Introduction
With the successive introduction of laws and regulations such as the “Cybersecurity Law,” “Data Security Law,” and “Personal Information Protection Law,” China has already taken the lead globally in legislation for data and personal privacy protection. This is not only because Chinese professionals have realized the value of data as a new strategic resource, but also because the importance of data has risen to the level of national security. With regard to the security review of Didi’s data from the perspective of national security, this global ride-hailing giant has become the focus of attention.
Security Review Will Have a Significant Impact on Didi’s Business
Didi, which just completed a quiet and successful IPO in the United States, is now facing an inspection by the Cybersecurity Review Office. The biggest impact is that Didi cannot open registration for new users during the inspection period. The entire review may last for 45 working days and may be extended for another 15 working days depending on the situation. Considering the complexity of the entire Didi system, it means that Didi may not be able to increase its new users for 12 weeks. Although this is not a disaster for an Internet company, it is enough to hurt its business. Even if Didi is ultimately proven to be compliant with personal privacy and national data security, this inspection is likely to affect Didi’s performance this year. As a result of the inspection, Didi’s stock price has fallen sharply. Whether the relevant inspections will have an impact on Didi’s future operations in China is still unknown.
Of particular concern is that Didi’s founders and main managers are Chinese, and Didi’s main business is also in China. However, Didi’s shareholders include foreign investors such as Softbank, Vision Fund, and Uber, whose internationalization degree far exceeds that of many domestic companies. Especially after Didi’s listing in the United States, it is more likely to be caught in a dilemma of judicial regulation between China and the United States. Therefore, it is very necessary for the relevant authorities in China to conduct supervision in the first time.
Lessons Learned from Tesla
Previously, Tesla was questioned by the whole society due to consumer privacy and national security issues. In terms of personal privacy, during the AutoPilot Beta version testing phase, Tesla installed a camera in the car, with the initial purpose of monitoring drivers to see if they were driving rationally, and to continuously monitor the dynamics of the vehicle during the trial period of the AutoPilot Beta, to avoid potential traffic accidents or to minimize the impact of any that did occur. However, this camera, not only can see the driver, but also the passengers in the back seat. Tesla’s justification for this is that they want to be able to monitor any unusual behavior of backseat passengers in the future when Tesla’s car models are used as self-driving taxis. Although it sounds reasonable, Tesla’s collection of personal information of both front and back seat passengers without customer authorization is unacceptable.
In addition, in order to support autonomous driving, Tesla installed many cameras around the car. These cameras not only perceive the surrounding situation for the autonomous driving system, providing sufficient input for the autonomous driving control system, but at the same time, these high-precision cameras also capture many political, economic, and military targets. Since Tesla did not have servers in China before, relevant road environment information would be directly transmitted to the United States, as a data source for autonomous driving algorithm training. Therefore, many sensitive facilities in China have already banned Tesla from entering. In order to dispel these concerns, Tesla has spent a huge amount of money, emulating Apple in constructing localized data centers in China.
Data security has risen to the level of national security
For companies like Didi with big data, they hold a large amount of personal data of Chinese consumers, especially travel data. To some extent, Didi’s information control is even more comprehensive than public security or national security agencies. Once this information is leaked overseas, it will inevitably have a fatal impact on national security. Therefore, it is very necessary for national network security departments to conduct relevant inspections of Didi. As competition between China and the United States becomes increasingly intense, the importance of data is becoming increasingly prominent. Setting a legal lock to keep data related to national security within the country and strictly supervising it during cross-border transmission is necessary.In addition, Didi is also conducting research on autonomous driving technology. This time, one of the important directions of the financing obtained by Didi’s listing in the United States is to invest in high-level autonomous driving technology, especially L4 level. To develop autonomous driving, especially high-level autonomous driving technology at L4 level, relevant geographic mapping is required. These mappings require special licenses in China and the mapping results directly affect national security, so their use has very strict requirements. Once related information is leaked, national security will inevitably be threatened.
In the past, Didi and Uber engaged in a subsidy war in China, and eventually ended with Uber’s exit from China and obtaining a portion of Didi’s equity. Uber’s withdrawal from the Chinese market was not only because it was at a disadvantage in the fight against Didi and had little chance of winning, but more importantly, because Uber faced the daunting obstacle of local data storage requirements which had already started. This obstacle proved insurmountable. In addition to establishing servers in China for local data storage, data analysis capabilities also need to be brought to China. This requires not only a huge investment in China, but also transferring related system capabilities to the domestic market, which is a big challenge for foreign companies.
Wearing Shackles to Dance
The results of the review of Didi by the government will undoubtedly have very obvious indications. After all, currently, not only Didi, but also other internet companies such as BAT, ByteDance, Meituan, and Xiaomi are all players in the big data era. Data is the fundamental basis of these enterprises. However, if data cannot be well protected, once a breach occurs, it is likely to cause public security or even national security incidents. Making these vested interest groups invest more resources in data protection and wear shackles to dance in related fields will become normal.
This article is a translation by ChatGPT of a Chinese report from 42HOW. If you have any questions about it, please email bd@42how.com.