This post is also available in:
עברית (Hebrew)
A new privacy complaint has raised serious concerns about the illegal transfer of European Union (EU) user data to China. The Austrian advocacy group Noyb, renowned for its legal actions against major U.S. tech firms, has now turned its attention to Chinese companies, filing six complaints across four EU countries. This marks the group’s first General Data Protection Regulation (GDPR) action targeting Chinese firms, such as TikTok, Xiaomi, Shein, and Alibaba’s AliExpress.
The complaints allege that these companies are unlawfully sending personal data of EU citizens to China, which violates the EU’s strict data privacy rules. According to Noyb, TikTok, Shein, and Xiaomi have admitted to transmitting European user data to China, while companies like Temu and Tencent’s WeChat are accused of transferring data to unidentified “third countries,” which are believed to be China.
According to the GDPR, data transfers outside the EU are only permitted if the destination country provides an adequate level of data protection. Noyb argues that China, as an authoritarian state with extensive surveillance practices, fails to meet these standards. Given that China does not provide the same level of data protection as the EU, these transfers are unlawful, explained Kleanthi Sardeli, a data protection lawyer at Noyb, according to Cybernews.
The organization is calling for the suspension of data transfers to China and is seeking fines that could reach up to 4% of the offending companies’ global revenue. Noyb’s legal action adds to the growing scrutiny Chinese tech companies face globally, with concerns over the handling of personal data intensifying.
In addition to Noyb’s complaints, TikTok has been embroiled in regulatory battles, the largest of which ended when TikTok’d serviced where shut in the U.S. on Sunday, January 19th, after it’s parent company, ByteDance, refused to sell the platform to a U.S. owner.
This case represents a significant step in holding Chinese tech companies accountable for their data practices in Europe, as authorities continue to grapple with the global impact of tech firms and their data security practices.
