Skip to content(if available)orjump to list(if available)

TikTok, AliExpress and WeChat ignore your GDPR rights

TikTok, AliExpress and WeChat ignore your GDPR rights

24 comments

·July 17, 2025
Visit

titaniumrain

This is hardly news TBH. Check this paper out

https://www.ndss-symposium.org/ndss-paper/understanding-worl...

ReptileMan

We got hooked on cheap Chinese and US stuff. And guess what, drug dealers don't respect their customers.

Gud

That’s not been my experience with drug dealers.

WhatsName

Except for Aliexpress you are not a customer. Just like Facebook, Insta,... they are selling your attention to the highest bidder.

0manrho

Responding to the article: Yeah, no shit. Glad to see someone is at least trying to do something about it, and I wish them luck.

Relevant, from their about page:

> noyb is a donation-funded NGO based in Vienna, Austria working to enforce data protection laws, in particular the GDPR and the ePrivacy Directive. At the present, a team of more than 20 legal and IT experts from all over Europe is working to ensure that the fundamental right to privacy is respected by the private sector. More than 5,000 supporting members support our work

aurareturn

[flagged]

Fethbita

How does this show EU tech regulation being out of touch and not these companies operating in countries and not following the laws in those companies? Requesting user data is a good way to make sure there’s not more data than is required and it’s a feature most tech companies have already implemented.

Quarrel

That may be, but meanwhile, these companies make a lot of money operating in Europe, so they need to follow the law.

I think some of it is out of touch (omg, the cookie alerts!), but being able to understand what data a company retains about its users, and making that available to individuals if they ask, is probably one I agree with. Most of us don't need to know, most of the time, but the fact that people will occasionally audit this information is good for both users and the companies.

akie

We have cookie alerts because the world's largest browser, which is created and run by the world's largest advertising agency, has no incentive to make it easier for you to stop the flow of data you're sending them that's making them so much money.

Quarrel

That is not the reason at all.

Google was very new when the EU proposed these laws in 2000. It certainly didn't have a browser.

I think the privacy provisions and disclosures required under GDPR give users more useful information (ie they now actually need a privacy policy), and Cookie popups are just a silly distraction that offer no further value. We open so many web pages, so quickly these days, most users are not making informed rational decisions about the popup - they're just clicking it to make it go away. They both annoy users and give them a false sense of improved privacy protection.

The blocking of third party cookies by browsers, and proper privacy disclosures are a much better solution.

giingyui

Multiple official websites such as https://gdpr.eu/ have cookie banners.

theLiminator

I'm curious what the implications are if I host a free web-app that EU users might end up using.

As far as I understand, you're still subject to GDPR even if you're not making money off it. Seems like to me there's massive overreach where the lowest liability way forward is to just ban EU users from using anything you make (which still takes engineering/time to do).

orwin

Obviously? I mean, half of the GDPR is 'if you have to store users data, make sure it's encrypted and don't sell it unless the agree to it', doesn't matter if you make money or not. But just following industry standards is enough.

Like if you want to build a bridge at your own cost because the state doesn't want to do it. Even if you don't install a toll booth, you still have to follow safety regulations before people other than you can cross it, right?

piva00

If you don't run a business in the EU there's no liability, you are only liable if you have users from the EU and a business entity in any EU country.

Blanket bans for EU users is quite common, I see it all the time with local US news outlets, they simply block me from accessing it.

lousken

aren't you the one out of touch?

timonoko

Please shutup. Last time this kind of EU-whining produced only "If you dont accept cookies, you can piss off"-type checkboxes, whose effect to security is less than zero.

piva00

The Cookie Law is different to the GDPR, I don't understand how HN of all places keep getting this wrong after 9+ years of GDPR, it's just a meme and I wish people here would be more well informed.

mnmalst

It's almost as if the least informed people are the ones screaming the loudest.

egorfine

People are confusing the two because both come from the same basket and both have a similar smell.

glimshe

From the perspective of many non-EU citizens, it's just one more piece of EU legislation that hurts and annoys. Being technically part of the GDPR or not isn't terribly relevant for most people.

Note: I'm not defending or criticizing the law, just talking about how many people perceive it outside the EU.