Irish DPC Investigates Shein for Potential GDPR Breaches
The Data Protection Commission (DPC) in Ireland has launched an investigation into the online retailer Shein regarding the transfer of customers’ personal data to China. This inquiry focuses on the company’s European hub, Infinite Styles Services, based in Dublin. The DPC is examining whether Shein has complied with the European Union’s General Data Protection Regulation (GDPR), specifically Articles 5 and 13, which govern lawful processing and transparency of personal data.
Article 5 of the GDPR requires that personal data must be processed lawfully, fairly, and transparently, while Article 13 mandates that individuals must be provided with clear information about how their data is used. The investigation is particularly concerned with whether Shein’s transfer of personal data outside the EU meets the strict conditions set by the GDPR for international data transfers. Shein was officially notified about the investigation on April 30.
Shein has responded by emphasizing its commitment to data protection and GDPR compliance. The company stated that protecting customer data security is a top priority and highlighted ongoing efforts to engage with the DPC. Shein mentioned several data protection initiatives currently underway and expressed its intention to present this information during the investigation process.
Deputy Commissioner Graham Doyle commented that personal data transferred outside the EU must receive the same level of protection as within the EU. He noted that recent regulatory actions and complaints have increased scrutiny on data transfers to China. The DPC plans to work closely with other European supervisory authorities to ensure a coordinated approach. This investigation adds to Shein’s challenges after the European Commission began a separate probe related to the sale of controversial products on the platform.
