/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130344212z-iw-new.png)
/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130332454z-iw-new.jpg)
/industry-wired/media/media_files/2025/01/16/XqR3GL3GGihwTopHNVXu.jpg)
/industry-wired/media/media_files/2025/01/16/XqR3GL3GGihwTopHNVXu.jpg)
Landmark Privacy Complaint Filed Against Chinese Tech Giants for Transferring EU User Data to China
Austrian privacy advocacy group Noyb (None of Your Business) has filed a landmark privacy complaint against six Chinese companies, including TikTok, Shein, Xiaomi, and others, for unlawfully transferring European Union user data to China. The complaints mark Noyb’s first legal action against Chinese firms, following its previous focus on American tech giants like Apple, Alphabet, and Meta.
The Vienna-based organization has filed six complaints across four European countries, calling for an immediate suspension of data transfers to China and fines that could reach up to 4% of the companies' global revenue under the EU’s General Data Protection Regulation (GDPR).
Details of the Complaint
Noyb has named TikTok, Shein, AliExpress, Xiaomi, Temu, and Tencent’s messaging app WeChat in its complaint, accusing them of transferring European user data to China. According to Noyb, TikTok, Shein, AliExpress, and Xiaomi have openly admitted to sending data to China, while Temu and WeChat transfer data to unspecified "third countries," which are likely China.
Under GDPR, transferring data outside the European Union is permitted only if the destination country meets the EU's stringent data protection standards. According to Noyb, China, as an authoritarian surveillance state, does not provide adequate data protection comparable to EU regulations.
Kleanthi Sardeli, a data protection lawyer at Noyb, stated, "Transferring Europeans’ personal data is clearly unlawful and must be terminated immediately. Given that China is an authoritarian surveillance state, it is crystal clear that China doesn't offer the same level of data protection as the EU."
Scope of the Legal Action
The six complaints have been filed in Austria, France, Germany, and the Netherlands, targeting both the data transfers and the companies’ compliance with GDPR regulations. If found guilty, these firms could face substantial fines based on their global revenue, which, for companies like TikTok and Shein, could amount to billions of euros.
Noyb’s complaints also call for immediate suspension of data transfers to China, which could disrupt the operations of these companies within the European Union.
Chinese Companies and Data Privacy Concerns
The complaint underscores growing scrutiny of Chinese tech companies over privacy concerns. Among the named firms, ByteDance-owned TikTok has been a frequent target of regulatory actions worldwide. The social media platform is already under investigation by the European Commission for alleged failure to curb election interference, notably in the Romanian presidential elections in November 2024.
TikTok also faces a federal ban in the United States, where it is set to be shut down for U.S. users starting Sunday. The ban reflects heightened concerns about the platform's data-sharing practices and its potential links to the Chinese government.
Shein, a fast-fashion retailer popular among young consumers, has also come under fire for its data-sharing practices. Similarly, e-commerce giant AliExpress and Xiaomi, a leading smartphone maker, have faced criticism for inadequate data protection measures, particularly in Europe.
Tencent’s WeChat, a widely used messaging platform, and Temu, a rising e-commerce platform, are also implicated in the complaints for transferring user data to undisclosed locations outside the EU.
The GDPR Framework and Data Transfers
Under GDPR, any transfer of personal data outside the European Union is subject to strict conditions. The receiving country must ensure an equivalent level of data protection, either through domestic laws, international agreements, or binding corporate rules.
China’s regulatory environment does not align with GDPR standards. As an "authoritarian surveillance state," according to Noyb, China’s laws enable widespread government access to user data, raising significant privacy concerns.
The GDPR permits fines of up to 4% of a company’s global annual revenue for non-compliance, which could impose significant financial penalties on the six companies named in the complaint.
Noyb’s History of Privacy Advocacy
Noyb is known for its high-profile complaints against American tech giants, including Apple, Alphabet, and Meta. These legal actions have led to several investigations and billions of euros in fines for violations of European privacy laws.
This complaint against Chinese companies represents a significant expansion of Noyb’s advocacy efforts, signaling that non-compliance with GDPR will not be tolerated regardless of a company’s country of origin.
Implications for Chinese Tech Firms
The complaints could have far-reaching implications for the operations of the accused firms in the European Union. A suspension of data transfers could force these companies to restructure their data processing systems or face restricted access to the lucrative European market.
The financial penalties, if imposed, could also impact the global operations of these firms. For companies like TikTok, which already faces regulatory challenges in the United States and other countries, this could add to existing operational pressures.
Broader Context of Data Privacy Concerns
The complaint highlights the growing global focus on data privacy and security, particularly involving Chinese tech firms. Governments and regulators worldwide are increasingly scrutinizing the practices of companies operating across borders to ensure compliance with local laws and protect user data.
China's national security laws, which mandate companies to share data with government authorities upon request, have raised alarm bells internationally. These concerns have led to bans or restrictions on Chinese tech products and services in several countries.
Conclusion
Noyb’s complaints against TikTok, Shein, Xiaomi, and others mark a new chapter in the ongoing debate over data privacy and cross-border data transfers. The cases will test the enforcement of GDPR regulations and could set a precedent for handling data privacy issues involving non-EU companies.
As investigations proceed, the outcome of these complaints will not only determine the future of these firms in the European market but also shape the global discourse on data privacy and protection. The spotlight on Chinese companies further underscores the critical importance of aligning with international data protection standards in an increasingly interconnected digital economy.