Austrian privateness non-profit None of Your Enterprise (noyb) has filed complaints accusing firms like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating information safety rules within the European Union by unlawfully transferring customers’ information to China.
The advocacy group is in search of a direct suspension of such transfers, stating the businesses in query can’t protect person information from being probably accessed by the Chinese language authorities. The complaints have been filed in Austria, Belgium, Greece, Italy, and the Netherlands.
“Given that China is an authoritarian surveillance state, it is crystal clear that China doesn’t offer the same level of data protection as the E.U.,” Kleanthi Sardeli, information safety lawyer at noyb, mentioned. “Transferring Europeans’ personal data is clearly unlawful – and must be terminated immediately.”
Noyb famous that the businesses haven’t any selection however to adjust to Chinese language authorities’ requests for entry to information, and that Beijing lacks an unbiased information safety authority to boost points associated to authorities surveillance.
It additionally mentioned not one of the firms responded to its entry requests underneath the Normal Knowledge Safety Regulation (GDPR) to hunt readability on the character of information transfers, and if they’re transmitted to China or another nation exterior of the E.U.
“According to their privacy policy, AliExpress, SHEIN, TikTok, and Xiaomi transfer data to China,” noyb mentioned. “Temu and WeChat mention transfers to third countries. According to Temu and WeChat’s corporate structure, this most likely includes China.”
The event comes as ByteDance-owned TikTok is making ready to close down its app within the U.S. beginning January 19, 2025, when a federal ban on the social media platform is scheduled to return into impact.
In latest months, noyb has filed GDPR-related complaints in opposition to Google, Microsoft, and Mozilla for monitoring customers with out consent by means of Privateness Sandbox, Xandr, and Firefox, respectively.
FTC Takes Actions In opposition to Normal Motors and GoDaddy
The complaints additionally coincide with the U.S. Federal Commerce Fee (FTC) banning automaker Normal Motors from disclosing information that it collects from drivers, together with geolocations and driver conduct info, to client reporting businesses for 5 years for sharing such information with out their affirmative consent.
In keeping with a New York Instances investigation in March 2024, the knowledge was shared with two information brokers, LexisNexis Threat Options and Verisk, that labored with the insurance coverage trade to generate danger profiles and enhance auto insurance coverage charges for some drivers.
In an announcement, Normal Motors mentioned it had already discontinued the “Smart Driver” information assortment program in April 2024 “due to customer feedback.” The corporate mentioned clients may entry and delete their private info by means of a U.S. Client Privateness Request Type on its web site.
The FTC has additionally ordered web site internet hosting supplier GoDaddy to implement a complete info safety program to overtake its “unreasonable security practices” that led to a number of buyer information breaches between 2019 and 2022. GoDaddy has not admitted to any wrongdoing, nor has it been fined.
“GoDaddy has failed to implement reasonable and appropriate security measures to protect and monitor its website-hosting environments for security threats, and misled customers about the extent of its data security protections on its website hosting services,” the FTC mentioned.
The company identified that GoDaddy did not correctly handle its property and stock; patch its software program; assess dangers to its internet hosting companies; use multi-factor authentication; log security-related occasions; monitor for safety threats; section its community; and safe connections to companies offering entry to client information.
The buyer safety company has since additionally introduced amendments to on-line privateness safeguards for youngsters underneath the Kids’s On-line Privateness Safety Rule (COPPA) that require acquiring verifiable parental consent previous to processing their information for promoting functions or sharing it with third-parties.
Moreover, the rule imposes new information retention insurance policies, necessitating that firms solely retain youngsters’s info “for as long as reasonably necessary to fulfill a specific purpose for which it was collected.”
“By requiring parents to opt in to targeted advertising practices, this final rule prohibits platforms and service providers from sharing and monetizing children’s data without active permission,” FTC Chair Lina M. Khan mentioned.
