On 21 July 2022, the Cyberspace Administration of China (CAC) fined Didi Global (hereinafter “Didi”) CNY 8.026 billion and two Didi executives – CEO Cheng Wei and president Liu Qing – CNY 1 million apiece.
In July 2021, the CAC launched an investigation on Didi’s cybersecurity practices and then, based on the issues and clues found in the investigation, filed a case against Didi for the company’s alleged violations.
Didi was founded in January 2013 and listed on the New York Stock Exchange on 30 June 2021. Its principal businesses include online ride-hailing and ride-sharing services.
According to the CAC, Didi had committed a total of 16 violations.
For one thing, Didi had excessively collected personal information and compulsorily collected sensitive personal information. More precisely, it had illegally collected screenshots, copy-and-paste content, and lists of installed apps from users’ phones and excessively gathered passengers’ facial recognition data, ages, occupations, and interpersonal relationships, as well as drivers’ educational background and personal identity information, etc.
For another, Didi failed to fulfill its obligation to inform users about its processing of their personal information. It had analyzed passengers’ travel intentions without explicitly informing them and failed to clarify what it had done with users’ device data and other 18 items of personal information.
The above-mentioned actions violated China’s Cybersecurity Law, Data Security Law, and Personal Information Protection Law.
Cover Photo by Cheng Huang on Unsplash
Contributors: CJO Staff Contributors Team
