Dior fined in China for sending data overseas without security screening
Cyber police found multiple violations of personal information protection law, Xinhua report says, in first major case since law took effect
Chinese police have fined fashion giant Dior’s Shanghai subsidiary after finding the company guilty of transmitting data overseas without security screening, according to state media.
Citing the National Cybersecurity Notification Centre, state news agency Xinhua reported on Tuesday that the investigation followed media reports of a data breach at the French fashion brand, while users in mainland China received alert text messages from Dior.
This included personal data of customers in China to the Dior headquarters in France without carrying out a data export security assessment, and failing to establish a standard contract for such export or obtain personal information protection certification.
Dior Shanghai is also accused of failing to fully inform the customers of how their personal information would be used by the French headquarters, and to obtain their “separate consent” on this, according to Xinhua, which posted the cybersecurity centre statement in full.
It said Dior Shanghai further did not implement security measures such as encryption and anonymisation for the personal information collected.
The statement said that local police had imposed administrative penalties on Dior Shanghai but did not disclose the amount of the fines or other specific details.