DiDi fantastic showcases the stringent implementation of cybersecurity regulation

A logo of Chinese experience-hailing huge DiDi at its headquarters in Beijing, July 2, 2021. /CFP

A brand of Chinese journey-hailing large DiDi at its headquarters in Beijing, July 2, 2021. /CFP

Editor’s observe: Kong Qingjiang is Dean of the University of Intercontinental Law at China College of Political Science and Regulation. The write-up demonstrates the author’s opinions and not necessarily the sights of CGTN.

The Cyberspace Administration of China (CAC), the country’s cybersecurity authority fined trip-hailing giant DiDi Global 8.026 billion yuan (about $1.2 billion) on July 21, 2022 for violation of China’s network protection law, data safety regulation and personalized info protection legislation. The great sets a file higher of the national safety-related fines imposed by the Chinese authorities. The fantastic is just subsequent to the one particular of 18.22 billion yuan that imposed on Alibaba by China’s Condition Administration of Market place Regulation (SAMR) 1 yr back for violation of the Anti-monopoly Regulation.

In latest many years, China has emerged as a region with a huge number of online apps. Quite a few on the web platforms like Alibaba and DiDi deal with practically all areas of every day daily life. These platforms possibly accumulate significant amounts of citizens’ particular details, or even have monopolistic access to person data in a single or one more location. After such info or details is leaked, the sanctity of individual info will be at a possibility and if this sort of knowledge or details is manipulated by foreign powers, nationwide safety will be endangered.

Although electronic financial state is getting to be a new driver of China’s high-high quality enhancement, countrywide safety has emerged as a central problem in the political and financial landscape of China. A remarkable reform is thus remaining carried out to have in position a program for cyberspace and data security. 

From the Cybersecurity Regulation of 2017, to the Details Security Regulation and the Personalized Data Safety Legislation of 2021, China has fashioned a authorized procedure that governs network protection, info security and private info protection. 

Though the Cybersecurity Legislation consists of the total governance of cyberspace security, focusing on units this sort of as important info infrastructure defense, cybersecurity evaluation, and cross-border data movement, the Details Stability Regulation regulates the knowledge protection, improvement and utilization, and the Individual Facts Security Regulation decides the primary concepts and institutional regulations for the protection of individual details.

The Cybersecurity Legislation, Data Stability Legislation and Own Information Defense Law, which constitute the a few pillars of info safety in the region, has formed the reform agenda in the subject of cyberspace, these types of as tightened curbing of cross-border movement of information, misuse and abuse of individual details by using the cyberspace, as perfectly as laws on on the internet platforms.

The colossal penalty showcases, once again, how really serious the authority is about cybersecurity and knowledge security. The DiDi situation was first announced last calendar year, just times soon after DiDi’s initial public giving (IPO) on the New York Inventory Exchange (NYSE). DiDi had come beneath hearth soon after it reportedly pushed forward with its first public presenting even with remarkable regulatory worries about the effect of cross-border info outflow on nationwide stability.

Alibaba Group was fined for the violation of the Anti-monopoly Legislation in 2021. /CFP

Alibaba Team was fined for the violation of the Anti-monopoly Law in 2021. /CFP

In an evident work to appease the regulatory anger, DiDi declared significantly less than six months later that it would delist from the NYSE and made strategies to list in Hong Kong Distinctive Administrative Location, which is subject to the Nationwide Safety Regulation.

The DiDi situation was not the solitary isolated occasion. One 12 months ago, Alibaba Cloud, the cloud computing subsidiary of Alibaba, was reportedly suspended for 6 months from a national network safety information-sharing platform by the Ministry of Business and Information Engineering (MIIT), China’s internet know-how regulator, for failing to report a software program security glitch.

Alibaba Cloud to start with detected and reported the severe Apache Log4j 2 security glitch to the U.S.-primarily based Apache Software program Foundation, but unsuccessful to report the safety chance to the Chinese regulator in just the two-working day reporting timespan as demanded, failing to efficiently guidance the MIIT to detect network stability threats and vulnerabilities.

The incident was a blow to the company’s trustworthiness and reputation, notably in conjunction with the unprecedented SAMR anti-monopoly fantastic.

In concluding, the DiDi scenario, as well as others, have constantly sent warnings to other domestic and international technological innovation companies in China: although they ought to put network protection to start with earlier mentioned organization, they should not undervalue the Chinese authorities’ motivation to safeguard cybersecurity. 

If they overlook their obligations of cyber safety, details safety, and particular details protection in accordance with pertinent legislation and restrictions and the prerequisites of regulatory authorities, the regulatory storm will occur in its possess way. For the objective of safeguarding countrywide protection and promoting the wholesome development of the electronic financial state, “much too significant to fall short” has no area in entrance of cyber security and details protection.

(If you want to lead and have precise experience, remember to get hold of us at [email protected]. Follow @thouse_opinions on Twitter to uncover the most recent commentaries on CGTN Belief Area.)