I was fined 8.026 billion yuan, Didi latest response

According to "China", the National Internet Information Office made a decision to review the relevant administrative penalties of Didi Global Co., Ltd. in accordance with the law.

According to the issues and clues discovered in the conclusions of network security review, the National Internet Information Office shall conduct investigations on suspected illegal acts of Didi Global Co., Ltd. in accordance with the law. After investigation, Didi Global Co., Ltd. violated the "Cyber ​​Security Law", "Data Security Law" and "Personal Information Protection Law".

On July 21, the National Internet Information Office was fined by the Global Co., Ltd. of the world in accordance with the "Cyber ​​Security Law", "Data Security Law", "Personal Information Protection Law" and "Administrative Penalty Law". Cheng Wei, chairman and CEO of Didi Global Co., Ltd., and Liu Qing, President Liu Qing, were fined RMB 1 million.

Didi Chuxing responded through the official Weibo:

Today, the National Internet Information Office made a decision to review the relevant administrative penalties for cyber security censorship in accordance with the law. We sincerely accept it, resolutely obey, strictly follow the punishment decisions and relevant laws and regulations, comprehensively conduct self -examination, actively cooperate with cooperation Supervisory and complete rectification carefully. We sincerely thank the competent authorities for their inspection and guidance, and for the criticism and supervision of the public. We will attract aspects, adhere to the equality of security and development, further strengthen the construction of network security and data security, strengthen personal information protection, and effectively fulfill social responsibility Serve every passenger, driver master and partner to achieve the safety, healthy and sustainable development of enterprises.

On July 21, the National Internet Information Office announced the decision to review the relevant administrative penalties of Didi Global Co., Ltd. (hereinafter referred to as "Didi Company") in accordance with the law. The relevant person in charge of the National Internet Information Office answered questions from reporters on the case -related questions.

1. Q: Please briefly introduce the background and investigation of the case?

Answer: In July 2021, in order to prevent national data security risks, safeguard national security, and protect public interests, in accordance with the National Security Law and Cyber ​​Security Law, the Cyber ​​Security Review Office shall be implemented in accordance with the "Cyber ​​Security Review Measures". Cyber ​​security review.

According to the issues and clues discovered in the conclusions of network security review, the National Internet Information Office shall conduct investigations on suspected illegal acts of Didi in accordance with the law. During the period, the National Internet Information Office conducted an investigation and inquiry and technical evidence collection, and ordered Didi Company to submit relevant evidence materials to conduct in -depth verification and analysis of the evidence materials in this case, and fully listen to Didi Company's opinions to protect the legitimate rights of Didi. After investigation, Didi Company's illegal and illegal acts of violations of the "Cyber ​​Security Law", "Data Security Law" and "Personal Information Protection Law" is clear, the evidence is conclusive, the circumstances are serious, and the nature of it should be strictly punished.

Question: What are the illegal and illegal acts in Didi?

Answer: It is found that there are 16 illegal facts in Didi, and it is summarized mainly 8 aspects.

First, the screenshot information in the user's mobile phone album illegally collects 11.963 million pieces;

The second is to over -collect the user's shear board information and the list information of 8.323 billion;

The third is to over -collect 107 million pieces of face recognition information, 53.592 million pieces of age information, 16.356 million professional information, 1.3829 million family relationship information, "home" and "company" taxi address information;

Fourth, when the passenger evaluation service is overly collected, the accurate location (latitude and longitude) information of the accurate location (latitude) information when the APP is running in the background of the APP, and the mobile phone connecting the oranges.

Fifth, over -collecting 142,900 driver's academic information, 57.8026 million pieces of information on the driver's identity card number in the form of explicit text;

Sixth, the passengers have not explicitly informed passengers to analyze passengers' opinion information information information 53.976 billion, resident city information of 1.538 billion, and 304 million pieces of travel information in different places;

Seventh, frequent "phone permissions" when passengers use ride -winding services;

Eighth is that 19 personal information processing purposes such as unreasonable and clearly indicate user equipment information.

