Five Chinese companies including TikTok, Shein, Xiaomi, Temu and Alibaba are accused of sending our data to China, in violation of European laws on personal data. This is what emerges from the complaints filed by NOYB, the association founded by Max Schrems, the Austrian lawyer behind many disputes initiated against American digital giants.
In total, NOYB has filed six complaints in five different European countries: Greece, Italy, Austria, Belgium and the Netherlands. The organization is demanding that the alleged data transfers to China be suspended, with the added bonus of paying fines of up to 4% of the global turnover of the companies concerned.
4 out of 6 companies admit to transferring this data to China, according to NOYB
According to Max Schrems' association, the e-commerce site AliExpress owned by Alibaba, the ready-to-wear platform Shein, the social network TikTok and the smartphone manufacturer Xiaomi do indeed send the personal data of Europeans to China. This is clearly stated in their respective privacy policies.
Conversely, things are less clear for Temu, the controversial marketplace, where you can find both high-tech products and ready-to-wear made in China at knockdown prices, as well as for the WeChat messaging app owned by the Chinese giant Tencent. The two companies declare for their part that they transfer the data of their European users "to undisclosed “third countries”, likely to be China", the association advances.
No transfer of Europeans' data to a country that does not sufficiently protect our data
According to European law, a company is entitled to collect and send our personal data outside the European Union (EU), if the country in question has a level of data protection equivalent to that in force in Europe. In such a case, the European Commission issues an adequacy decision, an official text which recognizes that the law of the country in question protects our data as much as in Europe. Once this document is established, the data of Europeans can be transferred in complete security.
However, China is "an authoritarian state which practices surveillance"; This condition is therefore far from being met, underlines Kleanthi Sardeli, a lawyer within the association, quoted in the press release. And the organization lists all the points of discordance between Chinese and European law, such as the lack of recourse and information for users, or the disproportionate access of Chinese intelligence agencies to our data.
A data transfer that must be stopped immediately
“The transfer of personal data of Europeans is (therefore) clearly illegal and must be stopped immediately”, maintains the association’s lawyer. NOYB specifies, in particular for Xiaomi, that it is based on the transparency reports published by the smartphone manufacturer. The latter would show that "Chinese authorities request and obtain (unlimited) access to personal data (…) on a very large scale", with Xiaomi which "almost always complies with these Chinese laws".
A local law from 2017 in fact requires any Chinese company to collaborate with the country's intelligence agencies, including if it operates abroad - in the same way as the Cloud Act and the Fisa law which impose the same thing on American companies.
In return, Xiaomi told us, after the publication of this article, that the company had "taken note of the complaint", and that it would "examine the allegations made therein". For the smartphone manufacturer, "respect for user privacy has always been part of the (company's) core values, which include transparency, accountability, user oversight, security and legal compliance. Our privacy policy is designed to comply with applicable regulations such as GDPR," the manufacturer continues. The company adds that "user data is stored and processed in accordance with local laws." The company will cooperate "fully with the authority to resolve the issue," if requested by a national data protection authority.
Among the six companies singled out, some of them are already the subject of various investigations by Brussels. In addition to TikTok, which is under formal investigation by the European Commission, Temu is also in the crosshairs of the European regulator. Brussels wants to ensure "that the products sold comply with EU standards and do not endanger consumers", this time in the field of the DSA, the European regulation on digital services.
Editor's note, Thursday January 16 at 3:52 p.m.: After the publication of this article on January 16 around noon, Xiaomi sent us a press release whose terms were added in a penultimate paragraph.
0 Comments