China’s cyber security regulator has ordered that Didi be taken off domestic app stores just days after the ride-hailing giant raised $4.4bn in the biggest public listing this year.
Didi’s app has “problems of seriously violating laws on collecting and using personal information”, the Cyberspace Administration of China said on Sunday evening, two days after announcing it had opened a cyber security investigation into Didi. On Friday, the CAC asked Didi to stop registering new users.
Last week, Didi’s IPO went ahead in New York — priced at $14-a-share — without a press conference, social media fanfare or bell-ringing ceremony, following a rushed roadshow.
Didi has more than 377m users and 13m drivers annually active in China. The company holds a vast trove of data, from the addresses that users frequent, to their phone contacts and audio recordings of car rides, which it started taking after passenger murders in 2018.
Didi said it would “resolutely implement” authorities’ demands, and would remove the app from stores “for rectification”.
“We sincerely thank the competent authorities for guiding Didi to investigate our risks, and we will earnestly rectify and reform,” Didi said.
The company added that users who had already downloaded the app would continue to use it, and that passenger travel and drivers’ orders would not be affected.
Didi’s shares opened 11 per cent lower in New York on Friday after the cyber security review was announced, before stabilising to end down 5.3 per cent on the session, at $15.52.
The regulators’ decision to publicise the review, and the speed at which it announced a penalty over the weekend, are unprecedented in China’s year-old cyber security review system.
The CAC’s announcement on Sunday said it had acted “on the basis of complaints, and after verifying with inspections”, but did not specify what problems it had found with Didi’s data security measures nor how long these had existed.
Additional reporting by Nian Liu