Lenovo denies allegations of transferring data to China — class action lawsuit alleges company uses trackers to expose American behavioral data to ‘foreign adversaries’
Source: Tom’s Hardware
Background
U.S.-based Almeida Law Group, which specializes in class‑action litigation, has filed a lawsuit against Lenovo alleging that the company transferred large amounts of data to China. The complaint (see the filing PDF) claims that Lenovo’s actions violate the U.S. Department of Justice’s Data Security Program, which restricts the transfer of sensitive personal data to “countries of concern” or “covered persons.” Lenovo has denied the allegations.
Allegations
The lawsuit states that, through its automated advertising infrastructure and associated databases, Lenovo “transmits Plaintiff’s and potentially millions of other American consumers’ data to China.”
The plaintiff, Spencer Christy of San Francisco, California, is alleged to have had his browsing activity linked to his identity, with his behaviors tracked and detailed profiles built that reflect his interests, locations, habits, and other private attributes. The complaint characterizes this not only as an invasion of privacy but also as “a direct threat to national security” because it could enable coercion, reputational harm, or blackmail.
Legal Context
The DOJ rule was implemented to prevent adversarial countries from acquiring large quantities of behavioral data that could be used to surveil, analyze, or exploit American citizens. The lawsuit argues that Lenovo’s actions are in direct violation of this rule.
Under the DOJ regulation, “covered persons” include:
- Individuals who reside in “countries of concern” or are controlled by entities in those countries.
- Entities organized or chartered under the laws of, or having their principal place of business in, a country of concern, or that are owned ≥ 50 % by such entities.
The complaint further asserts that Lenovo Group is subject to Chinese regulations such as the National Intelligence Law, Cybersecurity Law, and Data Security Law, which can compel individuals and institutions to cooperate with authorities when requested to provide data.
Potential Implications
If the allegations are proven, the transfer of American behavioral data to China could pose significant national‑security risks, including the possibility of foreign actors using the information for surveillance, influence operations, or blackmail. The case also highlights broader concerns about how multinational technology companies handle user data across jurisdictions with conflicting legal obligations.
