Pierluigi Paganini January 17, 2025

noyb files complaints against TikTok, AliExpress, and other Chinese companies for illegal EU user data transfers to China, violating data protection laws.

Austrian privacy non-profit group None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users’ data to China.

noyb filed GDPR complaints against the above companies for unlawfully transferring EU users’ data to China. While some admit these transfers, others list “third countries,” raising concerns about compliance with EU data protection laws.

The privacy non-profit organization requested the immediate suspension of data transfers to China due to the risk that the government of Beijing could access data of EU citizens. noyb pointed out that foreign users face challenges exercising rights under Chinese data laws due to the lack of an independent authority, unclear laws, and limited recourse options.

“noyb has now filed 6 GDPR complaints in 5 European countries and requests the data protection authorities to immediately order the suspension of data transfers to China under Article 58(2)(j) as the country does not provide an essentially equivalent level of data protection under Article 44 and 46 GDPR. noyb also requests the companies to bring their processing into compliance with the GDPR.” reads the announcement published by noyb.

The advocacy group filed six different complaints in Austria, Belgium, Greece, Italy, and the Netherlands.

“Given that China is an authoritarian surveillance state, it is crystal clear that China doesn’t offer the same level of data protection as the EU. Transferring Europeans’ personal data is clearly unlawful – and must be terminated immediately.” said Kleanthi Sardeli, data protection lawyer at noyb.

noyb urges DPAs to impose fines up to 4% of global revenue, potentially €147M for AliExpress and €1.35B for Temu, to deter future violations.

“Last but not least, noyb asks the DPAs to impose an administrative fine to prevent similar violations in the future. Such a fine can reach up to 4% of the global revenue, which can e.g. amount to €147 million (annual revenue of €3.68 billion) for AliExpress or €1.35 billion (annual revenue of €33.84 billion) for Temu.” concludes the announcement.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, TikTok)