HONG KONG (Reuters) -Chinese ride-hailing firm Didi Global Inc is in talks with state-owned information security firm Westone to handle its data management and monitoring activities, sources said, as part of its efforts to placate domestic regulators.
The largest Chinese ride-hailing group became the target of an investigation by regulators in the country just days after it raised $4.4 billion in an initial public offering in the United States.
The powerful Cyberspace Administration of China (CAC) last month launched a data-related cybersecurity investigation into Didi, citing a need to protect national security and the public interest.
Didi is in discussions with Westone Information Industry Inc, which would be the main third-party company to manage its massive data stored domestically as per domestic regulators’ guidance, said two people with knowledge of the matter.
The sources declined to be named as they were not authorised to speak to the media.
In response to the Reuters report, Didi said in a statement: “Recent media reports concerning proposals for DiDi to hand over control of data, introduce new major shareholders, and delist, etc. are untrue.” It did not offer further detail.
Reuters had not on Friday reported the company planned to bring in new shareholders or delist its shares. Didi last week denied a Wall Street Journal report that it was considering going private.
Shenzhen-listed Westone, the CAC, and the State Council Information Office did not immediately respond to Reuters’ requests for comment after regular Asia business hours on Friday.
Westone, which provides information security services and products, counts state-owned China Electronics Technology Cyber Security Co. Ltd as parent and biggest shareholder – making it a preferred candidate for Beijing, said the people.
Didi has submitted proposals to Chinese regulators in recent weeks to allay their concerns, which included bringing in Westone for managing its data across various business lines, said one of the people.
Shares in Didi were up 4% in New York morning trade on Friday, but were still down about 30% from their IPO price.
Didi collects user location and trip route data, for safety and data analysis, and routinely publishes reports illustrating its “big data” analytics, showing, for example, what times people in certain cities finish work, or which employers have the longest work hours.
The company also equips cars with cameras monitoring road conditions, and what is happening in the car, collecting data on 100 billion kilometres of Chinese roads per year. It stores all this Chinese user and roads data on domestic servers.
SECURITY CONCERNS
The discussions with Westone come amid Beijing’s widening crackdown on private companies over antitrust and data security concerns, which has wiped off billions of dollars from the market value of some home-grown companies in recent sessions.
Didi, which has about 377 million annual active users and 13 million annual active drivers in China, provides 25 million rides a day in China to users who sign up through an app that uses a phone number and password.
Bloomberg earlier on Friday reported Didi was considering conceding management of its data to a private third party as part of its efforts to resolve the regulatory probe, without naming the company.
The Westone discussions indicate how Beijing is looking to rein in some major privately-owned companies after years of a more laissez-faire approach, and involve state-backed firms with a view to have firmer control over their operations.
Under the plan being discussed, Westone would be able to access Didi’s servers across the country to track the latter’s data collection, usage and transfers, said the people.
It would also use its advanced encryption algorithm to prevent potential data breaches at Didi, said the second person. Encryption is regularly used to protect and securely transfer information online.
The CAC, which started a review into Didi’s handling of customer data in the middle of its campaign to list in New York, last month called for Didi to stop accepting new user registrations.
The regulator also said Didi’s app “has serious violations of laws and regulations pertaining to the collection of personal information.”
Bringing in a third party to manage and monitor Didi’s data could effectively limit its usage and transfer of onshore data, said the people.
The CAC had also been looking into whether there was a possibility of some of the company’s data ending up in the hands of a foreign entity, given Beijing’s sensitivity about usage of onshore data, sources have told Reuters.
(Reporting by Julie Zhu in Hong KongEditing by Sumeet Chatterjee and David Holmes)