EU Privacy Crackdown: NoYb Files Complaints Against TikTok, AliExpress, WeChat for GDPR Violations

In a significant escalation of privacy concerns, the Austrian advocacy group None of Your Business (noyb) has filed fresh complaints against Chinese tech giants TikTok, AliExpress, and WeChat for failing to comply with the European Union's General Data Protection Regulation (GDPR). This move underscores the ongoing tension between European privacy standards and the data practices of major Chinese technology firms.

Background of the Complaints​

Noyb, led by renowned privacy activist Max Schrems, has a history of challenging tech companies over data protection issues. In January 2025, the organization lodged complaints against six Chinese companies—TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi—alleging unlawful data transfers of European users' information to China. While some companies, such as SHEIN, Temu, and Xiaomi, provided additional information in response, TikTok, AliExpress, and WeChat reportedly continued to violate GDPR provisions. (noyb.eu)

Specific Allegations​

The core of noyb's recent complaints centers on the right of users to access their personal data, as stipulated in Article 15 of the GDPR. This article mandates that companies must provide individuals with a comprehensive copy of their personal data upon request. However, noyb asserts that:

• TikTok provided only partial data in an unstructured format, rendering it incomprehensible to the user.
• AliExpress supplied a defective file that could be opened only once.
• WeChat completely ignored the data access request.

These actions, according to noyb, impede European users from exercising their fundamental right to privacy and from understanding how their personal data is processed. (noyb.eu)

Broader Implications​

The complaints highlight a broader issue concerning data transfers to countries with differing privacy standards. Under the GDPR, transferring personal data outside the EU is permissible only if the destination country ensures an adequate level of data protection. Noyb argues that China's status as an authoritarian surveillance state means it does not offer the same level of data protection as the EU, making such transfers unlawful. (noyb.eu)
This situation is further complicated by Chinese laws that grant authorities extensive access to personal data, raising concerns about the security and privacy of European users' information once transferred to China.

Potential Consequences​

Noyb has filed these complaints with data protection authorities in Greece, Belgium, and the Netherlands, urging them to:

• Declare that TikTok, AliExpress, and WeChat have violated Articles 12 and 15 of the GDPR.
• Order the companies to fulfill the complainants' access requests.
• Impose administrative fines to prevent future violations.

Under the GDPR, fines can reach up to 4% of a company's global revenue. For instance, AliExpress, with an annual revenue of €3.68 billion, could face fines up to €147 million. (noyb.eu)

Industry Response​

As of now, TikTok and AliExpress have not responded to requests for comment. A spokesperson for Tencent, the owner of WeChat, stated that the company complies with regulations in the markets it operates and is committed to protecting user privacy and data security. (legal.economictimes.indiatimes.com)

Conclusion​

This development marks a critical juncture in the enforcement of data protection laws, emphasizing the challenges posed by global data transfers and the need for companies to adhere to regional privacy standards. The outcome of these complaints could have far-reaching implications for how international tech companies handle user data within the European Union.

---

Source: thestar.com.my TikTok hit by fresh complaint over data access