GuiGui's Show

Today, noyb has filed GDPR complaints against TikTok, AliExpress, SHEIN, Temu, WeChat and Xiaomi for unlawful data transfers to China. While four of them openly admit to sending Europeans’ personal data to China, the other two say that they transfer data to undisclosed “third countries”. As none of the companies responded adequately to the complainants’ access requests, we have to assume that this includes China. But EU law is clear: data transfers outside the EU are only allowed if the destination country doesn’t undermine the protection of data. Given that China is an authoritarian surveillance state, companies can’t realistically shield EU users’ data from access by the Chinese government. […]

[…]

High risk of data access by authorities. Xiaomi’s transparency reports confirm this risk of Chinese authorities requesting and obtaining (unlimited) access to personal data in practice. According to these documents, authorities request access to personal data on a very large scale, while in the same time span, EU/EEA authorities only had a handful of requests. Also, Xiaomi almost always complies (or has to comply) with these Chinese authorities’ requests. On top of that, it is almost impossible for foreign users to exercise their rights under Chinese data protection law. The country doesn’t have a dedicated and independent data protection authority or another tribunal to raise government surveillance issues and the scope and application of the laws are unclear.

#RGPD #transferts #Chine