The Washington Post
Ride-hailing giant fined in data-security probe
China’s cybersecurity regulator fined ride-hailing juggernaut Didi Global $1.2 billion after a yearlong probe, saying it had violated laws on data security and the protection of personal information.
The Cyberspace Administration of China said Thursday that Didi, a 10-year-old company based in Beijing, illegally collected 12 million pieces of “screenshot information” from users’ mobile photo albums and excessively accumulated
107 million pieces of passenger facial recognition information and 1.4 million pieces of family relationship data, among other violations.
The regulator also said there were “severe security risks” in Didi’s data-processing methods.
In addition to the fines on the company, Didi’s chairman and president were each fined $148,000. Didi said Thursday that it accepted the judgment and would strengthen its protection of personal information, while stopping short of apologizing to customers or sharing details on what changes it would make.
The crackdown on Didi reflects Beijing’s alarm at the vast troves of personal data that internet companies are gathering, and the risk that they could leak overseas and undermine national security.
— Eva Dou and Pei-lin Wu