Irish data protection authorities investigate Shein over data transfer to China
Irish DPC investigates Shein for allegedly transferring European user data to China without adequate protection, raising GDPR compliance concerns.
(Image: mundissima / Shutterstock)
The fast-fashion giant Shein is facing increasing regulatory pressure in Europe. The Irish Data Protection Commission (DPC), which acts as the lead authority for many tech groups based in Ireland, has officially launched an investigation into the company's operations on the island. The suspicion is that Shein has transferred personal data of European customers to China without complying with the requirements of the General Data Protection Regulation (GDPR).
The investigations by the DPC are based on the Irish Data Protection Act and focus primarily on compliance with the basic principles of data processing and transparency obligations. Companies must clearly inform users how and where their data is processed. This requirement is particularly critical for exports to countries without a comparable level of protection.
As early as January 2025, the organization Noyb filed a complaint against Shein. The proceedings against TikTok also showed that data transfers to China are under special scrutiny. There, the DPC classified the remote access of Chinese employees to European data as an illegal transfer. According to DPC Deputy Commissioner Graham Doyle, complaints and recent regulatory steps have made China transfers a strategic priority.
Shein's reaction and possible consequences
Since there is no adequacy decision between the EU and China, the responsibility for data protection lies with the companies. They must guarantee through additional measures such as standard contractual clauses that European data enjoys the same protection abroad as within the Community.
Videos by heise
A Shein spokesperson stated that the company takes data protection obligations seriously and has been in contact with the DPC for months. The group will present new data handling initiatives as part of the proceedings to demonstrate compliance with European standards.
However, should the supervisors find that the precautions were insufficient, Shein faces severe fines or even a ban on data transmission. A business model based on the analysis of user preferences and close integration with Chinese production chains would thus be at stake.
(vbr)
