Lazarus Group’s Operation 99 Targets Web3 Developers with Fake LinkedIn Profiles and Malware
January 16, 2025
Spear Phishing Campaign by Russian Star Blizzard Targets WhatsApp Accounts
January 18, 2025
In a significant move, the Austrian privacy advocacy organization None of Your Business (noyb) has filed complaints against several major tech companies, including TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi. The allegations point to unlawful data transfers from the European Union (EU) to China, citing violations of EU data protection regulations.
The Issue at Hand
The crux of the issue revolves around the transfer of user data from the EU to China. Noyb argues that, given China’s status as an authoritarian state with a lack of independent data protection authorities, these transfers are inherently risky. The group points out that Chinese authorities can demand access to personal data at any time, leaving EU citizens’ information vulnerable to surveillance.
Kleanthi Sardeli, a data protection lawyer at noyb, emphasized the disparity between data protection in the EU and China, stating, “Given that China is an authoritarian surveillance state, it is crystal clear that China doesn’t offer the same level of data protection as the EU. Transferring Europeans’ personal data is clearly unlawful – and must be terminated immediately.”
The organization has filed these complaints in several EU countries, including Austria, Belgium, Greece, Italy, and the Netherlands. Noyb is seeking an immediate halt to the data transfers, arguing that companies such as TikTok, AliExpress, SHEIN, and Xiaomi have openly acknowledged transferring data to China. In the cases of Temu and WeChat, Noyb believes their corporate structures imply that data transfers to China are likely as well.
GDPR Violations and Lack of Transparency
Noyb’s complaints are based on the violation of the General Data Protection Regulation (GDPR), which governs the handling of personal data in the EU. Despite GDPR’s requirement for companies to disclose information about data transfers, none of the companies involved have responded to noyb’s access requests. This lack of transparency is a key concern for privacy advocates, as it suggests these companies may not be fully transparent with users about where their data is going.
In response to these concerns, Noyb pointed out that some companies, including TikTok, explicitly mention in their privacy policies that they transfer user data to China. Similarly, AliExpress, SHEIN, and Xiaomi have acknowledged such transfers, while Temu and WeChat only mention third countries, which, according to their corporate structure, most likely include China.
Other Legal Developments in Privacy Protection
This lawsuit comes at a time when privacy regulations are under increasing scrutiny across the globe. Notably, the U.S. Federal Trade Commission (FTC) has taken action against General Motors and GoDaddy for violations related to consumer privacy.
- General Motors’ Privacy Breach
General Motors (GM) has been banned by the FTC from sharing driver data with consumer reporting agencies for five years. The data, which included geolocation and driver behavior information, was shared with data brokers LexisNexis Risk Solutions and Verisk to influence auto insurance rates. The FTC’s decision follows an investigation that found GM had collected and shared this data without drivers’ explicit consent. The company has since discontinued its “Smart Driver” data collection program. - GoDaddy’s Security Failures
GoDaddy, a major web hosting provider, has also faced repercussions from the FTC. The company has been ordered to implement a comprehensive information security program to address its failure to protect customer data adequately. GoDaddy’s multiple data breaches between 2019 and 2022 were attributed to its poor security practices, including a failure to patch software vulnerabilities, implement multi-factor authentication, and manage assets properly.
Additionally, the FTC has made changes to the Children’s Online Privacy Protection Act (COPPA), strengthening privacy protections for minors by requiring verifiable parental consent before processing children’s data for advertising or sharing it with third parties.
The Push for Stronger Privacy Laws
As data privacy concerns continue to mount, noyb’s legal actions highlight the pressing need for stronger data protection laws. These cases underscore the growing tension between international data flows, corporate transparency, and the ability of governments to protect their citizens’ privacy. The ongoing battles, both in the EU and U.S., demonstrate the importance of rigorous oversight and regulation when it comes to personal data.
