In just two days, Didi, China’s largest service platform for private car ride-hailing, has gone from investor darling to the first major case of a cybersecurity review by the Chinese government against a company after a stellar IPO on Wall Street.
One of the bases of this review is the Measures for Cybersecurity Review 2020, and according to this regulation, the main object of review is Critical Information Infrastructure Operators (CIIO). The official reasons for Didi’s review are not yet known, but according to informal information, the company has a lot of user data and street information that made it the object of the cybersecurity review.
The action against Didi is also a warning to other companies in the industry. With the rapid development of smart electric vehicles, many car service companies let their users download an APP that monitors the car’s operating status for 24 hours. By doing so, they collect a vast amount of information about the user. The question is what personal information of the user may be collected and what information may be processed.
Since China passed the Data Security Law (DSL) in June 2021, the government is authorized to implement data export controls within the framework of national security and interests. We expect that Didi will not be the last company to be audited for cybersecurity. For example, shortly after the Didi app was banned, China’s cybersecurity authority announced it would take action against logistics information platforms Yunmanman and Huochebang, as well as recruitment platform BOSS Zhipin.