European Privacy Group Sues TikTok, AliExpress, and Other Chinese Giants Over Data Transfers
TeamHood
2 min read
In a bold legal move, the Austrian privacy advocacy group None of Your Business (noyb) has filed formal complaints against six major Chinese companies—TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi. The group alleges violations of the European Union’s General Data Protection Regulation (GDPR) for the unlawful transfer of user data from the EU to China.
The Allegations
noyb accuses the companies of:
- Unlawful Data Transfers: Personal data from EU users is allegedly being sent to China without appropriate safeguards, a direct breach of GDPR regulations.
- Lack of Transparency: According to the advocacy group, the companies failed to comply with user access requests mandated under GDPR, leaving individuals unaware of how their data is being processed and transferred.
What GDPR Requires
Under GDPR, transferring personal data to countries outside the EU is only permitted if the receiving country provides a level of protection comparable to the EU’s stringent data privacy standards.
- China’s Surveillance Practices: noyb argues that the surveillance-heavy environment in China fails to meet GDPR’s requirements, making such data transfers inherently unlawful.
- Non-Compliance: None of the companies named in the complaints have disclosed the necessary measures taken to ensure GDPR compliance, further intensifying scrutiny.
Company and Government Reactions
- Xiaomi: A spokesperson for Xiaomi stated that the company is reviewing the allegations and is committed to cooperating with authorities to resolve the matter.
- Other Companies: TikTok, AliExpress, SHEIN, Temu, and WeChat have yet to issue official statements addressing the complaints.
- Chinese Government: Responding to the controversy, China’s foreign ministry denied requiring companies to collect or provide data in a manner that violates the law.
Potential Consequences
If regulators uphold these complaints, the implicated companies could face fines of up to 4% of their global revenue. Additionally, they might be forced to halt data transfers to China, disrupting operations and potentially damaging user trust.
This case represents a significant test of GDPR’s enforcement capabilities against multinational tech firms and underscores growing concerns over data privacy in an increasingly interconnected world.
The Bigger Picture
The lawsuits come amid heightened scrutiny of Chinese tech firms globally. This incident highlights the importance of adhering to regional privacy laws and the potential repercussions of non-compliance. As international tensions over data sovereignty intensify, companies operating across borders must navigate increasingly complex regulatory landscapes to maintain trust and avoid legal repercussions.
Stay updated with the latest developments in this evolving story.
