s central bank fined Didi for mishandling customer data.
In a long list of infractions that included excess collection of data, the Cyberspace Administration of China singled out Didi’s chief executive and founder, Cheng Wei, and its president, Jean Liu. Each was fined roughly $150,000.
“Didi’s illegal operations have brought serious security risks to the security of the country’s key information infrastructure and data security,” the regulator wrote.
In a statement, Didi said that it accepted the punishment and would take it as a warning to improve its data security. “We sincerely thank the relevant authorities for their inspection and guidance, and the public for their criticism and supervision,” the company said.
Tech firms like Didi face a long road to recovery. The regulatory pressures, and a longstanding spat between China and the United States over auditing and compliance, have suppressed Chinese tech firms’ share prices.
Even if Chinese authorities ease their crackdown on the tech sector, China’s economy has been hit by a broad economic slowdown and drags on activity resulting from China’s strict Covid controls that have prompted repeated, scattered lockdowns of Chinese cities around the country. Last week, China posted its lowest growth rate since the beginning of the pandemic as unemployment has neared historic highs. A slowdown in consumer spending has hurt Chinese businesses and led some multinationals to warn about flagging demand from the market, once a reliable source of growth.
Fast growing and loosely regulated, China’s tech sector has been plagued by excess data collection and leaks, which have led to widespread fraud online. To fix the issue, Chinese authorities have introduced a series of laws that force firms to better communicate with consumers and protect their data.
Yet even as the government has reined in the private sector, it has struggled to protect the masses of data it collects on its citizens through regular online and real-world surveillance. In recent weeks a hacker offered to sell a Shanghai police database with billions of records that included the personal information of Chinese citizens. The database had been left unsecured for months.
For Didi, once hailed as an innovator and disrupter in China’s staid transportation sector, it has been a fast fall from grace. The company was considered the pride of China’s spunky, and valuable, start-up scene in 2016 when it beat its American rival, Uber, and bought the firm’s Chinese operations.