Austrian Privacy Group Noyb Slams AliExpress, TikTok, and WeChat Over GDPR Violations

Austrian privacy advocacy group noyb (None of Your Business) has fired a fresh volley at Chinese tech giants AliExpress, TikTok, and WeChat, accusing them of brazenly violating EU data privacy laws under the General Data Protection Regulation (GDPR). This clash exposes deep flaws in how some global tech firms handle user data, while also spotlighting the urgent need for decentralized solutions that could rewrite the rules of privacy.

• GDPR Violations: Noyb alleges these companies breach Article 15 by denying users full access to their personal data.
• Complaint Filings: Actions lodged with data protection authorities in Belgium, Greece, and the Netherlands.
• Bigger Picture: Builds on earlier 2025 complaints over data transfers to China, highlighting systemic privacy concerns.

Breaking Down the Violations: A Middle Finger to User Rights?

The GDPR, rolled out in 2018, stands as the EU’s ironclad shield for personal data, empowering users with rights like accessing the information companies hold on them through Article 15. Non-compliance can sting hard, with fines reaching up to 4% of a company’s global revenue—a financial gut punch meant to enforce accountability. Yet, according to noyb, founded by privacy warrior Max Schrems, AliExpress, TikTok, and WeChat are thumbing their noses at these rules. Complaints filed in Belgium, Greece, and the Netherlands detail a litany of failures: TikTok dishes out incomplete, jumbled data that’s near useless; AliExpress provides a broken file that users can access just once before it disappears without a trace; and WeChat takes the cake by flat-out ignoring requests altogether. Imagine requesting your own data, only to get a digital mess or absolute silence—infuriating, isn’t it?

These aren’t one-off slip-ups. They’re part of a troubling trend noyb has been tracking. Back in January 2025, the group targeted these same companies alongside SHEIN and Temu for unauthorized data transfers to China, demanding penalties that could hit billions for a firm like TikTok, whose parent ByteDance boasts annual revenues over $110 billion (meaning a 4% fine could near $4.4 billion). While SHEIN, Temu, and Xiaomi showed some cooperation by offering additional data during proceedings, TikTok, AliExpress, and WeChat seem content to double down on defiance. For noyb, this isn’t just negligence—it’s a deliberate sidestep of EU law, eroding user trust in the process, as detailed in their latest actions against Chinese tech firms.

“The GDPR makes it clear that companies must give their users specific information about the data they are processing about them. Just because they receive a lot of requests doesn’t mean they can withhold information.” – Kleanthi Sardeli, data protection lawyer at noyb.

China’s Role in Data Privacy Conflicts: A Geopolitical Flashpoint

At the heart of this storm lies a glaring issue: data transfers to China. EU regulations strictly limit sending personal data to countries where protections fall short, and China’s national security laws—allowing government access to corporate data—raise massive red flags. This isn’t theoretical. Ireland’s Data Protection Commissioner (DPC) hammered TikTok with a 530 million euro fine in May 2025 for failing to shield EU user data from potential Chinese government reach, as reported in recent updates on GDPR enforcement. TikTok, with over 175 million European users, recently admitted to storing some EU data in China before deleting it, a blunder that only fuels noyb’s fire. Though TikTok claims it now uses EU-approved contractual clauses for limited remote access by Chinese staff and stores data in dedicated European and U.S. centers, regulators remain skeptical. Graham Doyle, Deputy Commissioner at the DPC, stressed they’re taking these developments “very seriously,” hinting at more penalties on the horizon.

But is there a double standard at play? Some skeptics point out that TikTok’s cultural clout and massive user base make it a juicier target than, say, SHEIN or Temu, despite similar data transfer concerns. Could this be less about privacy and more about Western competitors like Meta or X nudging regulators to kneecap a rival? On the flip side, TikTok’s repeated violations and sheer scale—touching nearly a third of Europe’s population—justify the spotlight. Community discussions on platforms like Reddit highlight security concerns with TikTok and the geopolitical tensions at play. Regardless, the core problem persists: if user data isn’t safe under EU law, trust in digital platforms crumbles, affecting everything from social media to emerging tech like crypto apps.

Historical Context: GDPR Fines as a Wake-Up Call

This isn’t the first time GDPR has bared its teeth, nor is TikTok a stranger to the penalty box. In 2023, Ireland’s DPC slapped TikTok with a 345 million euro fine for mishandling children’s data, part of a string of actions against tech giants. Meta, for instance, copped a record 1.2 billion euro fine in 2023 for unlawful EU-US data transfers, a case also driven by noyb’s activism through Schrems’ earlier legal battles (notably Schrems II, which invalidated the EU-US Privacy Shield). These precedents show the EU isn’t bluffing—regulators are willing to hit hard, especially when data crosses borders to less secure jurisdictions. For Chinese tech firms, the pattern of non-compliance risks not just fines but reputational damage, particularly as public awareness of privacy issues grows, with platforms like Quora hosting debates on TikTok’s privacy challenges.

