BlogsEU Privacy Group Challenges Chinese Data Transfer Practices

EU Privacy Group Challenges Chinese Data Transfer Practices

Privacy advocacy group noyb files multiple GDPR complaints against Chinese tech companies for illegal EU data transfers, citing significant risks of government surveillance and data protection violations.

Overview

Privacy advocacy group noyb has initiated major GDPR enforcement action against six Chinese tech companies including TikTok, AliExpress, and SHEIN for unlawful data transfers to China. The complaints highlight critical privacy vulnerabilities due to mandatory Chinese government access

Whom it may concern

  • EU Data Protection Authorities in 5 member states
  • Technology companies operating in EU markets
  • Data protection officers handling international transfers
  • Compliance teams managing GDPR requirements

Key Findings

  1. No legal basis for EU-China data transfers under GDPR Article 44
  1. Zero responses to GDPR access requests from targeted companies
  1. Lack of independent oversight in Chinese data protection framework
  1. Multiple privacy policies confirming direct data transfers to China

Risk Analysis

  • Probability: High (confirmed transfers in privacy policies)
  • Impact: Critical (potential access to EU citizen data by foreign government)
  • Scale: Affects millions of EU users
  • Compliance Gap: 100% violation of GDPR transfer mechanisms

Action Items

  • Immediate suspension of data transfers to China
  • Implementation of EU-approved transfer mechanisms
  • Enhanced transparency in privacy documentation
  • Mandatory response to GDPR access requests

Sources

  • [The Hacker News](https://thehackernews.com/2025/01/european-privacy-group-sues-tiktok-and.html)
Share this article

Stay up to date

Join my community and receive the latest risk news and trends.

ResourcesLegal