China issues tighter data security rules for ride-hailing firms amid Didi probe, but more clarity still needed
- New rules classify important data as geographical information, traffic data in important and sensitive areas including military regions
- Ride-hailing firms, including Didi, car makers, components and software suppliers, distributors and maintenance providers will be subject to new rules
China has issued a new set of data security rules for cars that also cover ride-hailing platforms, adding clarity on what constitutes “important data” and how it should be handled by companies before being transferred overseas.
The new rules, released on Friday by the Cyberspace Administration of China (CAC), come as Didi Chuxing is still waiting the outcome of a cybersecurity investigation initiated after China’s biggest ride-hailing firm ignored suggestions by the CAC to conduct a data security assessment and “forced its way” to a US initial public offering.
What constitutes “important data”, how much is held by Didi and whether the company’s US listing has the potential to expose or leak data that could harm China’s national security, are the key issues at play.
The previous lack of clear rules on security reviews of important data was one of the reasons why Didi was able to push ahead with its IPO. The new rules, which come into force on October 1, now define this as geographical information, traffic data in important and sensitive areas including military regions, state-owned defence and technology companies and government offices.
Ride-hailing platforms, including Didi, along with car manufacturers, components and software suppliers, distributors and maintenance providers will be subject to the new rules.