[Alpha Biz= Kim Jisun] Beijing/Shanghai – French luxury fashion house Dior has been penalized by Chinese authorities for allegedly illegally transferring customer data from its Shanghai subsidiary to its headquarters in France, state-run Xinhua News Agency reported on September 9.




According to the National Cybersecurity Notification Center, a public security investigation revealed that Dior’s Shanghai subsidiary violated China’s Personal Information Protection Law (PIPL) by failing to conduct required security assessments before sending consumer data overseas.




Findings of the Investigation

No security assessment conducted before transferring customer data to Dior’s headquarters in France

Failure to comply with requirements for standard contracts and personal data protection certification

Lack of user notification and consent, with customers not adequately informed of how their data would be used

No encryption or anonymization applied to sensitive customer information before transfer

The investigation followed reports in May that Dior customers in China had received official warning messages related to suspected data leaks. Dior had previously acknowledged unauthorized third-party access to customer information, including names, phone numbers, emails, and purchase data, affecting customers in both China and South Korea.




Administrative Action & Broader Implications

Local public security authorities imposed administrative sanctions against Dior’s Shanghai unit under the PIPL, though details of the penalty were not disclosed. Under the law, companies may face hefty fines for serious violations.

The South China Morning Post noted this marks the first major enforcement case since China’s sweeping Personal Information Protection Law took effect in November 2021, signaling Beijing’s

 

 

 

 

[ⓒ 알파경제. 무단전재-재배포 금지]