China just fined Didi Global a whopping $1.2 billion for violating its cybersecurity, data security and privacy laws!
China Fines Didi Global $1.2 Billion For Violating Laws!
On Thursday, 21 July 2022, the Cyberspace Administration of China (CAC) announced that Didi Global breached the country’s cybersecurity law, data security law, and personal information protection law.
The Chinese cyberspace regulator fined Didi Global 8 billion yuan ($1.2 billion), as well as a personal fine of 1 million yuan ($148,000) each on Chairman and CEO Cheng Wei, as well as President Liu Qing (also known as Jean Liu).
Didi Global responded to the regulator’s announcement with a contrite statement “sincerely” accepting the judgement and penalties :
What Did Didi Do To Incur China’s Wrath?
According to an FAQ by the CAC, its investigators started their investigation of Didi in July 2021.
After conducting an extensive investigation, they found that Didi conducted data processing activities that “seriously affected national security”, and refused to comply with “the explicit requirements of regulatory authorities” and conducted “malicious evasion” of regulatory supervision.
They also stated that Didi Global committed 16 violations of China’s laws, including :
- Didi illegally collected 11.9639 million screenshots from its users’ mobile phone photo albums.
- Didi excessively collected 8.323 billion pieces of its users’ clipboard information, and application list information.
- Didi excessively collected 107 million pieces of passenger face recognition information, and 53.5092 million pieces of age group information, 16.3556 million pieces of occupational information, 1.3829 million pieces of family relationship information, and 153 million pieces of taxi address information.
- Didi excessively collected passengers’ evaluation of the drivers, when the app is running in the background, and 167 million pieces of precise location (longitude and latitude).
- Didi excessively collected 142,900 pieces of driver education information, and 53.976 billion pieces of “intent information”, 1.538 billion pieces of resident city information, and 304 million pieces of non-local business/travel information.
- Its users are frequently asked to provide “telephone permissions” while using its services.
- Inaccurate and clear description of user personal information processing, including device information.
The CAC noted that Didi started its bad practices in June 2015, and continued even after the Cybersecurity Law was implemented in June 2017, the Data Security Law started in January 2022, and the Personal Information Protection Law was implemented in November 2021.
- Why Microsoft Teams Suffered Such A Massive Outage!
- Putin Signs Law Banning Crypto Payments In Russia!
- Chinese Netizens Explode Over WPS Office Censorship!
- ViewSonic Launches New Corporate + Education Solutions!
- Dell Introduces 14-inch Portable Monitor + S Series Displays!
Go Back To > Cybersecurity | Business | Tech ARP