Austria-based privacy advocate NOYB; TikTok has filed complaints against Chinese companies such as Xiaomi, Shein, AliExpress, Temu and WeChat, alleging violations of the European Union General Data Protection Regulation (GDPR). These complaints are based on the allegation that these companies transferred user data in Europe to China without permission. NOYB demands an immediate halt to data transfers and a fine of up to 4 percent of the companies’ global revenues.
GDPR is a law that regulates data privacy within the EU, and data transfers outside the EU are only possible if the destination country has adequate data protection standards. NOYB states that China is an authoritarian surveillance state and argues that data transfers to this country do not meet EU standards.
The organization claims that the privacy policies of AliExpress, SHEIN, TikTok and Xiaomi clearly state that the data is transferred to China, while Temu and WeChat state that they transfer the data to “third countries”, but these countries most likely include China.
The EU has strict standards on data protection, and under the GDPR, data transfers outside the EU are subject to strict rules. Data transfers to China are considered a particularly sensitive issue as this country’s data protection standards are not compatible with the EU. In this context, it can be said that NOYB’s complaints are capable of testing the effectiveness of the EU’s data protection policies.
As a result, this legal process initiated by NOYB against Chinese companies has brought to the agenda again how data protection practices in the EU are handled by global companies and the level of compliance of these companies with EU laws. These developments may be an important indicator of how the EU’s digital sovereignty goals and policies on international data transfers will be shaped in the future.