Newspicket.com Curating Insights, Reviews, and Stories That Matter
According to the latest news rumors, TikTok, AliExpress, and SHEIN surrender European data to China. Four of them openly admit to sending European data to China, while the other two say that they transfer data to undisclosed “third countries.”
As none of the companies responded adequately to the complainants’ access requests, we have to assume that this includes China.
However, EU law is clear: data transfers outside the EU are only allowed if the destination country doesn’t undermine data protection.
Given that China is an authoritarian surveillance state, companies can’t realistically shield EU users’ data from access by the Chinese government.
After issues around US government access, the rise of Chinese apps opens a new front for EU data protection law.
Did TikTok, AliExpress, SHEIN surrender Europeans’ data to China
Background: data transfers out of the EU only as an exception. In principle, companies are not allowed to transfer Europeans’ data outside of the EU. If, for whatever reason, they still need to do so, companies can rely on several exceptions (“derogations”).
However, if companies just outsource data out of convenience, they must meet strict requirements to ensure the security of personal data.
In countries like China, companies usually rely on “Standard Contractual Clauses” (SCCs). SCCs are a contract in which the Chinese recipient pledges to follow EU protections – even in China.
For this to be allowed, companies must conduct an impact assessment to verify that European’ data is secure in the destination country and that the SCCs do not conflict with national laws that require access to data.
Given that China is an authoritarian surveillance state, there is no adequacy decision and no company can provide such a guarantee. Chinese data protection laws do not limit the access by authorities in any way.
