TikTok among six tech firms under fire for sending Europeans' personal data to China
Temu, Xiaomi, AliExpress, Shein, WeChat, and TikTok are in breach of EU laws, say experts. Here's what we know so far.
TikTok is among six Chinese tech companies hit by privacy complaints for sending Europeans' personal data to China, breaching EU data transfer law.
The EU law is clear – the Austrian privacy advocacy group None of Your Business (stylized as noyb) that filed the complaint, explains in a blog post – that data transfers outside the EU are only allowed if the destination country doesn’t undermine the protection of data.
"Given that China is an authoritarian surveillance state, it is crystal clear that China doesn’t offer the same level of data protection as the EU. Transferring Europeans’ personal data is clearly unlawful – and must be terminated immediately," said Kleanthi Sardeli, data protection lawyer at noyb.
Alongside the popular video-sharing app, noyb also filed GDPR complaints in five countries against AliExpress, SHEIN, Temu, WeChat, and Xiaomi for unlawful data transfers to China.
The danger of data transfers
As per GDPR rules, data transfers outside Europe should only occur as exceptions, subject to proof the data is protected by strict requirements.
Companies are required to conduct an impact assessment, experts explain, to verify that European data is secure against the national laws of the destination country that may require authorities access to data. This is clearly not the case for China, whose data protection laws are notorious for not limiting authorities' access in any way.
In its transparency reports, for example, mobile manufacturer Xiaomi confirms how Chinese authorities can obtain virtually unlimited access to users' sensitive information.
"Chinese companies have no choice but to comply with government requests for access to data," said Kleanthi Sardeli, data protection lawyer at noyb. "This means that European users' data is at risk as long as it's sent abroad."
