.%20The%20background%20is%20split_%20one%20side%20shows%20the%20EU%20flag%20with%20a%20'.webp)
In a significant crackdown on data privacy violations, Austrian privacy advocacy group None of Your Business (noyb) has filed multiple complaints against tech giants TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi. The organization alleges that these companies have violated the European Union's data protection regulations by illegally transferring user data to China.
Noyb is demanding an immediate halt to these data transfers, arguing that the companies in question cannot guarantee that European user data remains protected from potential access by the Chinese government. The lawsuits have been filed in Austria, Belgium, Greece, Italy, and the Netherlands.
China’s Data Privacy Concerns and GDPR Violations
"Given that China is an authoritarian surveillance state, it is crystal clear that China doesn't offer the same level of data protection as the E.U.," said Kleanthi Sardeli, a data protection lawyer at noyb. "Transferring Europeans' personal data is clearly unlawful – and must be terminated immediately."
The advocacy group stressed that these companies are legally obligated to comply with data access requests from Chinese authorities. Furthermore, China lacks an independent data protection authority to address government surveillance concerns.
Adding to the concerns, noyb revealed that none of the accused companies responded to data access requests under the General Data Protection Regulation (GDPR). These requests aimed to clarify whether and how user data was being transmitted to China or other non-EU nations.
According to noyb, privacy policies of AliExpress, SHEIN, TikTok, and Xiaomi explicitly confirm data transfers to China. Meanwhile, Temu and WeChat acknowledge data transfers to unspecified "third countries," which likely include China due to their corporate structures.
TikTok Faces Increasing Regulatory Scrutiny
This legal action comes at a time when TikTok, owned by ByteDance, is facing increasing scrutiny over data security concerns. The platform is set to be banned in the U.S. starting January 19, 2025, under a federal law aimed at restricting Chinese access to American user data.
In recent months, noyb has also lodged GDPR-related complaints against major tech companies like Google, Microsoft, and Mozilla. These complaints claim that the firms have been tracking users without consent through Privacy Sandbox, Xandr, and Firefox.
FTC Cracks Down on General Motors and GoDaddy
The lawsuits coincide with new regulatory actions taken by the U.S. Federal Trade Commission (FTC) against major corporations.
General Motors Faces Restrictions on Data Sharing
The FTC has prohibited automaker General Motors from sharing driver data—including geolocation and behavior tracking—with consumer reporting agencies for the next five years. The ruling follows an investigation that revealed GM had been providing such data to brokers like LexisNexis Risk Solutions and Verisk, which in turn used it to generate risk profiles for auto insurance pricing.
In response, General Motors stated that it had already discontinued its "Smart Driver" data collection program in April 2024 due to customer feedback. The company assured customers that they could review and delete their personal data through its U.S. Consumer Privacy Request Form.
GoDaddy Ordered to Strengthen Security Practices
The FTC has also mandated that website hosting provider GoDaddy implement an extensive cybersecurity overhaul after multiple data breaches between 2019 and 2022 exposed customer information. Although GoDaddy has not admitted to wrongdoing, the FTC found that the company failed to implement robust security measures, including multi-factor authentication, software patching, and real-time security monitoring.
The agency criticized GoDaddy for misleading customers about its data security protections, failing to properly segment its network, and neglecting key security best practices that could have prevented the breaches.
New COPPA Amendments Strengthen Child Privacy Protections
Additionally, the FTC has introduced amendments to the Children's Online Privacy Protection Rule (COPPA), requiring platforms to obtain verifiable parental consent before collecting or processing children's data for advertising purposes. The amendments also mandate stricter data retention policies, ensuring that companies only store children's personal data for as long as necessary.
"By requiring parents to opt in to targeted advertising practices, this final rule prohibits platforms and service providers from sharing and monetizing children's data without active permission," said FTC Chair Lina M. Khan.
Key Takeaways and Industry Impact
Regulatory pressure is intensifying on tech companies over data privacy, particularly concerning Chinese-owned platforms like TikTok and AliExpress.
Noyb’s lawsuits may set a precedent for stricter enforcement of GDPR, potentially reshaping how global companies handle EU user data.
The FTC's actions against General Motors and GoDaddy highlight growing scrutiny on data security and consumer privacy practices.
COPPA amendments signal a shift toward stronger child data protections, setting new legal benchmarks for tech companies.
With legal battles escalating across Europe and the U.S., companies handling consumer data must prioritize transparency, compliance, and security to avoid severe penalties and loss of user trust.