On Thursday 16 January, the NGO Noyb filed complaints in five countries (Greece, Italy, Belgium, the Netherlands and Austria) against several Chinese platforms and companies for failure to comply with the GDPR. The Austrian organisation accuses these companies of illegally transferring data to China.
TikTok, AliExpress, Shein, Temu, WeChat and Xiaomi are the companies concerned. AliExpress, Shein, TikTok and Xiaomi “openly admit” that they were sending Europeans’ personal data to China. In any case, that is what their privacy policy says, according to Noyb. Temu and WeChat, for their part, say they transfer data from third countries, without specifying which countries.
The Austrian NGO pointed out that, under European legislation, data transfers outside the EU are authorised as an exception, under derogations, if and only if the country does not undermine data protection. But China is an “authoritarian surveillance state” where “data protection laws do not limit the access by authorities in any way”, Noyb added.
Represented by Noyb, the complainants filed access requests under Article 15 of the GDPR with the companies concerned in order to find out whether their data had been sent to China. The companies did not provide this “legally required information about data transfers”.
Noyb is asking the data protection authorities to order the suspension of data transfers to China and for China to comply with the GDPR. According to the NGO, an administrative fine of up to 4% of worldwide sales would help prevent such violations from recurring. (Original version in French by Florent Servia)