Commentary: Didi’s troubles with China should be everyone’s business

SINGAPORE: It was a difficult-won victory when China's major ride-hailing platform Didi Chuxing raised U.s.$four.4 billion via the initial public offering (IPO) on the New York Stock Exchange in June.

The tech titan had spent close to a decade fending off Uber and merging with local competitor Kuaidi Dache to continue investors happy and the cash flowing into a billion-dollar losing business. Only in the first quarter of 2021, Didi'southward balance sheets turned greenish, the showtime time since 2018.

The iron was hot, it was time to strike. After all, the Chinese economic system was rebounding with COVID-19 receding, and US stock markets were hungry. Didi had already filed with the US Securities Exchange Commission last yr, waiting for the right moment to list.

Jun 30 was a day for the history books: Didi's listing was the largest United states IPO by a Chinese firm since Alibaba's 2022 debut. Information technology earned a valuation of US$68 billion.

But it all went to pieces from there. Ii days later, China's cybersecurity watchdog, the Net Administration of People's republic of china (CAC), launched a review involving Didi and ordered new user registrations to be suspended. On Jul four, CAC directed the removal of Didi'southward apps from app stores.

READ: Commentary: How Tencent became world'due south most valuable social media company – and and then everything changed

A week afterward, on Jul sixteen, seven Chinese regulatory agencies, including CAC, the Ministry of Public Security, the Ministry of State Security, the Ministry of Natural Resources, the Ministry of Transport, the Land Taxation Administration, and the State Administration for Market place Regulation dispatched officials to bear out an on-site cybersecurity sweep at Didi.

DIGITAL PLATFORMS AND PRIVACY CONCERNS: A DILEMMA FOR REGULATORS

Digital platforms like Didi pose an awkward conundrum for Chinese regulators. While consumers and businesses have fabricated the massive digital leap in a bridge of a few years, and China has played host to a broad array of leading digital platforms and unicorns, personal data protection rules are nevertheless in their infancy.

People wave Chinese flags during a anniversary to marking the 100th ceremony of the founding of the ruling Chinese Communist Party at Tiananmen Gate in Beijing Th (Jul i). (AP Photo/Ng Han Guan)

The law is playing grab-up to some extent. China'south latest effort to create an overarching digital economy framework codifying legal responsibilities took the class of Mainland china's first Civil Code, which came into force in January.

While framed as a legislative try towards protecting people's ceremonious rights, the Civil Code emphasises information security obligations.

An entire chapter on privacy and personal data protection outlines guiding principles for how government agencies, network operators, and enterprises should manage personal data, including personal emails, travel history, and biometric information, as well equally ceremonious liabilities for offences.

More than rules will come. In passing the law, the National People's Congress outlined plans to enact a Data Security Law and a Personal Information Protection Law (PIPL).

The start, delineating rules on consent for sharing of personal data, will come into effect in September, while the 2d will exist discussed by the Standing Commission of the National People's Congress in Oct.

A first local-level regulation on personal data protection, Shenzhen Special Economic Zone Data Regulation, which empowers individuals to opt out of data drove by digital platforms, will likewise be enacted from January 2022.

Equally Chinese authorities crystalise new curbs on personal data, was Didi's size its Achilles heel? Was it an example to be fabricated? After all, every bit the leading company in the ride-hailing concern, Didi served 377 meg annual active users, 13 1000000 drivers, with over 25 million daily transactions in China.

Nosotros won't know but the episode has forced others to sit up. ByteDance has since quietly shelved IPO aspirations.

READ: Commentary: Why the interest over TikTok CEO Chew Shou Zi'due south nationality and how Singaporean he is?

The worry Chinese regulators may accept is that digital platform companies like Didi collect an unprecedented corporeality of data – real names, detailed whereabouts, personal background, facial recognition, and travel patterns - generated by a large book of transactions.

While this treasure trove of information allows Didi to perform large-information analytics and enhance operational efficiency, reduce costs and manage risks, yet, it raises concerns of privacy.

READ: Commentary: Jack Ma brought the wrath of Chinese regulators down on Alibaba

Western nations sympathise this struggle and accept formulated their own models to bargain with this puzzler. The Eu rolled out the General Data Protection Regulation (GDPR) in 2018, requiring digital platforms to obtain active consent when using or sharing user data.

While the US doesn't take a single principal data protection constabulary, the best example is the California Consumer Privacy Deed, signed into constabulary in 2018, which allows consumers to ask firms to delete and refrain from selling their personal data.

However, because this tightened protection imposes sizeable compliance costs on firms and hurts modest and new businesses more than Big Tech giants, it has unintendedly bred an even more concentrated digital market.

Cantankerous-Border DATA FLOWS: CHINA'S MAIN Business concern

The crackdown on Didi also underscores China's growing sensitivities towards information security as a key surface area of national vulnerability.

