China roundup: What’s going on with China’s data security clampdown?
![](data:image/svg+xml;charset=utf-8,<svg height="545" width="1024" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Image Credits: Didi
Hello and welcome back to TechCrunch’s China Roundup, a digest of recent events shaping the Chinese tech landscape and what they mean to people in the rest of the world.
A tectonic shift is underway in how Beijing regulates and accesses the troves of citizen data collected by its tech giants. More details of China’s new cybersecurity rules have recently come to light as Didi, the SoftBank-backed ride-sharing dominator in China, became the target of the Chinese government’s latest effort to heighten data protection. This week, we look at what this changing landscape means to Chinese tech firms wooing investors in the United States.
Data sovereignty
The new wave of discussion around China’s cybersecurity rules started with the bombshell dropped on Didi. Just two days after its $4 billion IPO in New York, the ride-hailing giant was hit with a probe by China’s Cybersecurity Review Office on July 2. Two days later, the same government agency ordered the Didi app, which has amassed nearly 500 million annual users, to be yanked because it was “illegally collecting user data.”
The Cybersecurity Review Office is an agency within the Cyberspace Administration of China, the country’s top internet regulator. It has existed for a few years but its roles were only made clear in April 2020 when China put forward its rules on internet security reviews.
Didi appears to be the first target of the department’s enforcement actions. A memo of an “expert meeting” shared among Didi’s investors, which TechCrunch reviewed, said the ride-hailing firm had failed to assure Beijing its data practices were secure before going public in New York. A major concern was that Didi’s data, if unguarded by Chinese laws, could be subject to scrutiny by U.S. regulators. But a Didi executive claimed that the firm stored all its China data locally and it is “absolutely not possible” that it passed data to the U.S.
Before long, the Cybersecurity Review Office was onto other players that could similarly compromise the data security of Chinese users. On July 5, it put SoftBank-backed truck-sharing platform Full Truck Alliance and recruiting site Boss Zhipin — both of which recently IPO’ed in the U.S. — under the same review process as it did with Didi.
The probes were just the beginning. On July 10, the Cybersecurity Review Office unveiled the draft of a revised version of the data security review rules passed last year. One of the major changes is that any business commanding over one million users is subject to security checks if it is seeking an overseas IPO.
Just as the U.S. government frets over Chinese companies commanding Americans’ data, as in the case of TikTok, China is now making sure that its citizen data stays onshore and protected from U.S. authorities. Foreign players operating in China have to comply, too. Giants like Apple and Tesla have pledged and moved to store their Chinese user data within the country.
The new data rule is no doubt a stumbling block for Chinese companies that want to list abroad. TikTok owner ByteDance indefinitely put on hold its plans of a U.S. listing after Chinese officials told it to address data security risks, according to a report by The Wall Street Journal. But how about incumbents like Alibaba that have traded their stocks on Wall Street for years? And do the revised rules apply to companies listing in Hong Kong, which is being increasingly integrated with mainland China?
![](data:image/svg+xml;charset=utf-8,<svg height="450" width="800" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Also in the news
- Tencent and Alibaba may tear down their “walled gardens.” According to The Wall Street Journal, the archrivals are considering opening their services to each other. This means users may be able to pay via Alipay on the WeChat app, which currently excludes Alibaba-affiliated Alipay. China has recently been working to rein in its tech darlings and already slapped anticompetition penalties on a cohort of tech firms. Jack Ma’s fintech behemoth Ant Group has been put on the spot and forced to restructure into a financial holding company that would potentially curb its profitability and subject it to more regulatory oversight.
- TikTok tops 3 billion downloads from the App Store and Google Play, according to Sensor Tower. This makes the hit video platform the only app not owned by Facebook to cross the milestone across the two app stores, said the research firm, and it’s only the fifth one after WhatsApp, Messenger, Facebook and Instagram to achieve that. TikTok is also generating big bucks for ByteDance. Globally, it has made more than $2.5 billion in consumer spending since its launch.
- Tencent ups its stake in food delivery giant Meituan to 17.2%. The deal cost Tencent, a longtime patron of Meituan, $400 million. The proceeds will allow Meituan to invest further in “cutting edge tech” such as unmanned delivery cars and drones, an area where other tech firms have also made similar promises to automate parcel and food deliveries.
- The smart vehicle craze continues. These days, hardly a week goes by without a major announcement by an autonomous driving or smart car company in China. The news last week came from Banma, which was set up by Alibaba and state-owned carmaker SAIC Motor to make internet-connected cars. It just raised $460 million from Alibaba and SAIC Motor, among others and claimed its technology now serves three million users. It raised its first round in 2018 with 1.6 billion yuan (around $250 million) and was already valued at over $1 billion at the time.
![](data:image/svg+xml;charset=utf-8,<svg height="93" width="187" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
![](data:image/svg+xml;charset=utf-8,<svg height="125" width="187" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
![](data:image/svg+xml;charset=utf-8,<svg height="120" width="187" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
![](data:image/svg+xml;charset=utf-8,<svg height="105" width="187" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
