Angela Huyue Zhang is director of the Center for Chinese Law at the University of Hong Kong. She is author of "Chinese Antitrust Exceptionalism: How the Rise of China Challenges Global Regulation."
When Jean Liu, the president of Didi Chuxing, was asked during an interview with Bloomberg Television why she had given up the Goldman Sachs managing director's role to join the ride-hailing giant, her reply was that she saw Didi's potential to make a "huge impact."
She was right, of course, with Didi rising up to become one of the most highly valued tech companies in China. But there is another side to the story behind Didi's rise -- the huge impact Didi has had on the Chinese society also comes with huge regulatory risk.
Data security has been a flashpoint recently. Didi, a company that has a near-monopoly in Chinese ride-hailing, has amassed troves of detailed personal data.
In 2015, Didi's researchers even used its data to analyze the ride-hailing patterns from China's larger central ministries to try to figure out which ministry worked the hardest. What Didi's data scientists may have overlooked at that time was that while big data is a much-prized commercial asset, it can also turn into a liability, especially amid Beijing's campaign against its own Big Tech sector and rising U.S. antagonism toward China.
As I explained in my book Chinese Antitrust Exceptionalism: How the Rise of China Challenges Global Regulation, there is clear interdependence between how China regulates and how China is regulated. In recent years, U.S.-listed Chinese companies have faced growing pressure to disclose more information to U.S. regulators.
The Holding Foreign Companies Accountable Act, which then-President Donald Trump signed into law last year, appears to specifically target Chinese companies by demanding tougher audit requirements. Yet these requirements are in direct conflict with Chinese law, and so far the two countries have yet to reach an amicable resolution.
This tightened U.S. scrutiny has put Chinese regulators on high alert on cross-border data transfer issues, which explains why they reportedly nudged Didi to postpone its IPO in the U.S. in order to conduct a thorough self-examination of cybersecurity risks. In the midst of rising nationalist sentiment, and rumors that Didi might be turning over critical data to the U.S. government during its initial public offering filing, China's cyberspace regulator faced intense public pressure to intervene. Still, Didi rushed ahead to complete the IPO at lightning speed.
Didi's failure to heed clear warnings forced the regulators' hand, triggering a chain of actions that is rewriting the rule book for the listing of Chinese tech companies. Shortly after the Didi investigation, China's cyberspace regulator announced its investigation of three other Chinese tech companies that went public in the U.S. in June, and the State Council, China's cabinet, is calling on relevant government departments to tighten data regulation for overseas listings of Chinese companies.
Didi may have underestimated the regulatory leverage possessed by the Chinese government. Although data regulation is a new area of law enforcement, Chinese regulators have plenty of legal discretion to go after Chinese tech. China now has a wide array of cybersecurity laws and data protection laws, and will adopt the Personal Information Protection Law later this year. One of the top priorities is to regulate cross-border data transfer issues.
This obviously has been a steep learning curve for Chinese tech. The case against Didi is the first high-profile cybersecurity review that China's cyberspace regulator has conducted. In the past, there was scant public disclosure of such reviews and almost no precedents. Didi, along with the other three internet companies, has become an important test case.
Another potent weapon at the disposal of Chinese regulators is the strategic shaming sanction, which involves the adept application of a sophisticated media strategy to inflict reputational damage on targeted companies. Indeed, since the cyberspace regulator's announcement of its investigation into Didi last week, the company has lost a fifth of its market capitalization. The Didi probe is also having negative spillover effects on the stock performance of a slew of other Chinese tech companies as investors panic over the future of their U.S. listings.
To be sure, this is not the first setback that Didi has faced. Over the years, the company has engaged in disruptive price wars with its formidable rivals, has had to cope with regulatory crises in relation to several safety scandals and survived the eventual shutdown of its hitchhiking service. Despite becoming an almost invincible monopoly in the ride-hailing business, Didi made losses year after year. Just as it started to turn profitable last year, it was accused of exploiting drivers by charging too-high commissions.
As Didi President Liu has said, the most important piece of advice she got from her father, the legendary Chinese entrepreneur Liu Chuangzhi, is that life is supposed to be hard. The same could be said about Big Tech, for whom life should also be hard. Chinese tech companies have all been humbly reminded that lurking regulatory risk is the twin sister of pervasive influence.