Chinese regulator fines Didi $1.2B for data security violations

The penalties come a year after the CAC ordered app stores to remove 25 apps operated by Didi as its investigation got underway. Didi in May notified the New York Stock Exchange of its decision to delist its shares from the U.S. market, a move reportedly related to the probe.

The Chinese regulator accused Didi of violating network security laws, data security laws, and personal information protection laws in a translated statement, adding the probe uncovered “clear facts, conclusive evidence, serious circumstances, and bad nature.”

The CAC found Didi illegally collected 12 million screenshots from users’ mobile photo albums, 107 million pieces of passenger facial recognition information, and 1.4 million pieces of family relationship information, according to a report from The Washington Post.

In total, 64.7 billion pieces of personal information were collected since Didi’s first violation in 2015, according to the CAC, including users’ age group information, home addresses, locations, and driver education.

Cheng Wei, chairman and chief executive officer of Didi, and Liu Qing, the company’s president, were each also fined.

In a statement posted on Didi’s Weibo account, a Chinese social media network, the company accepted the penalties.

“We sincerely accept and resolutely obey the decision on administrative penalties related to network security review in accordance with the law,” the translated statement read. “We will take this as a warning, insist on paying equal attention to both security and development, further strengthen the construction of network security and data security, strengthen the protection of personal information, and earnestly fulfill our social responsibilities.”