TikTok's Privacy Concerns: Bans in the USA and GDPR Complaints in Europe

TikTok, the popular short-form video platform, has been under intense scrutiny globally due to privacy concerns and alleged data-sharing practices with China. Alongside TikTok, several other Chinese companies, including Temu, AliExpress, SHEIN, WeChat, and Xiaomi, face GDPR complaints filed by the Austrian privacy advocacy group "None of Your Business" (noyb) for unlawfully transferring European user data to China.

Privacy and Data Security Concerns Privacy concerns have been at the forefront of global regulatory action against TikTok. In the United States, bipartisan efforts have pushed for a ban on TikTok, citing national security risks. Lawmakers argue that the app’s parent company, ByteDance, could be compelled by China’s national security laws to hand over user data. These fears are exacerbated by allegations of surveillance and improper data collection. Similarly, in Europe, noyb’s recent filing of six GDPR complaints against Chinese companies, including TikTok, raises serious concerns about data privacy. Noyb's complaints highlight the unauthorized transfer of European citizens' data to China, where it could potentially be accessed by state authorities without proper safeguards or restrictions.

Details of GDPR Complaints Noyb filed complaints with data protection authorities (DPAs) in Greece, Italy, Belgium, the Netherlands, and Austria on behalf of users in those countries. The privacy advocacy group emphasized that China’s data collection practices are incompatible with the European Union's General Data Protection Regulation (GDPR). Under GDPR, data transfers outside the EU are only permitted if strict safeguards are in place to prevent unauthorized access.

These safeguards include: Proving that transferred data is protected at an equivalent level to EU standards. Ensuring that no government can access user data indiscriminately. However, according to noyb, companies like TikTok and Temu have failed to meet these requirements. Max Schrems, founder of noyb, stated, “Given that China is an authoritarian surveillance state, it is crystal clear that China doesn’t offer the same level of data protection as the EU.”

Specific GDPR Violations Noyb claims that TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi have violated several GDPR provisions,

including: Chapter V of GDPR: Governing data transfers to non-EU countries. Article 44: General principles for secure data transfers. Article 46: Failure to provide safeguards to protect user data. Article 15: Denying European users the right to access their data or explain how it is processed. These violations highlight systemic gaps in these companies’ compliance with GDPR, which requires full transparency and rigorous data security protocols.

The Risk to European Users The complaints emphasize that European users’ data, once transferred to China, could be accessed by the Chinese government without limitations. This is particularly alarming as GDPR is designed to protect users from such invasive practices. Noyb also pointed out that Xiaomi admitted in transparency reports that Chinese authorities could request and receive unlimited user data. Similarly, other platforms like TikTok have faced accusations of failing to prevent data from being accessed by Chinese-based engineers.

Additionally, European users report being ignored when requesting access to their data under GDPR Article 15. This undermines their fundamental right to know what personal information is held about them and how it is being used.

Fines and Penalties For companies found to be in violation of GDPR, the potential fines are steep. The law allows data protection authorities to impose penalties of up to 4% of a company’s global annual revenue. For Xiaomi, fines could reach $1.75 billion. For Temu, penalties could amount to $1.35 billion. If proven, these violations would set a significant precedent for holding large corporations accountable for cross-border data transfers.

TikTok’s Challenges in the United States In the U.S., TikTok has been banned on government devices in multiple states. Lawmakers argue that ByteDance’s ties to the Chinese government make the platform a security threat. The app faces potential bans at the federal level, especially after its CEO, Shou Zi Chew, testified before Congress to address privacy concerns. While TikTok has proposed measures like “Project Texas,” which promises to localize U.S. user data on servers operated by American companies, critics remain unconvinced about its effectiveness.

Broader Implications The scrutiny surrounding TikTok and other Chinese companies underscores growing concerns about digital sovereignty and privacy in a globally connected world. For Consumers: These developments highlight the importance of understanding where and how personal data is stored and used. For Companies: The growing regulatory pressure serves as a reminder that robust compliance with international privacy laws is non-negotiable. Platforms like TikTok have reshaped social media, but their global reach demands accountability and transparency to ensure users’ trust.

Conclusion The controversies surrounding TikTok’s data practices and the GDPR complaints against Chinese companies reflect a broader struggle to balance innovation with privacy. As noyb’s complaints progress, they could set a precedent for how global corporations handle data and operate under different jurisdictions. For now, users should remain vigilant about how their data is used and demand greater transparency from the platforms they engage with.