Aljazeera reports that the Cyberspace Administration of China (CAC) has fined Didi with about USD 1.2bn for “egregious” violations of data security rules, since it found that it had illegally collected customer information since 2015 and handled data in a way that endangered national security. Among the breaches sanctioned by CAC are illegal storage of the personal identifiable information of 57m drivers, poor cybersecurity measures, analysis of the details of passengers including their mobile phones traffic and the use of facial recognition technology without individuals knowledge and therefore consent. CAC stated that such violations posed a risk to national information infrastructure security. In compliance with the Chinese privacy laws (PIPL), CAC fined also two top managers of Didi with about USD 150k each. Read more on Aljazeera here.