Earlier, network security review also found that Didi has serious data processing activities that seriously affect national security, and the clear requirements of refusing to perform the regulatory authorities, and other illegal issues such as Yang Fengyin and malicious evasion of supervision. The illegal operation of Didi Corporation has brought serious security risks to the security of national key information infrastructure security and data security. Because of national security, it is not disclosed according to law.

Question: How did the illegal subject of this case determine?

Answer: Didi was established in January 2013. The related domestic business lines mainly include online car rental, ride, two -wheeled vehicles, cars, etc. The related products include Didi Chuxing APP, Didi car owner APP, Didi Shunfeng car 41 APPs such as APP and Didi Enterprise APP.

Didi has the highest decision -making power on major issues in various business lines in the country. The internal system specifications formulated by the formulation of the enterprise internal systems are applied to all domestic business lines, and the responsibility for supervision and management of the implementation situation is responsible. The company participated in the decision -making guidance, supervision and management of the personal information protection committee and the personal information protection committee and the data security committee under it, and participated in the business lines such as online car rental and ride. The company's unified decision -making and deployment implementation. Based on this, the subject of the illegal act in this case was identified as Didi. The chairman and CEO of Didi and Liu Qing, CEO, and president, are responsible for illegal acts.

Fourth, Q: What is the main basis for the decision to make network security review related administrative penalties?

Answer: The relevant administrative penalties for the cyber security review of Didi Company are different from ordinary administrative penalties and are special. The plot of Didi illegal behaviors is serious, and combined with network security review, it should be punished strictly.

First, from the nature of illegal acts, Didi has not fulfilled network security, data security, and personal information protection obligations in accordance with relevant laws and regulations and regulatory departments. Data security brings serious hidden risks, and under the situation of regulatory departments, it has not carried out comprehensive and in -depth rectification, and its nature is extremely harsh.

Second, from the perspective of the duration of illegal acts, related illegal acts of Didi started in June 2015. It has continued to this day and has been 7 years long. The "Data Security Law" implemented in the month and the "Personal Information Protection Law" implemented in November 2021.

Third, from the perspective of illegal acts, Didi Company collects personal information such as user cutting information, screenshot information in the album, and family relationship information through illegal means, seriously infringe on user privacy and seriously infringe on user personal information rights.

Fourth, from the perspective of the number of personal information illegal processing, Didi Company's illegal processing personal information reached 64.709 billion, which was huge, including many types of sensitive personal information such as face recognition information, accurate location information, and ID number.

Fifth, from the perspective of illegal processing of personal information, Didi illegal acts involved multiple APPs, covering excessive collection of personal information, mandatory collection of sensitive personal information, frequent claims of apps, notification obligations of personal information processing, unsatisfactory network security Data security protection obligations and other situations.

Considering the nature, duration, harm and situation of Didi Company's illegal behavior, the main basis for making the decision to make cyber security review related administrative penalties for Didi is the "Cyber ​​Security Law", "Data Security Law" and "Personal Information Protection Law". The relevant provisions of the Administrative Penalty Law.

V. Q: What are the key directions and fields of online law enforcement?

Answer: In recent years, the state has continuously strengthened the protection of network security, data security, and personal information. Laws and regulations such as network security review "and" Evaluation Measures for Data Outbound ".网信部门将依法加大网络安全、数据安全、个人信息保护等领域执法力度，通过执法约谈、责令改正、警告、通报批评、罚款、责令暂停相关业务、停业整顿、关闭网站、下架、 The handling of punishment measures such as responsible persons will be dealt with, and illegal acts such as endangering national cybersecurity, data security, and infringement of personal information of citizens are combated in accordance with the law, effectively safeguarded national network security, data security and public interests, and effectively protect the legitimate rights and interests of the people. At the same time, increase the exposure of typical cases, form a strong momentum and strong deterrent, to investigate and deal with one case, warn, and promote Internet companies to operate compliantly in accordance with laws, and promote the healthy and orderly development of enterprises.

Source: Internet Information China

- END -