In a bold move to uphold data rights, Austrian privacy watchdog noyb filed formal complaints on Thursday against three Chinese tech giants—AliExpress, TikTok, and WeChat. The group alleged that these companies deliberately prevent European users from accessing a full copy of their personal data, in clear violation of the European Union’s General Data Protection Regulation (GDPR).
Chinese Platforms Accused of Withholding User Data
According to noyb (short for “None of Your Business”), the platforms in question aggressively collect personal information from users across Europe. However, when users attempt to retrieve their own data, the companies either deny full access or provide only partial records. This conduct, the group asserts, violates Article 15 of the GDPR, which guarantees all users the right to receive a complete and intelligible copy of their personal data.
Although most tech companies operating in the EU have developed tools that allow users to download their personal data, the Chinese firms named in these complaints appear to have intentionally avoided offering full transparency. As a result, users are left in the dark about the true extent of data collected, stored, and used about them.
Noyb Calls Out Hypocrisy in Data Practices
While announcing the complaints, noyb’s data protection lawyer, Kleanthi Sardeli, strongly criticized the companies. She stated, “TikTok, AliExpress, and WeChat love collecting as much data about you as possible—but vehemently refuse to give you full access as required by EU law.”
Clearly, Sardeli’s remarks highlight what privacy experts have long feared: that these platforms thrive on extensive data harvesting while simultaneously denying users their fundamental rights. By design, these platforms track browsing behavior, online purchases, social interactions, location data, device information, and even inferred preferences—all without giving users the tools to view or control this data comprehensively.
Legal Foundation: The Power of GDPR
Notably, the General Data Protection Regulation mandates that all data controllers must provide individuals with complete copies of any personal data held about them. This includes information gathered through user interaction, profiling, and automated systems. Moreover, the law requires that such data be delivered in a clear and understandable format within one month of a request.
Nevertheless, according to noyb’s findings, TikTok, AliExpress, and WeChat either failed to respond to data access requests or responded inadequately. In some cases, the companies simply ignored requests. In other instances, they offered limited information that omitted sensitive or valuable data, such as behavioral tracking logs and device identifiers.
A Pattern of Privacy Violations by Tech Giants
Although these complaints target Chinese companies, this is not the first time noyb has gone after tech giants. Over the years, the organization has filed complaints against major U.S.-based firms, including Meta (formerly Facebook), Alphabet (Google), and Apple. These efforts have triggered regulatory investigations, some of which resulted in multi-billion-euro fines and sweeping reforms in data management practices.
Notably, noyb has consistently called attention to companies that fail to respect privacy laws while profiting heavily from user data. Its work has pushed both regulators and companies to treat digital rights as non-negotiable.
January Complaints Marked Broader Action
Significantly, these latest complaints follow a similar legal push from January 2025, when noyb filed cases against six Chinese tech firms. At the time, the advocacy group urged EU regulators to halt all data transfers to China. They also recommended issuing penalties of up to 4% of global revenue—the highest allowable fine under GDPR provisions.
Noyb argued that such penalties were essential to compel meaningful change. In particular, they emphasized the danger of personal data being sent to jurisdictions like China, where government surveillance laws, such as the 2017 National Intelligence Law, demand that local companies hand over data upon request.
Transferring Data to China Sparks Security Concerns
Beyond privacy, the issue of data transfers to China has raised serious national security questions. Many European policymakers have voiced growing concern that personal data from EU citizens could end up in the hands of the Chinese government. Since Chinese law requires tech companies to cooperate with state intelligence agencies, European regulators fear that user data could be exploited for surveillance or even geopolitical manipulation.
Consequently, calls for stricter enforcement and even bans on data exports to China have intensified. Some lawmakers have suggested that the EU should mandate data localization—requiring companies to store European user data only within EU borders to prevent access by foreign governments.
What’s Next: Enforcement and Potential Fines
Now that noyb has filed these new complaints, data protection authorities in various EU countries will begin formal investigations. If regulators determine that TikTok, AliExpress, and WeChat violated the GDPR, they could impose severe financial penalties and force the companies to update their data access tools immediately.
Furthermore, regulators may also prohibit any future data transfers to China, especially if the companies fail to guarantee strong privacy safeguards. Such decisions could have far-reaching implications for how Chinese tech companies operate within the European market.
Noyb’s Mission: Holding Big Tech Accountable
Ultimately, noyb’s goal remains clear: to ensure that every company operating in the EU, regardless of origin, complies fully with the law. According to the group, user rights must come before corporate interests. By standing up to powerful platforms, noyb continues to defend the core principles of digital democracy—transparency, fairness, and control over one’s own information.
As this legal fight unfolds, the cases could set a powerful precedent. Not only could the outcome shape future relations between the EU and Chinese tech firms, but it may also influence global discussions on cross-border data protection and ethical technology use.
Conclusion: A Defining Moment for Data Rights in Europe
In summary, the complaints filed by noyb underscore a critical issue at the intersection of privacy, technology, and international law. European citizens have a right to know what data companies collect about them—and they have a right to receive that data in full. If platforms like TikTok, WeChat, and AliExpress want to continue operating in the EU, they must respect these rights without exception.
Moving forward, the pressure will mount on regulators to take decisive action. At the same time, global tech firms—whether based in China or the West—will need to adapt or face consequences. Through strong legal advocacy and unwavering commitment, groups like noyb are making it clear: the age of unchecked data harvesting is coming to an end.
