China’s Big Tech faces wake-up call as country’s web of data protection laws becomes more elaborate

A cybersecurity review into ride-hailing firm Didi kicked off a new era in China that prioritises data security over unfettered growth for tech companies

Regulators in Beijing are cracking down on overseas listings, fearful that US data disclosure rules could compromise national security

Reading Time:6 minutes

A cybersecurity review of Didi has signalled a new era in data governance in China, where regulators have become concerned about public listings overseas. Illustration: Lau Ka-kuen/SCMP

Published: 11:00am, 11 Jul 2021Updated: 6:30pm, 3 Aug 2021

Until recently, the Cyberspace Administration of China (CAC), which helps censor the country's internet behind the Great Firewall, had rarely been involved with companies’ plans to go public.

By the time the CAC was created in 2011, the path for Chinese firms to sell shares in places like Hong Kong and New York was already a well-trodden route for lawyers and investment bankers. Like other administrative bodies in China, the CAC can offer suggestions to businesses, but it is not a legally binding gatekeeper of initial public offerings (IPOs).

So when the CAC flagged security concerns to Didi Chuxing about its vast swathes of data, the ride-hailing giant went ahead with the IPO anyway, listing on the New York Stock Exchange on June 30.

The listing was a huge success for the company, which bested Uber Technologies in China to dominate the vast domestic ride-hailing market. Didi raised US$4.4 billion from what was the largest public listing for a Chinese company this year in the world’s premier capital market. But the euphoria was short-lived. Two days later, the CAC announced its cybersecurity review into the company, sending Didi’s stock price cratering. Class-action lawsuits are now being filed in the US, and company executives have become incommunicado.

07:30

Why China is tightening control over cybersecurity

In a further move, the cyberspace watchdog on Saturday announced a new draft proposal that would require Chinese tech firms with more than 1 million users to undergo a cybersecurity review before being allowed to list on foreign exchanges.

The web of cybersecurity regulations that ensnared Didi has been in the works for nearly two decades, according to Henry Gao, associate professor of law at Singapore Management University.

China’s Big Tech faces wake-up call as country’s web of data protection laws becomes more elaborate

A cybersecurity review into ride-hailing firm Didi kicked off a new era in China that prioritises data security over unfettered growth for tech companies Regulators in Beijing are cracking down on overseas listings, fearful that US data disclosure rules could compromise national security

A cybersecurity review into ride-hailing firm Didi kicked off a new era in China that prioritises data security over unfettered growth for tech companies

Regulators in Beijing are cracking down on overseas listings, fearful that US data disclosure rules could compromise national security