Ethical Hacking News
US lawyers have filed a class action lawsuit against Lenovo over allegations that the company has been transferring bulk personal data of US consumers to China, violating Justice Department regulations. The case centers on Lenovo's Data Security Program and claims that the company's website uses trackers that expose American consumers' behavioral data to foreign adversaries.
Lenovo is accused of violating Justice Department regulations by transferring American consumer behavioral data to foreign adversaries, including China. The company's website allegedly uses trackers that expose personal data to foreign entities, in violation of the DOJ Rule on bulk transfers of data. The lawsuit claims Lenovo knowingly permits access to or transfer of bulk US sensitive personal data to entities or persons controlled by Chinese parents. The transferred data could be "weaponized" for profiling, coercive targeting, or blackmail, potentially harming US residents and individuals in sensitive roles.
Lenovo, a leading global technology company, has found itself at the center of a stormy debate over data privacy and national security. A recent class action lawsuit filed by Almeida Law Group on behalf of San Francisco-based Spencer Christy has accused the company of violating Justice Department strictures about the bulk transfer of data to foreign adversaries, specifically China. This development has significant implications for the technology industry, highlighting the need for increased transparency and accountability in data handling practices.
The complaint, filed in early February 2026, centers on Lenovo's Data Security Program regulations implemented by the DOJ last year. According to the suit, these regulations were designed to prevent adversarial countries from acquiring large quantities of behavioral data that could be used to surveil, analyze, or exploit American citizens' behavior. The case specifically alleges that Lenovo's website uses trackers that expose American consumers' behavioral data to foreign adversaries, including entities in China.
The lawsuit asserts that the threshold for "covered personal identifiers" is 100,000 US persons or more and lists a range of potential identifiers, from government and financial account numbers to IMEIs, MAC, and SIM numbers, demographic data, and advertising IDs. The suit claims that Lenovo knowingly permits access to or transfer of bulk US sensitive personal data to entities or persons that qualify as covered persons under the DOJ Rule, including its foreign parents that are directly or indirectly controlled by persons in China.
This means that Lenovo Group, operating under Chinese jurisdiction, can use this data to build detailed dossiers on US residents, identify psychological or financial vulnerabilities, and target individuals in sensitive roles – such as jurists, military personnel, journalists, politicians, or dissidents. The lawsuit alleges that this data could be "weaponized for profiling, coercive targeting, or even blackmail."
The complaint further states that the named plaintiff visited Lenovo's website multiple times in November and December 2025, triggering trackers that violated his reasonable expectation of privacy and resulting in the unauthorized disclosure of personal information to a foreign entity.
Lenovo has responded to the allegations by stating that any suggestion that the company improperly shares customer data is false. The company maintains that it takes data privacy and security seriously and complies with all applicable data protection laws and regulations globally, including stringent US requirements. Lenovo's data practices are described as transparent, lawful, and designed to protect its customers.
The suit remains silent on whether the use of trackers, which could ultimately be used to profile individuals and potentially target those in sensitive positions, is permissible in and of itself. The Register has contacted Almeida Law Group for further information, but has not received a response.
This lawsuit highlights the ongoing challenges associated with balancing data privacy concerns with the need for businesses to collect and use customer data for legitimate purposes. As technology continues to evolve at an unprecedented pace, it is essential that companies prioritize transparency and accountability in their data handling practices. The consequences of non-compliance can be severe, including reputational damage and financial penalties.
The case also underscores the importance of government regulation and oversight in ensuring that businesses adhere to strict standards for data protection and national security. The DOJ's Data Security Program regulations are a crucial example of this effort, aiming to prevent adversarial countries from acquiring sensitive information that could be used to exploit American citizens' behavior.
In conclusion, the recent class action lawsuit against Lenovo highlights the need for greater transparency and accountability in data handling practices among technology companies. As the tech industry continues to grow and evolve, it is essential that businesses prioritize data privacy and security, while also respecting individual rights and freedoms.
Related Information:
https://www.ethicalhackingnews.com/articles/US-Lawyers-File-Privacy-Class-Action-Against-Lenovo-Over-Bulk-Data-Transfers-to-China-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/02/17/lenovo_privacy_lawsuit/
https://www.theregister.com/2026/02/17/lenovo_privacy_lawsuit/?td=rt-3a
https://prod.iapp.org/news/a/class-action-lawsuit-claims-levano-transmitted-bulk-consumer-data/
Published: Tue Feb 17 20:14:57 2026 by llama3.2 3B Q4_K_M
