The Cyberspace Administration of China (CAC) together with another six top ministries and departments entered Chinese ride-hailing giant Didi Chuxing on Friday to undergo a cybersecurity review, a tougher investigation following previous ones.
The other departments include public security, state security, natural resources, transport, tax and market regulation. Chinese experts said “such a scale is rare to see,” and it shows the review for Didi Chuxing is entering the substantive operation stage.
Such an investigation on a Chinese internet company involving a vast number of ministries and departments is rare, Lu Chuanying, a researcher and secretary general of the Research Center for International Cyberspace Governance under the Shanghai Institute for International Studies, told the Global Times on Friday, calling it the “strictest” review ever.
Lu said the focus of the investigation will center on data security at Didi. “Whether the documents submitted to the US for Didi’s IPO involved threat to our national security will be reviewed, and it will be checked whether Didi has submitted such type of documents.”
The move shows the departments now have a clear plan on how to make the review, and all the parts that involve national security risks are supposed to be reviewed by the officials, Zuo Xiaodong, vice-president of the China Information Security Research Institute, told the Global Times on Friday.
Didi Chuxing has been in the spotlight for weeks after its massive IPO in the US on June 30. All Chinese app stores now have stopped app downloads for the ride-hailing app Didi Chuxing, due to confirmed reports of “serious violations of law and regulation” in the collection and use of personal information.
Chinese officials have taken a series of measures to crack down on data leakage and abuse as part of a broader initiative to protect the digital economy from the uncontrolled expansion of capital.
China’s top cyberspace regulator on July 10 issued a sweeping set of draft rules for cybersecurity review over domestic internet companies that seek overseas listings. The new threshold dictates that businesses holding the information of more than a million users in China must undergo a regulatory review before applying for an overseas IPO.
According to the draft, the initial review will be finished within 30-45 working days and the relevant departments should provide written feedback within 15 working days.
The special investigation should be finished within three months. If the case is complicated, the investigation process will be extended, the draft said.
Zhao Zhiguo, spokesperson of China’s Ministry of Industry and Information Technology told a press conference on Friday that the ministry has noticed that Didi’s app was removed from app stores, saying the “department in charge and relevant ones are working together to strengthen the governance of apps according to their duties” following a special project governing apps this year. “The overall results are remarkable,” Zhao added.
The Cyberspace Administration of China also told Didi to rectify problems in strict accordance with the law and relevant national standards to ensure the security of users’ personal information, the CAC said in an announcement on July 4.
China’s cyberspace regulator on July 5 put three more internet platforms including online recruiter Zhipin.com, and truck-hailing apps Huochebang and Yunmanman under scrutiny, three days after it announced a cybersecurity review into Didi Chuxing.
However, dismissing the claim that Chinese regulators are trying to kill the ride-hailing giant, Lu said the investigation shows the country is strengthening its efforts to enhance data protection. “It’s also a reminder to other Chinese internet titans: if they want to get listed in the US, they must consider all risks of data security and think about the issue from a strategic perspective.”
Didi did not respond to requests for comment as of press time.
The headquarters of DiDi in Beijing Photo:VCG