Austrian privateness non-profit None of Your Enterprise (noyb) has filed complaints accusing corporations like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating information safety rules within the European Union by unlawfully transferring customers’ information to China.
The advocacy group is searching for an instantaneous suspension of such transfers, stating the businesses in query can not defend person information from being probably accessed by the Chinese language authorities. The complaints have been filed in Austria, Belgium, Greece, Italy, and the Netherlands.
“Provided that China is an authoritarian surveillance state, it’s crystal clear that China would not provide the identical stage of knowledge safety because the E.U.,” Kleanthi Sardeli, information safety lawyer at noyb, stated. “Transferring Europeans’ private information is clearly illegal – and should be terminated instantly.”
Noyb famous that the businesses haven’t any alternative however to adjust to Chinese language authorities’ requests for entry to information, and that Beijing lacks an unbiased information safety authority to boost points associated to authorities surveillance.
It additionally stated not one of the corporations responded to its entry requests underneath the Basic Knowledge Safety Regulation (GDPR) to hunt readability on the character of knowledge transfers, and if they’re transmitted to China or every other nation outdoors of the E.U.
“Based on their privateness coverage, AliExpress, SHEIN, TikTok, and Xiaomi switch information to China,” noyb stated. “Temu and WeChat point out transfers to 3rd nations. Based on Temu and WeChat’s company construction, this most certainly contains China.”
The event comes as ByteDance-owned TikTok is getting ready to close down its app within the U.S. beginning January 19, 2025, when a federal ban on the social media platform is scheduled to come back into impact.
In latest months, noyb has filed GDPR-related complaints towards Google, Microsoft, and Mozilla for monitoring customers with out consent via Privateness Sandbox, Xandr, and Firefox, respectively.
FTC Takes Actions In opposition to Basic Motors and GoDaddy
The complaints additionally coincide with the U.S. Federal Commerce Fee (FTC) banning automaker Basic Motors from disclosing information that it collects from drivers, together with geolocations and driver habits info, to client reporting businesses for 5 years for sharing such information with out their affirmative consent.
Based on a New York Instances investigation in March 2024, the knowledge was shared with two information brokers, LexisNexis Danger Options and Verisk, that labored with the insurance coverage business to generate threat profiles and enhance auto insurance coverage charges for some drivers.
In a press release, Basic Motors stated it had already discontinued the “Good Driver” information assortment program in April 2024 “as a consequence of buyer suggestions.” The corporate stated clients may entry and delete their private info via a U.S. Shopper Privateness Request Kind on its web site.
The FTC has additionally ordered web site internet hosting supplier GoDaddy to implement a complete info safety program to overtake its “unreasonable safety practices” that led to a number of buyer information breaches between 2019 and 2022. GoDaddy has not admitted to any wrongdoing, nor has it been fined.
“GoDaddy has did not implement cheap and applicable safety measures to guard and monitor its website-hosting environments for safety threats, and misled clients concerning the extent of its information safety protections on its web site internet hosting providers,” the FTC stated.
The company identified that GoDaddy did not correctly handle its belongings and stock; patch its software program; assess dangers to its internet hosting providers; use multi-factor authentication; log security-related occasions; monitor for safety threats; section its community; and safe connections to providers offering entry to client information.
The buyer safety company has since additionally introduced amendments to on-line privateness safeguards for kids underneath the Kids’s On-line Privateness Safety Rule (COPPA) that require acquiring verifiable parental consent previous to processing their information for promoting functions or sharing it with third-parties.
Moreover, the rule imposes new information retention insurance policies, necessitating that corporations solely retain youngsters’s info “for so long as fairly obligatory to satisfy a selected goal for which it was collected.”
“By requiring mother and father to decide in to focused promoting practices, this remaining rule prohibits platforms and repair suppliers from sharing and monetizing youngsters’s information with out lively permission,” FTC Chair Lina M. Khan stated.