Internet platforms targeted in data security reviews
Li Tianhang, senior partner at Hui Ye Law Firm in Shanghai, said that as a company mainly operating in China, all Didi's data are stored locally. However, overseas listings will inevitably involve the cross-border flow of data.
In March, the US securities regulator began introducing rules to exclude foreign companies from US stock exchanges if they did not comply with US auditing standards.
The move fueled concerns that US regulators would potentially gain increased access to the audit documents of US-listed Chinese companies.
Li said the regulatory requirements are bound to affect such companies and they also trigger concerns about whether data from these businesses' China operations can be "exported" to other nations.
To prevent increased security risks, the Cyberspace Security Review Office said that during investigation periods apps run by Didi, Full Truck Alliance and Kanzhun must halt the registration of new users. It also ordered app stores to remove Didi from their platforms for its illegal collection and use of users' personal information.
The companies said in separate statements that they would cooperate with the investigations and conduct comprehensive screening of security risks.
On Tuesday, the State Council, China's Cabinet, said in a statement that the nation would step up supervision of Chinese companies listed offshore, including improving the regulation of cross-border data flows and security.
Zuo Xiaodong, vice-president of the China Information Security Research Institute, who once helped draft cybersecurity regulations, said the moves show that the nation attaches great importance to such issues.
When security risks or potential problems are found, action will be taken promptly, as cybersecurity involves national security, Zuo added.
The actions already taken could mark the start of a new round of strengthened regulatory scrutiny of Chinese internet companies.
China's Data Security Law, which was passed last month, is due to take effect in September. Hefty penalties will be imposed for serious violations, including business suspension and revocation of business licenses.
In addition, a draft law on the protection of personal information is being deliberated.
