EU Privacy Group Sues TikTok, AliExpress Over Data Transfers

EU Privacy Group Sues TikTok, AliExpress Over Data Transfers

Austrian Privacy Group Accuses Major Companies of Data Transfer Violations

Austrian privacy non-profit None of Your Business (noyb) has filed complaints against several major companies, including TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for allegedly violating data protection regulations in the European Union by unlawfully transferring users’ data to China. This action aims to halt these data transfers immediately, highlighting concerns that the Chinese government may access this sensitive information.

According to Kleanthi Sardeli, a data protection lawyer at noyb, "Given that China is an authoritarian surveillance state, it is crystal clear that China doesn’t offer the same level of data protection as the E.U." The advocacy group argues that transferring personal data of European citizens is unlawful and must be stopped without delay. Complaints have been lodged in Austria, Belgium, Greece, Italy, and the Netherlands.

Concerns Over Data Protection and Compliance

Noyb emphasizes that the companies involved lack the ability to protect user data from potential access by Chinese authorities. Moreover, they noted that none of these companies responded to access requests under the General Data Protection Regulation (GDPR), which seeks to clarify the nature of data transfers and whether they extend beyond the E.U. borders.

Key findings from noyb include:

  • AliExpress, SHEIN, TikTok, and Xiaomi explicitly mention in their privacy policies that they transfer data to China.
  • Temu and WeChat indicate transfers to third countries, likely including China based on their corporate structures.

This development is particularly timely as TikTok, owned by ByteDance, prepares to shut down its app in the U.S. on January 19, 2025, due to an impending federal ban.

Broader Implications for Data Privacy

Noyb’s recent actions are part of a broader trend, as the organization has also filed GDPR-related complaints against tech giants like Google, Microsoft, and Mozilla for tracking users without consent through initiatives like Privacy Sandbox and Xandr.

In related news, the U.S. Federal Trade Commission (FTC) has taken action against General Motors and GoDaddy for their data handling practices. General Motors is prohibited from sharing driver data without explicit consent for five years. This decision follows a New York Times investigation that revealed the company shared sensitive information with data brokers, influencing auto insurance rates.

Furthermore, GoDaddy has been ordered to implement a comprehensive security program to address multiple data breaches occurring between 2019 and 2022. The FTC criticized GoDaddy for its failure to maintain adequate security measures and for misleading customers about its data protection capabilities.

New Privacy Regulations for Children

In a significant move, the FTC has also updated the Children’s Online Privacy Protection Rule (COPPA), which now requires companies to obtain verifiable parental consent before processing children’s data for advertising or sharing purposes. This new rule aims to protect children’s information and ensures companies only retain this data for necessary periods.

As privacy regulations evolve, it is crucial for companies to prioritize data protection and transparency.

Conclusion

The ongoing battle for data privacy, especially concerning international data transfers, highlights the need for stringent regulations to safeguard user information. What are your thoughts on the impact of these recent complaints on companies operating in the EU? Share your opinions in the comments, and for more insights on data privacy issues, check out our related articles.

For more updates, follow us on Twitter and LinkedIn for exclusive content and discussions.

cta banners
Share it

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *