Didi Global fined USD 1.2m for privacy abuse

Occurred: July 2022

Chinese ride-hailing company DiDi was fined 8 billion yuan (approximately USD 1.2 billion) for breaching the country’s cybersecurity law, data security law, and personal information protection law. 

The Cyberspace Administration of China (CAC) said in that DiDi had been found to have committed 16 law violations, including illegally obtaining 65 billion pieces of passenger information from their smartphones, including facial recognition, home address, phone information, age and employment details, and family relationships data.

In June 2021, the regulator had banned Didi from app stores in China and launched an investigation into its handling of customer data. The CAC's actions wiped tens of billions of dollars from DiDi's market capitalisation. The company later delisted from the New York Stock Exchange.

Didi relies on AI to match customers and drivers, calculate rates and optimise routes.

Operator: Didi Global
Developer: Didi Global
Country: China
Sector: Transport/logistics
Purpose: Verify identity; Calculate fares; Optimise routes
Technology: Facial recognition; Machine learning
Issue: Privacy
Transparency: Governance