Friday’s ruling means the “screw is turning” on data flows to China, said Joe Jones, research director at the International Association of Privacy Professionals, which represents people working in the world of privacy globally.
“We’ve had over a decade of EU-U.K., EU-U.S. fights and sagas on [data flows]. This is the first time we’ve seen anything significant on any other country outside of that transatlantic triangle — and it’s China,” said Jones.
Most high-level enforcement of the EU’s General Data Protection Regulation (GDPR) has so far targeted American tech giants, as Europe and the United States have bickered over legal protections for personal data sent across the Atlantic.
Chinese surveillance and data privacy breaches remained out of the EU’s crosshairs but the growth in popularity and EU presence of big Chinese players has now cast a spotlight on Beijing’s techno-authoritarian tendencies.
Earlier this year, six Chinese companies (AliExpress, SHEIN, Temu, WeChat and Xiaomi as well as TikTok) were the target of complaints filed with European data protection authorities by Austrian privacy group Noyb, founded by privacy activist Max Schrems.
The third-largest fine ever for a breach of the EU’s data protection rulebook, Friday’s decision by Ireland’s Data Protection Commission highlights that China’s laws are fundamentally at odds with European data protection principles.
