China fines Didi $1.2 billion for violating cybersecurity and data laws

The content originally appeared on: CNN
The Cyberspace Administration of China (CAC) said in a statement that the firm had breached the country’s cybersecurity law, data security law, and personal information protection law.
“The facts of violations of laws and regulations are clear, the evidence is conclusive, the circumstances are serious, and the nature is vile,” the statement added.
Aside from the $1.19 billion penalty, the regulator also imposed a personal fine of 1 million yuan ($147,000) on Didi’s chairman and CEO Cheng Wei and president Liu Qing, respectively. Liu Qing is also known as Jean Liu in English.
In a separate statement, the CAC said the investigators found Didi had committed 16 law violations, including illegally obtaining some information from users’ smartphones and collecting data on facial recognition, age, jobs, and family relationships.
It added that the company had “avoided fulfilling the explicit requirements from the regulatory authorities, and maliciously evaded supervision,” and the company’s “illegal operations” have brought “serious security risks to the security of China’s key information infrastructure and data security.”
Just days after Didi’s $4.4 billion IPO on Wall Street on June 30, 2021, the regulator banned Didi from app stores in the country and launched an investigation into its handling of customer data. Authorities accused Didi of breaking privacy laws and posing cybersecurity risks. Their actions were also widely seen as punishment for the company’s decision to go public overseas instead of in China.
The regulatory actions made the firm a poster child for Beijing’s crackdown on tech companies, and wiped tens of billions of dollars from its market capitalization.
It also hit Didi’s domestic business. The company reported a $4.7 billion loss for the third quarter of 2021. Its revenue dropped 1.7% from the same period a year earlier.
Under pressure from Chinese regulators, Didi announced in December that it would start the process of delisting from the NYSE and pivot to Hong Kong. In May, shareholders of Didi voted to authorize the company to be delisted from the NYSE.
Shortly after the regulator’s announcements, Didi Global responded in a statement on Thursday that it “sincerely” accepts the regulator’s imposition of administrative penalties.
“We sincerely accept this decision, and resolutely obey it. We will strictly follow the penalty decision and the requirements of relevant laws and regulations, conduct comprehensive and in-depth self-examination, and actively cooperate with supervision and complete rectification carefully,” it said.
“We will take this as a warning and further strengthen the construction of cyberspace security and data security, strengthen the protection of personal information, and earnestly fulfill our social responsibilities. We will serve every passenger, driver and partner well, and realize the safe, healthy and sustainable development of the enterprise,” it added.