Austrian privateness non-profit None of Your Enterprise (noyb) has filed complaints accusing firms like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating knowledge safety laws within the European Union by unlawfully transferring customers’ knowledge to China.
The advocacy group is searching for an instantaneous suspension of such transfers, stating the businesses in query can’t defend person knowledge from being probably accessed by the Chinese language authorities. The complaints have been filed in Austria, Belgium, Greece, Italy, and the Netherlands.
“On condition that China is an authoritarian surveillance state, it’s crystal clear that China would not provide the identical stage of information safety because the E.U.,” Kleanthi Sardeli, knowledge safety lawyer at noyb, mentioned. “Transferring Europeans’ private knowledge is clearly illegal – and should be terminated instantly.”
Noyb famous that the businesses don’t have any alternative however to adjust to Chinese language authorities’ requests for entry to knowledge, and that Beijing lacks an impartial knowledge safety authority to lift points associated to authorities surveillance.
It additionally mentioned not one of the firms responded to its entry requests underneath the Basic Information Safety Regulation (GDPR) to hunt readability on the character of information transfers, and if they’re transmitted to China or every other nation outdoors of the E.U.
“In response to their privateness coverage, AliExpress, SHEIN, TikTok, and Xiaomi switch knowledge to China,” noyb mentioned. “Temu and WeChat point out transfers to 3rd international locations. In response to Temu and WeChat’s company construction, this most definitely contains China.”
The event comes as ByteDance-owned TikTok is getting ready to close down its app within the U.S. beginning January 19, 2025, when a federal ban on the social media platform is scheduled to return into impact.
In current months, noyb has filed GDPR-related complaints towards Google, Microsoft, and Mozilla for monitoring customers with out consent via Privateness Sandbox, Xandr, and Firefox, respectively.
FTC Takes Actions In opposition to Basic Motors and GoDaddy
The complaints additionally coincide with the U.S. Federal Commerce Fee (FTC) banning automaker Basic Motors from disclosing knowledge that it collects from drivers, together with geolocations and driver conduct data, to shopper reporting businesses for 5 years for sharing such knowledge with out their affirmative consent.
In response to a New York Instances investigation in March 2024, the knowledge was shared with two knowledge brokers, LexisNexis Danger Options and Verisk, that labored with the insurance coverage trade to generate danger profiles and improve auto insurance coverage charges for some drivers.
In a press release, Basic Motors mentioned it had already discontinued the “Good Driver” knowledge assortment program in April 2024 “as a consequence of buyer suggestions.” The corporate mentioned clients might entry and delete their private data via a U.S. Client Privateness Request Type on its web site.
The FTC has additionally ordered web site internet hosting supplier GoDaddy to implement a complete data safety program to overtake its “unreasonable safety practices” that led to a number of buyer knowledge breaches between 2019 and 2022. GoDaddy has not admitted to any wrongdoing, nor has it been fined.
“GoDaddy has didn’t implement cheap and acceptable safety measures to guard and monitor its website-hosting environments for safety threats, and misled clients in regards to the extent of its knowledge safety protections on its web site internet hosting companies,” the FTC mentioned.
The company identified that GoDaddy didn’t correctly handle its belongings and stock; patch its software program; assess dangers to its internet hosting companies; use multi-factor authentication; log security-related occasions; monitor for safety threats; section its community; and safe connections to companies offering entry to shopper knowledge.
The patron safety company has since additionally introduced amendments to on-line privateness safeguards for kids underneath the Kids’s On-line Privateness Safety Rule (COPPA) that require acquiring verifiable parental consent previous to processing their knowledge for promoting functions or sharing it with third-parties.
Moreover, the rule imposes new knowledge retention insurance policies, necessitating that firms solely retain kids’s data “for so long as moderately vital to meet a particular function for which it was collected.”
“By requiring dad and mom to choose in to focused promoting practices, this ultimate rule prohibits platforms and repair suppliers from sharing and monetizing kids’s knowledge with out lively permission,” FTC Chair Lina M. Khan mentioned.
