What the Didi IPO Teaches Us about Data Privacy Compliance in China
China recently demonstrated just how seriously they take their data compliance laws when they shut down several companies that had gone public in the U.S., including the wildly successful ride-hailing company Didi.
Let’s take a closer look at what happened when Didi went public without getting formal approval for their digital health and compliance from Beijing.
China Data Privacy Case Study: Didi and Digital Compliance
Didi started listing shares publicly on the New York Stock Exchange on June 30, 2021. The initial public offering (IPO) valued the company at more than $70 billion. By the end of the day, 317 million American Depositary Shares were sold for $14 a share.
All in all, it was considered a huge win for the Chinese company. Didi had become the biggest company to go public in the U.S. since Alibaba in 2014.
It would only take two days for everything to fall apart for the massive ride-hailing company.
On July 2, 2021, the Chinese government asked Didi to stop selling shares while it underwent an investigation into the company’s security. This resulted in share prices plummeting. Additionally, the government has pulled the app off app stores and delivered a hefty fine for not providing advance notice for some of its earlier mergers.
All of this means that, in addition to not being able to sell shares, Didi is also unable to get new customers since they have no way to download the app. However, its current user base of 377 million can continue to use the service as the investigation continues.
What Went Wrong?
Formally, Didi was cited for failing to follow federal regulations to protect data security.
In 2020, the Cyberspace Administration of China, the country’s internet regulator, started to enact rules on security reviews. This move was part of its overall framework to safeguard digital infrastructure for the country as a whole.
At the time, these laws didn’t include a requirement for private companies, such as Didi, to go through a formal security check before filing for an IPO overseas. The agency has since revisited these regulations. It proposes adding a new change that would require private companies to go through a formal cybersecurity review process before going through the IPO process in another country.
It is not the only company to be flagged by the Chinese government for digital security concerns. Soon after Didi was suspended, the Chinese government suspended two other companies that had gone public in the U.S.—Full Truck Alliance, a digital freight platform, and Kanzhun, a job recruiting app.
Protect Yourself By Hiring a Data Compliance Expert
Didi likely has the best legal team money can buy. However, that doesn’t mean the company’s lawyers are well-versed in data compliance.
Companies in China need to protect themselves and ensure they meet all of China’s new and existing regulatory requirements, including the upcoming Personal Information Protection Law (PIPL), which will be in full effect in 2022.
Hiring a data compliance expert is the only way to make sure your company complies with China’s ever-changing digital requirements. Contact Asia Advisers to learn more.