The Cyberspace Administration of China (CAC) said in a statement that the firm had breached three major laws concerning cybersecurity, data security, and personal information protection that together formed a regime that the government recently expanded to regulate its cyberspace and require companies to improve their handling of data.
Two of these laws—the Personal Information Protection Law and the Data Security Law—were not applied to the company’s practices until after CAC’s investigation into Didi began.
In a separate statement, the CAC said investigators found that Didi had illegally obtained “screenshot information” from users’ smartphone photo albums and collected data on facial recognition and family relationships.
Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.