TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi Accused of Sending Data from EU to China 

• European None of Your Business filed a new set of complaints targeting companies that allegedly breach EU users’ privacy.
• The list includes shopping apps SHEIN and Temu, which saw a swift rise in popularity in Europe after launching on the continent.
• TikTok and Xiaomi, both long-known to be very intrusive with user data, are once again in the crosshairs of privacy-infringing practices.

Austrian privacy advocacy group None of Your Business (noyb) has filed legal complaints against several major tech companies, including TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, accusing them of unlawfully transferring user data from the European Union (EU) to China. 

The group alleges these data transfers constitute a violation of the General Data Protection Regulation (GDPR), as the companies cannot ensure the safety of user data from potential access by Chinese government authorities.

Complaints filed in Austria, Belgium, Greece, Italy, and the Netherlands demand an immediate suspension of these data transfers, as the companies' compliance with Chinese laws contradicts the stringent EU data protection standards – General Data Protection Regulation (GDPR).

The group’s complaints focus heavily on the companies’ failure to respond to GDPR-compliant access requests seeking specific information about data transfers. Noyb stated that these requests aimed to clarify what user data is being transferred and whether it is sent to China or other non-EU territories. 

"According to their privacy policy, AliExpress, SHEIN, TikTok, and Xiaomi explicitly state that they transfer data to China," noyb noted in a statement. "Temu and WeChat mention third-country transfers, and given their corporate structures, these are likely to include China."

Additionally, noyb criticized the companies for failing to protect users' rights under GDPR. Under GDPR provisions, businesses are obligated to ensure transferred data meets EU data protection standards, even when sent to countries outside the bloc. 

It further goes on to say, “Given that China is an authoritarian surveillance state, it is crystal clear that China doesn't offer the same level of data protection as the EU. Transferring Europeans' personal data is clearly unlawful – and must be terminated immediately."

Noyb said China lacks an independent data protection authority to oversee and address cases of government surveillance, so citizens’ data transferred to China is exposed to Beijing’s surveillance measures. 

The complaints occur amidst mounting scrutiny of TikTok in multiple regions – an app owned by Beijing-based ByteDance, stemming from concerns over potential national security risks. 

The privacy-focused group has recently filed other GDPR complaints against major tech firms, including Google, Microsoft, and Mozilla, alleging violations such as unauthorized tracking through platforms like Privacy Sandbox, Xandr, and Firefox.

Last year, the U.S. Department of Justice (DoJ) filed a lawsuit against TikTok and its parent company ByteDance, alleging the popular social media platform collected personal information from children under 13 without parental consent, violating the Children's Online Privacy Protection Act (COPPA).