Cyberspace Administration Of China Orders Chinese Transport Giant Didi To Remove Its App From Online Stores

The Chinese transport company, Didi's shares dropped 5.3 per cent on 2 July after China said its internet regulators had launched a cybersecurity audit against the company. Now, just two days after launching the probe, the authorities have ordered the ride-hailing service provider to take the app off the country's app stores until future approval.

As the Chinese Communist Party tightens control over their influential industries, dozens of social media and e-commerce companies have been told to handle customer information more carefully, and some of them have been advised to collect fewer data. According to the Cyberspace Administration of China (CAC), an investigation discovered "serious violations" in how Didi has collected and used private data, and this led to this latest decision by the authorities.

On 2 July, reports revealed that Didi's shares fell dramatically on the third morning of trading in the New York Stock Exchange (NYSE) after the announcement of the cybersecurity examination of the ride-hailing group. The CAC made the surprise announcement only two days after Didi raised at least $4 billion in the year's largest initial public offering (IPO).

After finishing over 16 per cent higher on 1 July, the stock appeared to be on track for another day of gains. Before China made its announcement, Didi's stock had surged about 5 per cent in premarket trade. However, as per China's internet regulators, during the country's cybersecurity examination, new users will not be allowed to register for Didi's ride-hailing service.

The South China Morning Post reported that without providing details, the Chinese cybersecurity review office said in its statement on 2 July: "In order to prevent risks regarding national data security, to maintain national security, and protect the public interest, Didi is now under a cybersecurity review based on the National Security Law, Cybersecurity Law and Measures for Cybersecurity Review".

In response, the company stated that it would "fully cooperate" with the respective government authority during the review. A spokesperson told CNBC that the company intended to perform a thorough analysis of cybersecurity threats and to improve its cybersecurity systems, as well as technology capabilities, on a continuing basis.

China's cybersecurity audits are new procedures introduced in 2020 to defend what it refers to as "critical information infrastructure," which includes transportation providers and large-scale database systems.

One of its goals is to safeguard crucial information from possible data leaks. As per the Chinese regulation, an ordinary investigation in the country can last up to 30 business days, with extensions of up to 15 business days in terms of complicated cases.

This move by China reflects a broader trend of the country's regulatory attack on previously unregulated tech giants. In June, an exclusive report by Reuters revealed that Chinese regulators are investigating Didi for antitrust crimes, and they are also looking into whether the company's main ride-hailing business' pricing method is transparent enough.

Earlier, Ant Group's initial IPO in Shanghai and Hong Kong was postponed after Chinese regulators interrogated the company's top executives, including the business mogul Jack Ma.

The world knows what happened next — Ma's company Alibaba was fined $2.8 billion by the regulators in April this year, claiming that the company had abused its market power.

Later, when China shifted its anti-monopoly crackdown from Alibaba Group Holding to more companies, it launched a probe into Meituan, the country's largest on-demand delivery service provider, due to its alleged monopolistic business practices.

In the case of China's latest target Didi, the company, along with several other Chinese internet firms, met with regulators earlier this year, according to its IPO prospectus.

The ride-hailing service warned that it could face penalties if regulatory authorities are not satisfied with the inspection results.

Didi said in the prospectus: "We cannot assure you that the regulatory authorities will be satisfied with our self-inspection results or that we will not be subject to any penalty with respect to any violations of anti-monopoly, anti-unfair competition, pricing, advertisement, privacy protection, food safety, product quality, tax and other related laws and regulations".

Additionally, it stated that the company anticipated that the regulators and the general public would pay more attention to and scrutinise these areas in the future.

According to Financial Times, the company has over 377 million users and 13 million drivers in China, which means that it maintains a lot of user data and might be designated a "crucial information infrastructure" by Chinese regulators. However, following a passenger safety controversy in 2018, the platform not only collects data on journeys and user locations but also records audio throughout each ride. As of now, there has not been a major public data breach at the company yet. Following the killings of passengers in 2018 by Didi drivers, police and traffic regulators reprimanded Didi for not releasing more data, an issue that highlights the contradictions within China's government departments between requests for increased data sharing and pleas for greater data protection.

However, as per the latest reports, CAC on 4 July said that it ordered Didi—the company which started expanding worldwide in 2018 and already has 14 locations outside of China—to remove its app from online stores due to violations of laws and regulations governing the collection, as well as the use of personal data. In a notice, the regulators urged the Beijing-based company to strictly adhere to legal requirements and to address existing issues in order to effectively protect users' information.