European Privacy Group Takes Legal Action Against TikTok and AliExpress Over Data Transfers to China

2025-01-22

In an era where data privacy has become a cornerstone of digital trust, the transfer of personal information across borders is under increasing scrutiny. A recent move by the Austrian privacy advocacy group, None of Your Business (noyb), has brought this issue to the forefront. The organization has filed legal complaints against major tech and e-commerce giants, including TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, alleging unlawful data transfers from the European Union to China. This action highlights growing concerns over the safety of European users’ data and the potential risks posed by authoritarian regimes with access to such information.

the

On January 17, 2025, noyb, an Austrian non-profit focused on privacy rights, filed complaints against several prominent companies for violating EU data protection laws. The group accused TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of illegally transferring European users’ personal data to China. According to noyb, these companies cannot guarantee that user data is shielded from access by the Chinese government, which operates under an authoritarian surveillance regime.

The complaints were lodged in multiple EU countries, including Austria, Belgium, Greece, Italy, and the Netherlands. Kleanthi Sardeli, a data protection lawyer at noyb, emphasized that China’s lack of equivalent data protection standards makes such transfers unlawful under EU law. She called for an immediate halt to these practices, arguing that European citizens’ personal data is at risk of being accessed by Chinese authorities without adequate safeguards.

Noyb’s actions underscore the broader tension between global tech companies and EU privacy regulations, particularly the General Data Protection Regulation (GDPR). The GDPR mandates strict rules for data transfers outside the EU, requiring that recipient countries provide an equivalent level of data protection. China’s surveillance laws, which compel companies to hand over data upon request, directly conflict with these requirements.

The complaints also highlight the challenges faced by European regulators in enforcing data protection laws against multinational corporations. As these companies operate across borders, ensuring compliance with local regulations becomes increasingly complex. Noyb’s move is a significant step in holding these corporations accountable and protecting the privacy rights of European users.

What Undercode Say:

The legal action taken by noyb against TikTok, AliExpress, and other companies is a pivotal moment in the ongoing battle for data privacy. It reflects a growing awareness of the risks associated with cross-border data transfers, particularly to countries with authoritarian regimes. The case raises critical questions about the balance between global business operations and the protection of individual privacy rights.

One of the key issues at play is the inherent conflict between China’s surveillance laws and the EU’s GDPR. China’s legal framework requires companies to comply with government requests for data access, often without transparency or oversight. This creates a significant risk for European users, as their personal information could be exposed to unauthorized access. The GDPR, on the other hand, is designed to safeguard user data by imposing strict requirements on how it is collected, processed, and transferred.

The noyb complaints also highlight the challenges of enforcing data protection laws in a globalized digital economy. Companies like TikTok and AliExpress operate on a massive scale, with millions of users across the world. Ensuring compliance with local regulations in every jurisdiction is a daunting task, and many companies have struggled to navigate the complexities of the GDPR.

However, this does not absolve them of responsibility. The GDPR is one of the most robust data protection frameworks in the world, and companies that operate in the EU must adhere to its principles. The noyb complaints serve as a reminder that data privacy is not just a legal obligation but also a fundamental right that must be protected.

The outcome of these complaints could have far-reaching implications for the tech industry. If noyb succeeds in halting data transfers to China, it could set a precedent for similar actions against other companies. This could force tech giants to reevaluate their data practices and invest in stronger privacy protections.

At the same time, the case underscores the need for international cooperation on data privacy. As digital technologies continue to evolve, the challenges of protecting user data will only grow more complex. Governments, regulators, and companies must work together to develop global standards that ensure the privacy and security of personal information.

In conclusion, the noyb complaints against TikTok, AliExpress, and other companies are a significant step forward in the fight for data privacy. They highlight the risks of cross-border data transfers and the importance of enforcing robust data protection laws. As the digital economy continues to expand, protecting user privacy must remain a top priority for all stakeholders.