“Didi Chuxing” and “BOSS Direct Employment” are subject to cybersecurity review. What is the reason?

Recently, the Cyberspace Administration of China has successively issued announcements on the implementation of cybersecurity reviews on “Didi Chuxing”, “Yunmanman”, “Truck Gang” and “BOSS Direct Employment”. During the review period, the above apps have stopped new user registration.

A number of Internet companies have undergone cybersecurity reviews, and for a while, data security has once again become the focus of attention.

  Why are cybersecurity reviews initiated against these companies?

On July 4, the Cyberspace Administration of China issued an announcement stating that, after testing and verification, the “Didi Chuxing” APP had serious violations of laws and regulations regarding the collection and use of personal information. At present, the “Didi Chuxing” APP has suspended the registration of new users and has been removed from the shelves for rectification.

“Didi Chuxing” and “BOSS Direct Employment” are subject to cybersecurity review. What is the reason?

A day later, the Cybersecurity Review Office issued an announcement on launching a cybersecurity review for “Yunman”, “Truck Gang” and “BOSS Zhipin”.

The official website of “Yunman” said, “Yunman has become the world’s outstanding vehicle capacity scheduling platform and intelligent logistics information platform”. According to the official website of “Truck Gang”, “Truck Gang” is China’s largest road logistics Internet information platform. It has established China’s first nationwide cargo source information network, and provides comprehensive services for platform trucks. It is committed to China’s road logistics. infrastructure. According to the official website of “BOSS Zhipin”, the platform applies cutting-edge technologies of artificial intelligence and big data to improve the matching accuracy between employers and talents, shorten the time for job search and recruitment, and thus improve the efficiency of job search and recruitment.

Taken together, these companies all hold a large amount of user privacy data, and their business is related to critical information infrastructure.

“The above-mentioned companies under review are the leading platforms in the fields of daily travel, online freight and public job hunting, and have at least 80% of the in-depth data in their respective industries. These data can directly or indirectly reflect the population of various regions in my country. Distribution, commercial heat, population flow, goods flow, business operation, etc.” said Li Keshun, deputy director of the Jiangsu Provincial Big Data Transaction and Circulation Engineering Laboratory.

It is worth noting that these companies under review have a common feature: they recently went public in the United States.

After reviewing the information, it was found that on June 11, 2021, “BOSS Zhipin” was listed in the United States; Didi, the largest mobile travel platform in China, is listed in the United States.

As a company mainly operating in China, all data is stored locally first. However, listing in the US will inevitably involve data export issues.

In June last year, the U.S. Senate introduced the Foreign Company Accountability Act, which would ban foreign companies from listing on any U.S. exchange if they fail an audit by the U.S. Public Company Accounting Oversight Board for three consecutive years. The disclosure of relevant information may lead to the disclosure of important data and personal information. In March, the SEC said it passed final amendments to the Foreign Company Accountability Act.

It is understood that the U.S. securities market has very high information disclosure requirements for listed companies, including the necessity to prepare their financial statements in accordance with U.S. generally accepted accounting principles, and to disclose material company information in a timely manner in accordance with U.S. securities laws. The question of whether the company’s business data in China can be exported.

  Data security is about national security

In recent years, technologies and applications such as big data, cloud computing, and the Internet of Things have developed rapidly. While Internet companies bring convenience to people’s lives, problems such as cross-border data flow and user data leakage have also received widespread attention.

Meng Xiaofeng, a professor at the School of Information, Renmin University of China, said in an article in the People’s Forum that with the accumulation of data, the differences in the reserves of data resources between different technology companies have become more and more obvious, and data monopoly has gradually formed, which has led to the emergence of “damage.” It is difficult to communicate data between enterprises, and due to the close relationship between the data itself and personal privacy, the problem of user privacy leakage has also become prominent.

Meng Xiaofeng pointed out that among all kinds of apps, tools, social media and games are the hardest hit areas for data monopoly. The top 0.1% of tool, social and game data collectors collect about 80% of permission data, the top 1% of data collectors collect about 95% of permission data, and the top 5% of data collectors about 99% of the permission data. Effective governance of data is imperative.

It is not difficult to see that a large amount of data is generated, aggregated and integrated by Internet companies, which not only releases data value but also brings huge data security risks.

Zhao Shuyu, a researcher at the Internet Law Research Center of the China Academy of Information and Communications Technology, pointed out, “On the one hand, there is a risk of infringing on users’ personal information. At present, the excessive collection and misuse of users’ personal information is still frequent; on the other hand, it will also have an impact on national security. With the rapid development of data analysis technology, the huge amount of data generated by Internet companies in the operation process can reflect my country’s overall economic operation and other information involving state secrets through big data analysis, posing a major security threat to the overall national security.”

Data security issues of Internet companies may also affect national security in different ways. Important data such as map data and location data also need to be protected.

  How to maintain data sovereignty and national security?

General Secretary Xi Jinping pointed out: “Without cybersecurity, there will be no national security, no stable economic and social operation, and it is difficult to guarantee the interests of the broad masses of the people.” The integrated development of network security education, technology, and industry, adhere to the unification of promotion of development and management according to law, insist on equal emphasis on security and controllability and open innovation, and effectively protect national network security and citizens’ personal information security.

First, strengthen the protection of critical information infrastructure. Critical information infrastructure is the nerve center of economic and social operation, involving national security, national economy and people’s livelihood and public interests, and is of great significance to national network security and informatization construction. It is necessary to strictly implement the “Cybersecurity Law of the People’s Republic of China” and the requirements of the cybersecurity work responsibility system, consolidate the responsibility for the protection of critical information infrastructure, and strengthen the sharing of threat information and coordinated responses between critical information infrastructures in different regions, industries, and fields. Establish and improve the critical information infrastructure security system. Strengthen network security inspections, clarify the scope and objects of protection, discover hidden dangers and repair loopholes in a timely manner, so as to move the threshold forward and prevent problems before they occur.

Second, strengthen data security management. While actively developing and utilizing data resources and fully releasing data efficiency, we will effectively ensure data security and strengthen the ability to protect key data resources. Improve the legal system and policy measures for the management and use of data resources, and protect data resources in accordance with the law. Strengthen the protection of personal information, standardize the collection, processing, and utilization of personal information, improve the protection mechanism, and resolutely crack down on various forms of online fraud, infringement of intellectual property rights, violations of citizens’ privacy and other cyber crimes in accordance with the law. Urge enterprises to strengthen data security risk assessment, strengthen supervision and management and accountability of big data enterprises, and create a safe and reliable data ecological environment.

Third, strengthen network security emergency response capabilities. Strengthen the construction of network security information coordination mechanisms, means, and platforms, and monitor and warn major network security events in real time, not only grasp the current state of cyberspace, but also analyze the next steps, and provide a basis for scientific decision-making and command. Strengthen the construction of emergency command capabilities for cybersecurity incidents, improve the cybersecurity monitoring, early warning and response mechanism, and enhance cybersecurity situational awareness, event analysis, traceability, and rapid recovery capabilities after attacks.

Fourth, strengthen the foundation of network security work. Vigorously develop the network security industry, strengthen the overall planning and overall layout of the network security industry, cultivate and support a group of network security enterprises with international competitiveness. Strengthen network security education, accelerate the construction of national network security talents and innovation bases, and actively carry out demonstration projects for the construction of first-class network security colleges. Carry out in-depth publicity and popularization of network security knowledge and skills, organize a national network security publicity week, and continuously improve the general public’s network security awareness and protection skills.

The Links:   NL6448BC33-53 M170EG01-V1 LCD-STOCK