- No, RedNote is not the new TikTok - and here's why
- Good news! You can stream Super Bowl LIX for free this year on Tubi
- Bye bye, Wi-Fi: this low-cost adapter lets you set up a wired network without running ethernet
- No, AI won't revolutionize shopping - but this will
- How to watch Super Bowl 2025: Every streaming option
Noyb Files GDPR Complaints Against TikTok and Five Chinese Tech Giants
Noyb, the Austria-based European Center for Digital Rights, has filed complaints against six Chinese companies over alleged violations of the EU’s General Data Protection Regulation (GDPR).
The accused firms include AliExpress, Shein, Temu, TikTok, WeChat and Xiaomi.
The non-profit alleges these companies unlawfully send Europeans’ personal data outside of the EU, especially to China.
Unlawful Data Transfers to China
While AliExpress, Shein, TikTok and Xiaomi explicitly mention data transfers to China in their privacy policy, Temu and WeChat only mention undisclosed “third countries.”
According to Temu and WeChat’s corporate structure, this most likely includes China, said Noyb.
To comply with GDPR, companies operating in the EU are not allowed to transfer Europeans’ data outside of the EU unless they benefit from “derogations.”
Additionally, even when allowed to transfer data outside of the EU, companies covered by GDPR must meet strict requirements to ensure the security of personal data.
Noyb explained in a public statement that the typical process is to rely on Standard Contractual Clauses (SCCs), a contract in which the Chinese recipient pledges to follow EU protections.
This is possible after a thorough impact assessment that verifies that Europeans’ data is secure in the destination country and that the SCCs do not conflict with national laws that require access to data.
Kleanthi Sardeli, a Data Protection Lawyer at Noyb, said, “Given that China is an authoritarian surveillance state, it is crystal clear that China doesn’t offer the same level of data protection as the EU. Transferring Europeans’ personal data is clearly unlawful – and must be terminated immediately.”
Xiaomi’s Transparency Reports
Additionally, Noyb analyzed Xiaomi’s transparency reports, which confirmed the risk of Chinese authorities “requesting and obtaining (unlimited) access” to Xiaomi customers’ personal data:
- Chinese authorities have requested access to Xiaomi customers’ personal data on a large scale, while EU authorities only had a handful of requests
- Xiaomi almost always complies with these Chinese authorities’ requests
- It is almost impossible for foreign users to exercise their rights under Chinese data protection law because the country doesn’t have any dedicated entity where citizens can raise government surveillance issues
Filing GDPR Complaints
Noyb said that EU complainants filed access requests under GDPR’s Article 15 GDPR with the six Chinese companies to see if their data was sent to China or other countries outside the EU, but none of them responded adequately.
Therefore, Noyb decided to file six GDPR complaints in five European countries and requested the EU data protection authorities immediately order the suspension of data transfers to China and require those companies to comply with GDPR.
Finally, the non-profit asked the data protection authorities to impose a fine of up to 4% of the global revenue.
Such a fine would amount to €147m ($151m) for AliExpress or €1.35bn ($1.39bn) for Temu.
