China Fines Ride-Hailing Giant Didi $1.2 Billion, Citing Cybersecurity Breaches

China’s internet regulator, the Cyberspace Administration of China, said in a statement Thursday that an investigation found Didi had flouted the country’s cybersecurity, data security and personal information protection laws. In addition to the penalty imposed on the company, Didi’s chief executive officer,

Cheng Wei,

and the company’s president, Liu Qing, were each slapped with fines of about $148,000.

Didi became a poster child of the Chinese government’s regulatory campaign in July last year, when officials announced a data-security investigation into the company. The probe, which came just days after Didi’s listing on the New York Stock Exchange, resulted in Chinese authorities ordering mobile app stores in the country to remove Didi’s services.

Didi’s stock price plunged by as much as 80% from its listing price at one point. In June this year, Didi delisted from the U.S. exchange after telling shareholders it was required to do so to resolve the Chinese government’s cybersecurity investigation.

China’s state-run Xinhua News Agency, citing an unnamed cybersecurity official, described Didi’s case as a serious one. “The nature of the issue was vile and it should be punished severely,” Xinhua quoted the official saying.

The Wall Street Journal reported Tuesday that Chinese authorities were preparing to impose a fine of more than $1 billion on Didi, citing people familiar with the matter. The penalty would pave the way for the company to pursue a share sale in Hong Kong, the people said.

Didi had collected excessive personal information on many of its users, including their ages, facial and job data and the home and office locations of users, according to a transcript of comments by the unnamed official that was published by Xinhua. The official said Didi’s practices were illegal and introduced serious risks to China’s information and data security, according to the transcript.

Didi said in a statement on its official social-media account that it “sincerely accepted and will resolutely comply” with the regulatory decision and other rules. The company said it would comprehensively re-examine its practices and work with regulators to make necessary changes.

Chinese e-commerce company

Alibaba Group Holding Ltd.

and food-delivery giant

Meituan

were also handed fines last year for antimonopolistic practices, though their fines were smaller than Didi’s when calculated as a percentage of annual revenue.

Alibaba was slapped with a $2.8 billion fine in April last year, representing about 4% of the company’s domestic revenue in 2019. In October, Meituan was fined more than $500 million, or about 3% of the firm’s domestic sales in the prior year.

The penalty against Didi comes amid signs of an easing of China’s regulatory crackdown against its internet giants. Beijing has been taking fewer regulatory actions this year as the country grapples with an economic slowdown.

Write to Keith Zhai at [email protected] and Liza Lin at [email protected]

China’s internet regulator, the Cyberspace Administration of China, said in a statement Thursday that an investigation found Didi had flouted the country’s cybersecurity, data security and personal information protection laws. In addition to the penalty imposed on the company, Didi’s chief executive officer,

Cheng Wei,

and the company’s president, Liu Qing, were each slapped with fines of about $148,000.

Didi became a poster child of the Chinese government’s regulatory campaign in July last year, when officials announced a data-security investigation into the company. The probe, which came just days after Didi’s listing on the New York Stock Exchange, resulted in Chinese authorities ordering mobile app stores in the country to remove Didi’s services.

Didi’s stock price plunged by as much as 80% from its listing price at one point. In June this year, Didi delisted from the U.S. exchange after telling shareholders it was required to do so to resolve the Chinese government’s cybersecurity investigation.

China’s state-run Xinhua News Agency, citing an unnamed cybersecurity official, described Didi’s case as a serious one. “The nature of the issue was vile and it should be punished severely,” Xinhua quoted the official saying.

The Wall Street Journal reported Tuesday that Chinese authorities were preparing to impose a fine of more than $1 billion on Didi, citing people familiar with the matter. The penalty would pave the way for the company to pursue a share sale in Hong Kong, the people said.

Didi had collected excessive personal information on many of its users, including their ages, facial and job data and the home and office locations of users, according to a transcript of comments by the unnamed official that was published by Xinhua. The official said Didi’s practices were illegal and introduced serious risks to China’s information and data security, according to the transcript.

Didi said in a statement on its official social-media account that it “sincerely accepted and will resolutely comply” with the regulatory decision and other rules. The company said it would comprehensively re-examine its practices and work with regulators to make necessary changes.

Chinese e-commerce company

Alibaba Group Holding Ltd.

and food-delivery giant

Meituan

were also handed fines last year for antimonopolistic practices, though their fines were smaller than Didi’s when calculated as a percentage of annual revenue.

Alibaba was slapped with a $2.8 billion fine in April last year, representing about 4% of the company’s domestic revenue in 2019. In October, Meituan was fined more than $500 million, or about 3% of the firm’s domestic sales in the prior year.

The penalty against Didi comes amid signs of an easing of China’s regulatory crackdown against its internet giants. Beijing has been taking fewer regulatory actions this year as the country grapples with an economic slowdown.

Write to Keith Zhai at [email protected] and Liza Lin at [email protected]