Dior Shanghai was penalized for illegally transmitting user data.

Foreign media: Dior Shanghai penalized for illegally transmitting data overseas

The French luxury brand Dior's Shanghai subsidiary was found to have violated the "Personal Information Protection Law" and was penalized for transferring Chinese user data to its headquarters in France without a security review. The investigation was triggered by media reports of a data breach, during which some Chinese users also received text message reminders from Dior.

Policing investigations found that Dior Shanghai had multiple violations: first, it did not conduct a data export security assessment; second, it did not sign a standard contract or obtain personal information protection certification; third, it did not fully inform customers how their personal information would be used at the French headquarters, nor did it obtain separate consent; fourth, the collected data was not encrypted or anonymized and other security treatments.

Original article: www.toutiao.com/article/1842775568057351/

Statement: This article represents the views of the author.