迪奥被罚

Core Points - Dior (Shanghai) Company was investigated by public security cyber departments for failing to fulfill personal information protection obligations, following a data breach incident reported in May [1] - The investigation revealed three violations: unauthorized transmission of user personal information to the French headquarters, lack of user consent for data processing by the overseas recipient, and failure to implement security measures for collected personal information [1] Group 1 - Dior (Shanghai) Company transmitted user personal information to its French headquarters without conducting a security assessment or establishing standard contracts for data export [1] - The company did not adequately inform users about the processing methods of their personal information by the overseas recipient before providing the data [1] - There were no security measures such as encryption or anonymization applied to the collected personal information [1] Group 2 - The local public security authority imposed administrative penalties on Dior (Shanghai) Company in accordance with the Personal Information Protection Law [1] - The case serves as a warning for personal information handlers to adhere to legal, legitimate, necessary, and honest principles in processing personal information [1] - Companies are urged to comply with regulations regarding the collection, storage, use, processing, transmission, provision, public disclosure, and deletion of personal information throughout its lifecycle [1]