On Thursday, the Austrian advocacy group Noyb filed a privacy complaint against TikTok, Shein, Xiaomi, and three other Chinese companies, accusing them of unlawfully sending EU user data to China. Noyb claims that these companies are transferring personal data from European Union (EU) citizens to China, which violates EU privacy laws.
Details of the Complaint and List of Companies
Noyb filed six complaints in five European countries—Greece, Netherlands, Belgium, Italy, and Austria—demanding the suspension of data transfers to China. They are also seeking fines that could reach up to 4% of the global revenue of the companies involved.
| Country | Company | Data Transfer Allegation |
|---|---|---|
| Austria | TikTok | Personal data transferred to China |
| Greece | Shein | Personal data transferred to China |
| Belgium | Xiaomi | Personal data transferred to China |
| Netherlands | AliExpress | Personal data transferred to China |
| Italy | Temu | Data transfer to undisclosed countries, possibly China |
| Austria | Data transfer to undisclosed countries, possibly China |
Key Findings
According to Noyb, Chinese companies such as Alibaba e-commerce platform AliExpress, the retailer Shein, social media app TikTok, and phone maker Xiaomi have admitted to transferring European user data to China. These claims are based on transparency reports and other official documents. Temu and Tencent’s messaging app WeChat also transfer data to undisclosed “third countries,” which Noyb suspects to be China.
| Company | Allegation | Response |
|---|---|---|
| TikTok | Sends personal data to China | No immediate response |
| Shein | Sends personal data to China | No immediate response |
| Xiaomi | Sends personal data to China | Company investigating allegations |
| Temu | Sends data to undisclosed countries (possibly China) | No immediate response |
| Sends data to undisclosed countries (possibly China) | No immediate response |
Company Reactions
Xiaomi’s spokesperson stated that the company is currently investigating the allegations. However, the other companies involved have not responded immediately to requests for comment.
EU Privacy Laws
The EU has strict privacy laws, such as the General Data Protection Regulation (GDPR), which focus on data protection. Under these laws, companies must secure their users’ data and cannot transfer it to other countries without the user’s consent. If these allegations are proven true, the companies involved could face significant penalties.
Summary
Noyb’s privacy complaint highlights the growing challenges related to data protection and privacy. This case could serve as a wake-up call for international companies, urging them to strengthen their data protection practices and ensure compliance with EU laws.
