Didi sets up data manager, yielding to China’s order for rectification
Didi Chuxing has set up a committee headed by its founder to oversee the overhaul of its data management, as the ride-hailing giant accedes to regulators’ demands in a move described internally as “a matter of survival”.
Didi’s founder and chief executive Cheng Wei will head the Information and Data Security (IDS) committee established in July, according to an internal memo seen by South China Morning Post. Chief technology officer Zhang Bo will be the executive deputy director, marking a significant departure from the previous practice that had the committee as a supporting unit established in 2016.
The committee will comprise a number of units that oversee data security, cyberspace and information security, personal information protection, algorithm security, content security and overseas business privacy. A special secretariat was also created to handle emergency matters relating to data security, according to the memo.
Every business division at Didi had to “fully cooperate with the state investigation”, Cheng said during an August 13 meeting because the “survival” of the company was at stake, according to an attendee who declined to be named for discussing a confidential matter. The Beijing-based company must study and implement the government’s policies and regulations, cooperate with the investigation and conduct rectifications, the person said, citing Cheng. Every Didi division has signed “a letter of commitment” about data security, the source added.
Didi’s spokesperson declined to comment. The establishment of the special committee under Cheng marked one of Didi’s biggest moves to address the Chinese government’s data security concerns since the company came under a regulatory spotlight in July, hot on the heels of its US$4.4 billion initial public offering in New York.
Didi’s smartphone application was taken down from app stores in China on July 4 and banned from taking any new users, although it is still available to be used by existing drivers and passengers.
A government team led by the Cyberspace Administration of China (CAC), including delegates from China’s ministries of state security and public security, entered Didi’s premises in mid-July to investigate the company’s data security management.
The Post reported earlier that Didi has made changes to its apps and is pending approval from regulators to restore its app in app stores.
Didi and Chinese regulators have remained muted over the progress of the probe, which has been under way for 47 working days since July 2. Cheng and Didi’s co-founder Jean Liu Qing have stayed out of the public spotlight since the company’s IPO.
Didi has denied various media reports about what steps in may be taking to meet Beijing’s demands. In the latest case, it denied a weekend report by Bloomberg that the Beijing municipal government was leading a plan to buy out the company, effectively putting it under state control. Didi last month denied a report by the Post, which cited several sources, saying that a management reshuffle was looming.
It has also denied reports that its data might be handed to a third party for management, or that it might be delisted from the New York Stock Exchange.
Didi’s fate is widely seen as a yardstick for how far Beijing will go to discipline the country’s largest technology companies over data security concerns.
George Soros, one of the earliest American investors in China and one of the best known names on Wall Street, has written two opinion pieces since August 13, citing Didi as a case study, for why US investors should be wary of China.
In the United States, China’s sudden punishment of Didi has already led to preliminary preparations of class action lawsuits against the company by investors while the US Securities and Exchange Commission (SEC) is demanding Chinese companies disclose more information before their listings to protect US investors.
Didi’s new data security committee could also set a precedent for other Chinese tech companies to follow as it is a new requirement in the country for operators of “critical information infrastructure”, since a regulation came into effect on September 1.
China’s Personal Information Protection Law, which takes effect in November, and the Data Security Law, which came into effect this month, have tightened the legal requirements for data service providers in the country.
The probes into Didi have gummed up its business operations, with several units cutting their performance targets for 2021. Nevertheless, the company is still hiring engineers and developers for its own subsidiary to assemble electric cars, the Post reported earlier.