Dior faces penalty in China for illegal data transfer to France

Dior’s Shanghai branch has reportedly faced an administrative penalty from Chinese authorities, accused of illegally transferring customer personal data to its headquarters in France. This alleged breach of data security regulations is tied to a significant data leak that occurred in May, according to a recent statement issued by China’s public security authority.

Officials explicitly stated that the luxury fashion house failed to adhere to critical data protection protocols. Specifically, Dior is accused of neglecting to conduct the required data security assessments, omitting to notify affected users about the data transfer, and crucially, failing to encrypt the personal data before it was sent overseas. These omissions are central to the accusation of illegal data transfer under Chinese law.

As a direct consequence of these alleged violations, the local public security authority has imposed an administrative penalty on Dior’s Shanghai operations. The exact nature and severity of this penalty were not immediately detailed in the public security authority’s statement. Reuters reached out to the company for comment, but Dior did not provide an immediate response to the inquiry.

This enforcement action closely follows a separate data breach disclosed by Dior just months prior, in May. That earlier incident similarly compromised customer information, affecting databases in both China and South Korea. The company had previously acknowledged that this breach involved unauthorized access to its systems.

The type of customer data compromised in both the May breach and the current allegations is consistent. According to Dior’s earlier disclosures, the affected information included customer contact details and purchase histories. Crucially, no financial details were impacted in either reported incident, providing some level of reassurance regarding sensitive monetary information.

The incident underscores the increasingly stringent data protection landscape in China and the potential challenges international companies face in navigating these regulations, particularly concerning cross-border data transfers. Companies operating within the country are expected to comply rigorously with local laws designed to protect the personal information of Chinese citizens.