The Austrian privacy rights group noyb has lodged complaints accusing AliExpress, TikTok, and WeChat of violating EU data protection rules by restricting users’ access to their personal data.
Filed on 17 July 2025, the complaints target the companies for failing to meet obligations under Article 15 of the General Data Protection Regulation (GDPR), which entitles individuals to obtain a complete copy of their personal data.
According to noyb, these Chinese-owned platforms are deliberately making it difficult for users to access their data in full, a legal requirement across the European Union.
While many technology firms provide users with structured tools to download their data, noyb said TikTok, AliExpress, and WeChat either delivered incomplete data, delayed their responses, or provided files so disorganised that users could not understand them.
“TikTok, AliExpress and WeChat love collecting as much data about you as possible – but vehemently refuse to give you full access as required by EU law,” stated Kleanthi Sardeli, data protection lawyer at noyb.
In its complaint, noyb outlined the extent of each company’s alleged non-compliance:
- TikTok reportedly provided users with raw, unstructured data that lacked explanations on processing purposes, recipients, or cross-border transfers.
- AliExpress sent a corrupted data file that could only be accessed once and failed to engage meaningfully with further requests.
- WeChat responded after six months, offering generic instructions but none of the mandatory information concerning data transfers or safeguards.
This isn’t the first time noyb, short for “None of Your Business”, has challenged Chinese tech companies over data privacy violations. In January 2025, it filed complaints against six Chinese firms, including Shein, Temu, Xiaomi, AliExpress, TikTok, and WeChat, pointing to unlawful data transfers to China.
The advocacy group argued that China’s status as an “authoritarian surveillance state” makes it impossible for companies to guarantee that European user data won’t end up in government hands.
At the time, noyb demanded suspension of all data transfers to China and penalties of up to 4% of global revenue. If enforced, AliExpress could face a fine of €147 million, while Temu risks €1.35 billion.
EU regulators have issued more than 6,680 fines worth €4.2 billion since GDPR enforcement began in 2018. However, enforcement against non-European platforms has been inconsistent.
Noyb’s latest filings seek to pressure regulators into closing that gap, particularly as Chinese platforms continue their aggressive expansion into European markets.
Noyb has previously gone after U.S. tech giants like Apple, Alphabet, and Meta, contributing to regulatory investigations and billion-euro penalties.
The current cases are escalations against Chinese companies accused of privacy violations and undermining European digital sovereignty.
