The Cyberspace Administration of China (CAC) on July 4 ordered to remove the mobile app of ride-hailing giant Didi [DIDI:US] from app stores in the country, as reported by Caixin later that day. The order came after the CAC received reports on the app’s cybersecurity concerns and initiated an investigation on July 2 that unearthed severe illegal collection and use of personal information. In response, Didi paused new user registration on July 3 and later issued an official promise to rectify the app in accordance with the CAC’s requirements. Meanwhile, the company would maintain normal use for its previously registered users who had downloaded its app before.
The CAC’s actions followed less than a week after Didi’s IPO on the New York Stock Exchange (NYSE) on June 30. Didi raised at least USD4bn in its listing, making it the biggest IPO this year and the biggest US listing by a Chinese company since Alibaba [BABA:US] in 2014. Expecting regulatory tensions, the company intentionally kept the IPO low-profile and detailed the potential legal and regulatory risks in its prospectus. The effort failed to spare investor concerns, however. After the CAC’s announcement of investigation on July 2, the company’s shares opened 11% lower and closed 5.3% down. Labaton Sucharow, a US shareholder rights law firm, also launched a review of Didi and announced that it would file a class-action lawsuit for compensation on behalf of shareholders against the ride-hailing company.
Regulators in China have tightened their grasp of internet companies on antitrust, information security, data protection, etc., including the release of the Measures for Cybersecurity Review in April 2020 and anti-monopoly guidance for platform economy this February. On one hand, Didi was one of the 34 internet giants ordered by the State Administration for Market Regulation (SAMR) plus two other administrative authorities to inspect and rectify their respective platforms in an anti-monopoly regulatory meeting this April. On the other hand, the ride-hailing company also faced stricter data security supervision as an operator and service provider of critical information infrastructure, such as transport. In addition to Didi, the CAC also started a cyberspace inspection this May, which discovered more than 100 cases of illegal collection of personal information across many notable apps, including those by Bytedance, Kuaishou [1024:HK], Baidu [BIDU:US], and iFlytek [002230:CH].