Austrian privateness non-profit None of Your Enterprise (noyb) has filed complaints accusing firms like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating information safety rules within the European Union by unlawfully transferring customers’ information to China.
The advocacy group is in search of a direct suspension of such transfers, stating the businesses in query can’t protect person information from being probably accessed by the Chinese language authorities. The complaints have been filed in Austria, Belgium, Greece, Italy, and the Netherlands.
“Provided that China is an authoritarian surveillance state, it’s crystal clear that China would not provide the identical stage of information safety because the E.U.,” Kleanthi Sardeli, information safety lawyer at noyb, mentioned. “Transferring Europeans’ private information is clearly illegal – and should be terminated instantly.”
Noyb famous that the businesses haven’t any alternative however to adjust to Chinese language authorities’ requests for entry to information, and that Beijing lacks an unbiased information safety authority to lift points associated to authorities surveillance.
It additionally mentioned not one of the firms responded to its entry requests below the Common Information Safety Regulation (GDPR) to hunt readability on the character of information transfers, and if they’re transmitted to China or every other nation exterior of the E.U.
“Based on their privateness coverage, AliExpress, SHEIN, TikTok, and Xiaomi switch information to China,” noyb mentioned. “Temu and WeChat point out transfers to 3rd international locations. Based on Temu and WeChat’s company construction, this almost definitely contains China.”
The event comes as ByteDance-owned TikTok is getting ready to close down its app within the U.S. beginning January 19, 2025, when a federal ban on the social media platform is scheduled to return into impact.
In latest months, noyb has filed GDPR-related complaints in opposition to Google, Microsoft, and Mozilla for monitoring customers with out consent by means of Privateness Sandbox, Xandr, and Firefox, respectively.
FTC Takes Actions In opposition to Common Motors and GoDaddy
The complaints additionally coincide with the U.S. Federal Commerce Fee (FTC) banning automaker Common Motors from disclosing information that it collects from drivers, together with geolocations and driver habits info, to shopper reporting companies for 5 years for sharing such information with out their affirmative consent.
Based on a New York Occasions investigation in March 2024, the knowledge was shared with two information brokers, LexisNexis Danger Options and Verisk, that labored with the insurance coverage trade to generate danger profiles and enhance auto insurance coverage charges for some drivers.
In an announcement, Common Motors mentioned it had already discontinued the “Sensible Driver” information assortment program in April 2024 “as a result of buyer suggestions.” The corporate mentioned prospects might entry and delete their private info by means of a U.S. Client Privateness Request Kind on its web site.
The FTC has additionally ordered web site internet hosting supplier GoDaddy to implement a complete info safety program to overtake its “unreasonable safety practices” that led to a number of buyer information breaches between 2019 and 2022. GoDaddy has not admitted to any wrongdoing, nor has it been fined.
“GoDaddy has did not implement affordable and acceptable safety measures to guard and monitor its website-hosting environments for safety threats, and misled prospects concerning the extent of its information safety protections on its web site internet hosting companies,” the FTC mentioned.
The company identified that GoDaddy did not correctly handle its belongings and stock; patch its software program; assess dangers to its internet hosting companies; use multi-factor authentication; log security-related occasions; monitor for safety threats; section its community; and safe connections to companies offering entry to shopper information.
The buyer safety company has since additionally introduced amendments to on-line privateness safeguards for youngsters below the Youngsters’s On-line Privateness Safety Rule (COPPA) that require acquiring verifiable parental consent previous to processing their information for promoting functions or sharing it with third-parties.
Moreover, the rule imposes new information retention insurance policies, necessitating that firms solely retain youngsters’s info “for so long as moderately obligatory to satisfy a selected objective for which it was collected.”
“By requiring mother and father to choose in to focused promoting practices, this remaining rule prohibits platforms and repair suppliers from sharing and monetizing youngsters’s information with out energetic permission,” FTC Chair Lina M. Khan mentioned.