China has fined ride-hailing giant Didi more than 8 billion yuan ($1.2 billion), regulators announced Thursday, concluding a year-long investigation into alleged data security violations.
Didi has been one of the highest-profile targets of a widespread crackdown on China's tech firms, which saw years of runaway growth and the emergence of supersized monopolies.
The clampdown launched in 2021 wiped billions of dollars off the value of Chinese tech companies. Some were targeted over monopolistic behaviour while others -- such as Didi -- for cyber and national security concerns.
The probe found "conclusive evidence" that Didi had committed violations of an "egregious nature", the Cyberspace Administration of China (CAC) said in a statement.
It accused Didi of illegally storing the ID information of more than 57 million drivers in plain text instead of a more secure format.
The regulator said the firm also analysed passenger details without their knowledge -- including photos on their mobile phones and facial recognition data.
"Didi's illegal operations have brought serious security risks to the security of the country's key information infrastructure and data security," CAC said.
"Even when regulatory authorities ordered corrections, comprehensive and in-depth corrections were not carried out."
Didi's violations took place over seven years starting June 2015, according to the regulator.
CAC also accused Didi of unspecified national security violations in its data processing activities.
The firm was also found to have violated China's Cybersecurity Law, Data Protection Law and Personal Information Protection Law –- a landmark code introduced last year that is modelled on the European Union's GDPR legislation.
- Tech crackdown -
The fine amounts to more than four percent of Didi's $27.3 billion total revenue last year.
"We sincerely accept this decision (and will) resolutely obey it," the company said in a statement on social media.
"We will take this as a warning... (and) further strengthen the construction of network security and data security."
This was the largest fine imposed by Chinese authorities since e-commerce behemoth Alibaba was ordered to pay around $2.75 billion in April 2021 for anti-competitive practices.
Didi got into hot water in June last year after it pressed ahead with an initial public offering in the United States, reportedly against Beijing's wishes.
Days after it raised $4.4 billion in New York, Chinese authorities launched their cybersecurity probe, sending Didi shares plunging.
Since then, Didi's app has been removed from Chinese stores and it has been unable to register new users.
The Wall Street Journal reported earlier this week that the fine would pave the way for Didi to list in Hong Kong and register new users.
China's tech crackdown has eased this year as it grapples with the economic fallout from its zero-Covid strategy, with the country struggling in its pursuit of 5.5 percent GDP growth.
In May, Premier Li Keqiang urged support for tech companies to list both domestically and abroad.
But there is still a strict regulatory environment: President Xi Jinping last month called for stronger oversight and better security in the financial tech arena.
Since the Didi investigation was launched in July last year, overseas IPOs from big Chinese firms have all but dried up.
Beijing now requires internet firms with more than one million users to undergo a data security review before listing overseas, partly for national security reasons as US-China tech competition heats up.