China’s cyber security regulator has ordered that Didi be taken off domestic app stores just days after the ride-hailing giant raised $4.4bn in the biggest Chinese listing in the US since Alibaba in 2014.
The Cyberspace Administration of China said on Sunday evening that Didi’s app had “problems of seriously violating laws on collecting and using personal information”.
The decision came two days after the CAC announced a cyber security review into the tech company, sending its shares down 5.3 per cent on Friday to $15.52. Shares in the company began trading on the New York Stock Exchange on Wednesday at $14.
The move marks a fresh regulatory offensive on China’s tech groups, whose shares have suffered in recent months after Beijing’s market regulators intensified their antitrust campaign. In April, Chinese authorities handed a record fine to Alibaba and warned 34 other companies to rectify their behaviour.
It also deals another blow to foreign investors in Chinese tech companies after China’s financial regulators in November halted fintech platform Ant Group’s IPO in Hong Kong and Shanghai days before it was set to raise a record-breaking $37bn.
“This is another signal that, at the very least, Beijing will not let tech companies’ financing plans stand in the way of regulating them,” wrote Xiaomeng Lu, director of geotechnology at policy consultancy Eurasia Group, in a note.
She added: “These moves can also be seen as a sign of Beijing’s discomfort with overseas listings.”
Chinese companies have been rushing to list in New York this year, trying to get in before the US government implements new auditing requirements that may cause Chinese companies to be delisted. US-listed Chinese firms have three years to comply with the Holding Foreign Companies Accountable Act, passed last December.
Though Didi’s IPO marked a comedown from the expectations of some advisers, investors including Morgan Stanley and Singapore’s Temasek indicated strong demand for the offering at the company’s marketed price range, allowing it to sell extra shares.
The regulator’s decision to publicise its review on Didi, and the speed at which it announced a penalty over the weekend, are unprecedented in China’s year-old cyber security review system.
The CAC said it had acted “on the basis of complaints, and after verifying with inspections”, but did not specify what problems it had found with Didi’s data security measures nor how long these had existed.
Didi has more than 377m users and 13m drivers annually active in China. The company holds a vast trove of data, from the addresses that users frequent, to their phone contacts and audio recordings of car rides, which it started taking after passenger murders in 2018.
Didi said it would “resolutely implement” authorities’ demands, and would remove the app from stores “for rectification”.
“We sincerely thank the competent authorities for guiding Didi to investigate our risks, and we will earnestly rectify and reform,” Didi said.
The company added that users who had already downloaded the app could continue to use it.
Additional reporting by Nian Liu and Miles Kruppa