Didi fined $1.2 billion for breaking China Data Security Laws

Jul 21, 2022

On July 21, 2022, China’s cybersecurity authority fined ride-hailing giant Didi Global $1.2 billion for breaking data security laws and protecting personal information. The closure of a yearlong probe has prevented the company from adding new users.

The Cyberspace Administration of China made it very clear in the notification: After verification, Didi’s violations of the Network Security Law, Data Security Law, and Personal Information Protection Law are clear facts, with conclusive evidence, severe circumstances, and should be severely punished.


Didi has a total of 16 illegal points, which can sum up in 8 aspects:


1. Illegally collected 11.9639 million screenshot information from the user’s mobile phone album;


2. 8.323 billion pieces of user clipboard information and application list information were excessively collected;


3. Excessively collected 107 million passenger facial recognition information, 53.5092 million age group information, 16.3356 million occupational information, 1.3829 million family relationship information, and 153 million “home” and “company” taxi address information;


4. 167 million pieces of precise location (longitude and latitude) information were collected when passengers evaluated the chauffeur service, when the app was running in the background, and when the mobile phone was connected to the orange video recorder device;


5. Excessively collected 142,900 pieces of driver education information and stored 57,802,600 pieces of driver ID number information in plain text;


6. Analyze 53.976 billion pieces of passenger travel intention information, 1.538 billion pieces of resident city information, and 304 million pieces of non-local business/travel information without clearly telling passengers;


7. When passengers use the ride-hailing service, they frequently ask for irrelevant “telephone permissions”;


8. Nineteen personal information processing purposes, including user equipment information, were not accurately explained.


Didi also has data processing activities that seriously affect national security, as well as other violations of laws and regulations, such as refusal to fulfill the precise requirements of the regulatory authorities, violation of laws and regulations, and malicious evasion of supervision. Didi’s illegal operations have brought severe security risks to the security of the country’s critical information infrastructure and data security, which would not be detailed because they are related to national security.

This hefty penalty reflects China’s alarm at the vast troves of personal data that internet companies are gathering and the risk that they could leak overseas and undermine national security.

Over the past few years, China has issued a series of regulations requiring storing data generated by apps operating in China. In September 2000, the Chinese government released China Measures for the Administration of Internet Information Services in China, effective September 25, 2000. In 2021, the Chinese government released China DSL (Data Security Law) in China, effective on September 1, 2021. You can read the English-translated version of the China Measures for the Administration of Internet Information Services, and the China Data Security Law.

In the Personal Information Protection Law (PIPL), there are several essential points. For example, to safely stay within the law, website operators who collect PII in China must store that information on servers within mainland China. Websites should ask for user content before they can legally collect any user data. If the user wants to delete their data at any time, the websites are not allowed to keep it.

These provide the added benefit of increased speed for local users and are a significant reason why 21YunBox offers a hosting solution for our overseas clients. 21YunBox has an international team headquartered in Shanghai to provide overseas companies with a simple and easy way to make your website work in China and ensure compliance with Chinese laws. Once your website is live in China, we will continue to provide localization, monetization, hosting, and other services. Contact us now to see how we can help!


Ready to make your app work in China?

Get Started Questions? Talk to an expert.