A US law firm has accused Lenovo of violating Justice Department strictures about the bulk transfer of data to foreign adversaries, namely China.

The case filed by Almeida Law Group on behalf of San Francisco-based "Spencer Christy, individually and on behalf of all others similarly situated" centers on the Data Security Program regulations implemented by the DOJ last year.

According to the [1]suit [PDF], these were "implemented to prevent adversarial countries from acquiring large quantities of behavioral data which could be used to surveil, analyze, or exploit American citizens' behavior."

[2]

The complaint states the DOJ rule "makes clear that sending American consumers' information to Chinese entities through automated advertising systems and associated databases with the requisite controls is prohibited."

[3]

[4]

The case states the threshold for "covered personal identifiers" is 100,000 US persons or more and lists a range of potential identifiers, from government and financial account numbers to IMEIs, MAC, and SIM numbers, demographic data, and advertising IDs.

It then alleges that Lenovo's website "uses trackers which expose American's [sic] behavioral data to foreign adversaries."

[5]

"When a user lands on the homepage of Website, [sic] the Website loads numerous first and third-party tracking implementations that measure and record user data," it says, including the likes of TikTok, Facebook, Microsoft, and Google.

This allows Lenovo to collect bulk personal data, it claims, and "Lenovo knowingly permits access to, or transfer of, such bulk US sensitive personal data to entities or persons that qualify as covered persons under the DOJ Rule, including its foreign parents that are directly or indirectly controlled by persons in China, such as the Lenovo Group."

This means that Lenovo Group, operating under Chinese jurisdiction, "can use this data to build detailed dossiers on US residents, identify psychological or financial vulnerabilities, and target individuals in sensitive roles – such as jurists, military personnel, journalists, politicians, or dissidents," or so the lawyers allege.

[6]Lenovo has a hunch you're about to try quitting VMware

[7]Lenovo shows off new laptops that twist and roll

[8]Eleven years after Lenovo acquired IBM's x86 server biz, profits are still elusive

[9]Lenovo puts the 'cloud' in cloud computing, proposes mid-air datacenters

That data could be "weaponized for profiling, coercive targeting, or even blackmail."

The named plaintiff visited Lenovo's website multiple times in November and December 2025, the suits says, triggering trackers that violated "his reasonable expectation of privacy" and resulting in "the unauthorized disclosure of personal information to a foreign entity."

[10]

The suit calls for class action status and seeks "relief, restitution, and disgorgement" as well as "statutory damages in amounts to be determined by the Court and/or jury."

The Register asked Lenovo to comment on the case, and whether it had transferred customer data to China.

In a statement, Lenovo said: "Any suggestion that Lenovo improperly shares customer data is false. We take data privacy and security seriously and comply with all applicable data protection laws and regulations globally, including stringent US requirements. Our data practices are transparent, lawful, and designed to protect our customers."

The suit remains silent on whether the use of trackers, which could ultimately be used to profile individuals and potentially target those in sensitive positions, is permissible in and of itself.

The Reg contacted but has not heard back from Almeida Law Group, which specializes in data privacy and security cases, and class action settlements, among other areas. ®

Get our [11]Tech Resources



[1] https://storage.courtlistener.com/recap/gov.uscourts.cand.463816/gov.uscourts.cand.463816.1.0.pdf

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aZSes87BH6GFd-7mXQaWWQAAAMg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZSes87BH6GFd-7mXQaWWQAAAMg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZSes87BH6GFd-7mXQaWWQAAAMg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aZSes87BH6GFd-7mXQaWWQAAAMg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://www.theregister.com/2026/01/13/lenovo_fx_multi_hypervisor_hci/

[7] https://www.theregister.com/2026/01/07/lenovo_rollable_thinkpad/

[8] https://www.theregister.com/2025/11/20/lenovo_q2_2026/

[9] https://www.theregister.com/2025/11/06/lenovo_datacenter_vision/

[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aZSes87BH6GFd-7mXQaWWQAAAMg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[11] https://whitepapers.theregister.com/