Government released a draft amendment to new cybersecurity rules in early July requiring Chinese companies which handle personal data of more than 1 1000000 users to undergo a cybersecurity review before seeking IPO outside China.

Chinese Communist Party strange affairs chief Yang Jiechi and People's republic of china's State Councilor Wang Yi speak at the opening session of The states-China talks at the Helm Cook Hotel in Anchorage, Alaska on Th, Mar 18, 2021. (Photo: AP/Frederic J Brown)

The draft besides explicitly stated a risk associated with a foreign IPO for which "critical data infrastructure," "important data," or "a big amount of personal data" could exist "influenced, controlled, and driveling" by foreign governments.

The law also outlines a solution: Cross-border data transfer would be discipline to a cybersecurity review by regulators who can refuse requests with loftier risks.

Didi understands what the rules of the game are. Vice President Li Mi had posted on Weibo that Didi stored all Chinese user information in servers in China, in a veiled reference to the Cybersecurity Constabulary which mandates that "important data" exist stored within Prc. Merely information technology appears words didn't suffice.

READ: Commentary: SoftBank's Vision Fund goose faces challenges in always laying gilt eggs

There is lilliputian nefarious happening hither when cantankerous-border information flows are a key concern expanse for other jurisdictions, albeit with different approaches emerging.

The European union'southward GDPR allows the free flow of personal data only if a country has an "acceptable level of protection", with the European Committee recognising Israel, Japan, and Switzerland, among others, as qualifying countries. Personal data between the U.s.a. and the European union can exist transferred simply by certified organisations under the EU–United states of america Privacy Shield.

Listen to a communications researcher and a lawyer break downwards WhatsApp'due south new terms of service on CNA's Heart of the Matter podcast published in January this year:

IMPLICATIONS FOR Cross-Edge DATA REGULATIONS

Prc's data regulatory framework is withal in the making. But how Didi'south tussle with Chinse regulators unfolds is a useful instance that can demonstrate how regulations regarding cross-edge data flows are enforced.

No dubiousness that can have implications for foreign investors. Wall Street has chilled to the idea of investing in Chinese companies.

Just an even bigger question looms across that of brusque-term fiscal losses. Against this properties of massive digital transformation triggered past the COVID-xix pandemic, the emergence of dissimilar data regulatory regimes will shape the evolving structure of cantankerous-border data flows.

Countries might adopt different approaches depending on their strategic considerations.

Blocs with a unmarried information market allowing free cross-border data flows may emerge. This poses interesting policy questions for emerging digital hubs similar Singapore, which will have to manoeuvre through different regulatory regimes.

READ: Commentary: A compassion Prc can't seem to ditch its wolf warrior affairs

Moreover, with the ascent of digital merchandise, data regulation has become increasingly prominent in regional gratis trade agreements, as a feature in the United States-Mexico-Canada Agreement and the Comprehensive and Progressive Understanding for Trans-Pacific Partnership (CPTPP) which requires member states non to restrict cross-border information flows.

Others, like the Regional Comprehensive Economical Partnership (RCEP), permit member states to impose national regulations on cross-edge data flows.

An ideal solution is for countries to agree on global rules on cross-border transfer that support the growth of digital trade and minimise regulatory compliance costs for firms. Currently, a group of 86 countries are negotiating e-commerce rules on cross-border transfer and data localisation under the umbrella of the World Merchandise Organization.

But such an agreement remains elusive, given the policy variations across countries. Tech companies like Didi will take to expend resources riding the choppy regulatory waves and abide by the rules of different regimes.

READ: Commentary: How COVID-19 vaccines are being weaponised as countries jostle for influence

The Regional Comprehensive Economic Partnership (RCEP) coming together in Beijing on Aug 3, 2019.

As many Southeast Asian countries are members of both the CPTPP and RCEP, major tech companies in the region will accept to figure out how to respond to the requirements of different data regimes so that growth is not stifled.

The explosive technology-driven growth has been a life-saver for economies that would take collapsed otherwise in these pandemic times. Whether this current boom in the region can sustain its pathway in the long run will hinge on a good for you interaction betwixt the tech firms and policymakers.

At a time when people are talking optimistically almost a post-pandemic recovery fuelled by the digital economy, Didi'southward troubles with Communist china should be anybody's business organization.

Qian Jiwei is Senior Research Fellow at the East Asian Establish, National Academy of Singapore. Deng Liuchun is Assistant Professor of Social Sciences (Economics) at Yale-NUS Higher.

The views and opinions expressed herein are those of the authors and exercise not represent the views and opinions of their institutions or any of their subsidiaries or affiliates.

cunninghampoer1954.blogspot.com

Source: https://cnalifestyle.channelnewsasia.com/commentary/commentary-didis-troubles-china-should-be-everyones-business-275831

Share this post