Introduction
The European Center for Digital Rights [6], known as Noyb, has launched a significant legal challenge against several prominent Chinese technology companies. This action involves filing GDPR complaints in multiple European countries, alleging unlawful data transfers to China [9], which raises substantial privacy concerns.
Description
Noyb [1] [2] [5] [6] [8] [9], the Austria-based European Center for Digital Rights [6], has initiated its first legal action against several major Chinese technology companies—AliExpress, Shein [2] [3] [6] [7] [8] [9], Temu [1] [3] [4] [5] [6] [7] [8] [9], TikTok [1] [2] [3] [4] [6] [7] [8] [9], WeChat [1] [3] [4] [5] [6] [7] [8] [9], and Xiaomi—by filing GDPR complaints across four European countries: Greece, Italy [1] [5], Belgium [1] [5], and the Netherlands [1] [5]. These complaints allege that these firms unlawfully transfer personal data of European users to China, which does not provide an equivalent level of data protection as mandated by the General Data Protection Regulation (GDPR). This raises significant privacy concerns, particularly given the authoritarian nature of the Chinese government and its extensive surveillance practices.
Noyb asserts that these actions violate the EU’s GDPR, especially Chapter V, which governs international data transfers. Under GDPR [1] [5], such transfers are only permissible under strict conditions that ensure adequate protection of personal data. Noyb emphasizes that China fails to meet these standards, as several companies, including AliExpress, Shein [2] [3] [6] [7] [8] [9], TikTok [1] [2] [3] [4] [6] [7] [8] [9], and Xiaomi [1] [2] [4] [5] [6] [7] [8], have acknowledged sending personal data of Europeans to China [8]. Additionally, Temu and WeChat reportedly indicate potential transfers to undisclosed third countries, likely including China [7]. The organization also claims that these companies have not conducted the necessary impact assessments required by GDPR and have failed to comply with requests from European users for data access, violating Article 15 of the regulation.
The case is further supported by Xiaomi’s admission that Chinese authorities can access user data without limitations [5], underscoring the risks associated with data transfers to China [5]. Noyb is calling for an immediate halt to these data transfers and has proposed fines of up to 4% of the companies’ global revenue for non-compliance—potentially amounting to $1.75 billion for Xiaomi and $1.35 billion for Temu—if found in violation of GDPR. This legal action represents a significant challenge to the data practices of Chinese tech companies operating in Europe [5], with far-reaching implications for their compliance within the EU’s regulatory framework.
Noyb’s previous successes include actions against companies like Mozilla [4], X (formerly Twitter) [4], Netflix [4], and the EU Parliament [4], further establishing its commitment to enforcing digital rights. The organization’s efforts also follow its initiatives against US tech giants like Apple and Meta, emphasizing its global commitment to data privacy rights [3]. Additionally, there are ongoing EU complaints against TikTok concerning potential election interference [2], highlighting the broader scrutiny of Chinese companies in the region and sparking discussions about data sovereignty and the enforcement of privacy regulations in a globalized context.
Conclusion
The legal actions initiated by Noyb against Chinese technology companies underscore the critical importance of data protection and privacy in the digital age. These proceedings could lead to significant financial penalties and compel these companies to reassess their data handling practices to comply with European regulations. The outcome of this case may set a precedent for future enforcement of data privacy laws, influencing global data transfer practices and reinforcing the EU’s stance on data sovereignty and privacy rights.
References
[1] https://www.euronews.com/next/2025/01/17/new-gdpr-complaints-against-chinese-big-tech-question-use-of-european-citizens-data
[2] https://www.devdiscourse.com/article/technology/3227251-noyb-targets-chinese-giants-in-eu-data-privacy-battle
[3] https://www.archyde.com/chinese-companies-tiktok-xiaomi-face-gdpr-violation-charges-by-austrian-watchdog-noyb/
[4] https://www.bitdefender.com/en-us/blog/hotforsecurity/tiktok-chinese-companies-breaching-gdpr
[5] https://techstory.in/tiktok-and-temu-face-gdpr-complaints-over-data-transfers-to-china/
[6] https://www.infosecurity-magazine.com/news/noyb-gdpr-complaints-tiktok-temu/
[7] https://www.engadget.com/big-tech/tiktok-temu-and-more-face-complaints-alleging-gdpr-violations-in-eu-195115567.html
[8] https://www.theglobeandmail.com/business/international-business/european-business/article-tiktok-shein-four-other-chinese-companies-hit-by-eu-privacy-complaints/
[9] https://www.fmie.org/tiktok-and-5-other-chinese-companies-face-eu-privacy-complaints/
