GDPR Complaints Against TikTok and Temu Filed

Executive Summary

Whom it may concern

• Privacy Compliance Teams

• Legal Departments

• Data Protection Officers

Key Findings

1. Violations of GDPR Articles: Companies are accused of breaching Article 44 (data transfers), Articles 46 (safeguards), and Article 15 (data access requests).

2. Non-compliance Risks: The organizations collected user data without ensuring adequate protection from the authoritarian context of the Chinese authorities.

Risk Analysis

• Quantified FAIR analysis indicates high probability (80%) of penalties due to identified GDPR violations across multiple jurisdictions.

• Impact assessment could lead to fines upwards of $1.75 billion for Xiaomi and $1.35 billion for Temu if non-compliance is upheld.

• Rationale: The existing laws emphasize strict conditions under which data may be transferred outside the EU, which these companies have reportedly overlooked.

Action Items

• Immediate suspension of data transfers to China by the implicated companies should be prioritized.

• Implement compliance measures aligning with GDPR regulations over the next 3-6 months.

• Allocate resources for stakeholder training on data privacy laws and required compliance metrics.

Sources

• [Here](https://www.bleepingcomputer.com/news/security/gdpr-complaints-filed-against-tiktok-temu-for-sending-user-data-to-china/)