After problems in the United States, Tiktok is now the subject of a complaint by the activist group Nyob (None Of Your Business) for illegally transferring personal data to China. Photo: Solen Feyissa/Unsplash

After problems in the United States, Tiktok is now the subject of a complaint by the activist group Nyob (None Of Your Business) for illegally transferring personal data to China. Photo: Solen Feyissa/Unsplash

Noyb, Max Schrems' NGO focusing on the protection of personal data, announced on Thursday that it had filed complaints in five European countries against six Chinese companies--Tiktok, Aliexpress, Shein, Temu, Wechat and Xiaomi--which it accuses of illegally transferring European data.

“While four of them openly admit to sending Europeans’ personal data to China, the other two say that they transfer data to undisclosed ‘third countries’. As none of the companies responded adequately to the complainants’ access requests, we have to assume that this includes China,” Noyb in a press release on 16 January 2025. “But EU law is clear: data transfers outside the EU are only allowed if the destination country doesn’t undermine the protection of data. Given that China is an authoritarian surveillance state, companies can’t realistically shield EU users’ data from access by the Chinese government. After issues around US government access, the rise of Chinese apps opens a new front for EU data protection law.”

Tiktok and Xiaomi in Greece, Shein in Italy, Aliexpress in Belgium, Wechat in the Netherlands and Temu in Austria have received this letter.

For example, , Nyob stated, “confirm this risk of Chinese authorities requesting and obtaining (unlimited) access to personal data in practice. According to these documents, authorities request access to personal data on a very large scale, while in the same time span, EU/EEA authorities only had a handful of requests. Also, Xiaomi almost always complies (or has to comply) with these Chinese authorities’ requests. On top of that, it is almost impossible for foreign users to exercise their rights under Chinese data protection law. The country doesn’t have a dedicated and independent data protection authority or another tribunal to raise government surveillance issues and the scope and application of the laws are unclear.”

Noyb is also calling on companies to bring their processing into compliance with the GDPR and on data protection authorities to impose an administrative fine to prevent similar breaches in the future. This fine can be up to 4% of global turnover, or €147m (annual revenue of €3.68bin) for Aliexpress or €1.35bn (annual revenue of €33.84bn) for Temu.

Xiaomi Reuters that it was “examining the allegations and will fully cooperate with authorities to resolve the matter if they approach the company due to this complaint.”

Tiktok owner Bytedance has repeatedely stated that it does not share user data with the Chinese government. Wechat and the e-commerce firms have previously said they comply with local regulations.

Read the original French-language version of this news report /

Related articles