After fining Didi, China tightens rules to control how ride-hailing firms handles data

• After the US$1.2 billion fine imposed on Didi Global Inc, China decided that data generated by ride-hailing platforms cannot be used for commercial purposes.
• Data is also required to be stored for at least two years in China, compared to six months previously.
• The regulator has yet to update if it would allow the apps to return to app stores or allow new user registration.

Last week, China’s leading ride-hailing company, Didi, was fined US$1.2 billion, signaling to other tech giants’ in the country of the consequences of mishandling data. The penalty imposed by the Cyberspace Administration of China (CAC) on Didi, one of the country’s most valuable tech companies, was the third in a series of major moves by the government to rein in the Chinese high-flying internet sector.

However, less than a day after slapping Didi with the billion-dollar fine, the country’s transport ministry announced its intentions of tightening the screws on existing rules governing how online ride-hailing firms should handle and share their data with regulators. The new measures are just basically an update of the rules announced in 2018, this time giving the government more control over data collected by these private companies.

Among the highlights of the renewed rulings, data generated by ride-hailing platforms cannot be used for commercial purposes and must be stored for at least two years in China, compared to six months previously. Without regulatory authorization, those data cannot be exported or shown to outside entities without regulatory authorization. The move by the transport ministry isn’t much of a surprise considering how China has been reigning its tech firms, especially when data comes into play.

With Didi in particular, CAC sought to make the company an example of the consequences of mishandling data, which China has deemed an issue of national security, and — perhaps just as important — the grave political error of ignoring the authorities. In fact, in recent months, regulators backed by the highest levels of the ruling Communist Party have gone after tech giants including online shopping and food-delivery behemoths for antitrust violations. 

The most recent ride-hailing measures published last week requires companies to “Periodically carry out security investigations, promptly rectify security risks and loopholes discovered, establish and complete a whole-process data security management system, and take necessary measures to prevent data from being tampered with, destroyed, leaked, or illegally acquired or illegally used,” according to Reuters.

Frankly, as Reuters put it, authorities in China have, in recent months, softened their tone on the crackdown as they seek to boost an economy hurt by Covid-19 containment measures. Yet, the probe into Didi, and the fine and the penalties leveled against its top two executives, was close to the maximum allowed under the country’s Personal Information Protection Law (PIPL). 

The law was passed only nine months ago, and the CAC still said Didi was found guilty of violations going back seven years. Worse yet, the regulator has yet to inform whether it will allow Didi’s apps to re-enter app stores, or resume new user registration. That said, the renewed guidelines may have muddied the waters further. There is almost certainly more to come.

---

---

---

---