China: Cybersecurity authority fines Didi for data security and privacy violations
"China fines Didi Global US$1.2 billion, ends year-long probe", 21 July 2022
The Cyberspace Administration of China (CAC) has imposed a fine of 8.026 billion yuan (US$1.2 billion) against Didi Global... for data violations...
Senior executives Will Cheng Wei and Jean Liu Qing were each fined 1 million yuan...
Didi said on its Weibo account on Thursday that it fully accepted the regulator’s decision and would rectify its wrongdoings.
The CAC’s decision comes more than a year after authorities initiated an unprecedented cybersecurity probe into the company, days after it launched a US$4.4 billion initial public offering in New York on June 30, 2021.
Last month, Didi started trading on the over-the-counter market after shareholders voted to delist the company from the New York Stock Exchange.
The CAC said in its statement that Didi had committed 16 offences involving the illegal collection of data from drivers and passengers. They include the illegal processing of 64.7 billion personal information entries over the span of seven years since June 2015.
...the CAC said Didi was found to have illegally collected nearly 12 million pieces of photo information from users’ phones, 107 million entries of facial recognition data, 53.5 million entries of age data, 16.3 million entries of occupation data, and 1.4 million entries of data about family relations.
Didi was also accused of gathering 153 million entries of home and company address data and 167 million entries of location information. Didi analysed, without user consent, 54 billion entries regarding the travel purposes of passengers.