Noyb’s track record adds weight to their latest push. Schrems and his team have consistently dragged big tech to the mat, forcing systemic changes in how data is handled globally. Their focus on Chinese companies signals a broader clash between EU privacy standards and the operational realities of firms tied to jurisdictions with conflicting laws. It’s a slow-burning war, and each fine or complaint builds the case for stricter enforcement, as seen in detailed analyses of GDPR violations by TikTok, AliExpress, and WeChat.

What’s Next for EU Enforcement?

Looking ahead, noyb isn’t just seeking apologies—they want blood in the form of official declarations of GDPR violations, orders for compliance, and administrative fines that could dwarf past penalties. With Ireland’s DPC already flexing muscle and other national authorities in Belgium, Greece, and the Netherlands reviewing the complaints, we could see coordinated action by late 2025 or early 2026. TikTok’s own warning that such rulings could have “far-reaching consequences” for global companies in Europe hints at industry fears: overly stringent enforcement might reshape how tech operates in the EU, potentially pushing firms to rethink data strategies or face exclusion from a 450-million-strong market. Online forums like Reddit also discuss the EU’s inconsistent action on TikTok, reflecting public frustration with enforcement delays.

Yet, enforcement timelines are notoriously sluggish, often stretching over years due to legal appeals and bureaucratic gridlock. For users, this means delayed justice, while companies might gamble on stalling tactics over compliance costs. If noyb’s push gains traction, though, it could set a precedent not just for Chinese tech but for any global player skirting GDPR—potentially impacting crypto platforms under EU scrutiny for data handling practices as well.

Decentralized Solutions: A Crypto Perspective on Privacy

For those of us rooting for Bitcoin and decentralized tech, this mess with centralized tech giants is a glaring reminder of why we’re in this fight. Data privacy scandals like these aren’t just corporate failures—they’re proof that entrusting personal information to black-box systems is a losing bet. What if users could control their own data through blockchain-based tools instead? Think of self-sovereign identity (SSI), a concept where you own your digital ID, verified on a blockchain without relying on a company like TikTok or WeChat. Projects like uPort or Civic are already exploring this, letting users store and share personal info securely, cutting out middlemen prone to GDPR violations or government overreach.

Here’s the rub: blockchain isn’t a silver bullet yet. Adoption remains low, usability is clunky for non-techies, and regulatory uncertainty looms—ironic, given we’re discussing EU rules. Still, the potential is undeniable. Bitcoin itself revolutionized money by removing centralized control; extending that ethos to data could flip the script on privacy. Imagine a world where your social media footprint or shopping history isn’t hoarded by a server in China but encrypted and controlled by you. That’s the kind of disruption we champion—effective acceleration toward a freer, more private digital future. These GDPR battles, as covered in reports like noyb’s complaints against AliExpress, TikTok, and WeChat, are a wake-up call: centralized systems will keep failing us until decentralized alternatives scale up.

Key Questions and Takeaways for Crypto and Privacy Enthusiasts

• What are TikTok’s GDPR violations in 2025?
  TikTok is accused of providing incomplete, unstructured data to users, failing to meet GDPR Article 15 requirements for full access to personal information.
• How do AliExpress and WeChat breach EU data privacy laws?
  AliExpress allegedly offers broken, one-time-access data files, while WeChat completely ignores user requests, both violating GDPR user access rights.
• Why are data transfers to China a major concern under GDPR?
  EU law restricts data transfers to countries lacking strong privacy protections; China’s laws allowing government access directly conflict with GDPR standards.
• Could TikTok data privacy scandals impact trust in digital platforms?
  Yes, repeated violations shake confidence in all digital systems, potentially driving users toward blockchain or decentralized platforms for better privacy control.
• Are Chinese tech firms like TikTok unfairly targeted over GDPR compliance?
  Some argue TikTok’s cultural impact makes it a bigger target than SHEIN or Temu, but its massive user base and consistent violations warrant scrutiny.
• How can blockchain offer solutions to these privacy issues?
  Blockchain enables self-sovereign identity and encrypted data storage, empowering users to own their information rather than relying on flawed centralized systems.

As noyb wages war on AliExpress, TikTok, and WeChat, we’re witnessing more than a legal skirmish—it’s a stark expose of centralized data hoarding’s fatal flaws. GDPR enforcement is a necessary stick, but it’s still a Band-Aid on a broken system. For the Bitcoin and crypto community, these privacy battles are our rallying cry. Staying informed about such failures fuels our mission to build a decentralized future where users, not corporations or governments, hold the reins. Whether these tech giants bend under EU pressure or keep dodging accountability remains to be seen, but one thing’s clear: the fight for data sovereignty is just heating up, and we’ve got a front-row seat to shape what comes next.