Chinese firms TikTok, Shein, Xiaomi face EU data law breach claims

Austrian privacy advocacy group Noyb has filed a formal complaint against several Chinese tech giants, including TikTok's parent company ByteDance, Xiaomi, and Shein, accusing them of violating European Union (EU) data protection regulations by unlawfully transferring European users' personal data to China.

This marks Noyb’s first legal action targeting Chinese companies, having previously taken successful steps against major American firms like Apple, Meta, and Alphabet.

The group is now pushing for a suspension of data transfers to China, alongside fines that could amount to up to 4% of each company's global revenue.

The complaint involves ByteDance, Xiaomi, and Shein, as well as Alibaba's AliExpress, retailer Temu, and Tencent's WeChat. Noyb alleges that these companies send data from European users to China or undisclosed "third countries" likely linked to China.

The group is seeking greater transparency regarding how these companies handle personal data.

Under the EU’s General Data Protection Regulation (GDPR), data transfers outside of the EU are only permissible if the destination country provides an equivalent level of data protection. However, Noyb argues that China’s authoritarian government and its surveillance practices do not meet the standards set by the EU.

“Given that China is an authoritarian surveillance state, it is crystal clear that China doesn’t offer the same level of data protection as the EU,” said Kleanthi Sardeli, a data protection lawyer at Noyb. “Transferring Europeans’ data is unlawful and must be terminated immediately.”

The complaint highlights the ongoing tensions between Chinese tech companies and global regulators. TikTok, which ByteDance owns, has been under increasing scrutiny in multiple countries, facing regulatory challenges regarding data security and its role in potential election interference.

The European Commission has also investigated TikTok for its suspected failure to limit election interference during the Romanian presidential vote in November 2024.

Noyb's complaint is part of a growing push to enforce GDPR compliance more strictly and prevent companies from undermining user privacy protections. As the case progresses, the EU will closely monitor the issue, which could have significant implications for Chinese tech firms operating in Europe.

Meanwhile, NBC News reports that the Biden administration is actively exploring ways to prevent TikTok from being banned in the United States, a move scheduled to take effect on Sunday. According to sources familiar with the discussions, officials seek options to comply with the law while avoiding a complete app shutdown.

The potential closure could coincide with Biden’s last full day in office, while President-elect Donald Trump has indicated his readiness to address the issue after his inauguration.

The ban stems from a law requiring ByteDance, TikTok’s China-based parent company, to divest from the platform due to national security concerns. Lawmakers fear the Chinese government could misuse American users’ data or manipulate content.

As reported by NBC, TikTok has challenged the law in court, arguing it violates First Amendment rights. The company is also weighing options such as downgrading its services to maintain a limited presence in the US.