Chinese companies may violate GDPR

The Austrian privacy organization Noyb, founded by data protection activist Max Schrems in 2017, is ramping up its efforts to hold multinational tech giants accountable under the EU's General Data Protection Regulation (GDPR). The organization has previously won significant legal cases, including the well-known "Schrems I" and "Schrems II," where the European Court of Justice ruled that the EU's data transfer agreements with the US do not meet the union's fundamental rights.

Now, NOYB is turning its focus to China. The organization has filed six new complaints of GDPR violations, this time against major Chinese tech companies. Tiktok and Xiaomi have been reported in Greece, WeChat in the Netherlands, Temu in Austria, Shein in Italy, and AliExpress in Belgium.

According to Noyb, these companies systematically transfer EU citizens' personal data to servers in China, where it is believed that there are no realistic possibilities to prevent the Chinese state from accessing the data. The organization describes China as an "authoritarian surveillance state" and argues that no company can guarantee the data protection required by GDPR.

GDPR allows the transfer of personal data to third countries if companies can demonstrate that the data is protected at a level equivalent to that within the EU. Noyb argues that this is not possible in China, and that the companies in question are therefore violating European legislation.

Furthermore, none of the six companies have responded to Noyb's request for information on how the personal data is handled and which countries it is sent to. This in itself violates EU citizens' right to know what data is stored about them and how it is processed.

Max Schrems comments on the situation: "It is unacceptable for companies to ignore fundamental data protection laws when operating within the EU. We must ensure that our personal data does not end up in the wrong hands."

The complaints could lead to significant consequences for the companies involved, including high fines and restrictions on their operations within the EU.