Ireland Targets Shein in New Probe Over China Data Transfers

Ireland’s Data Protection Commission has opened an inquiry into Shein over the transfer of European users’ personal data to China.

The probe adds a new regulatory risk for one of the world’s fastest-growing online retailers. It also shows that EU scrutiny of Chinese digital platforms is moving deeper into data governance.

The DPC will examine whether Shein Ireland complied with the General Data Protection Regulation. Shein’s Europe, Middle East and Africa headquarters are based in Dublin. That makes Ireland the company’s lead EU privacy regulator.

The inquiry will focus on cross-border data transfers. This has become one of the most sensitive areas of EU privacy law. European regulators want to know whether user data remains protected after it leaves the bloc.

The case matters beyond Shein. It signals that data flows to China are now a strategic enforcement priority for EU regulators. This is no longer a narrow legal issue.

For large online platforms, user data is part of the business model. It supports advertising, logistics, payments, customer service and platform analytics. Any restriction on data transfers could raise costs and force companies to change internal systems.

Ireland has become central to EU digital enforcement. Many global technology companies have their European headquarters there. Since 2020, the DPC has imposed more than €4 billion in GDPR fines.

The Shein inquiry follows a major Irish ruling against TikTok. Last year, the DPC fined TikTok €530 million over concerns linked to European user data transfers to China. The regulator also ordered corrective measures.

TikTok is appealing the decision. An order to suspend transfers has been paused while the court process continues.

For Shein, the timing is difficult. The retailer already faces pressure in Europe over consumer protection, product safety and platform rules. A privacy investigation adds another front.

The case also points to a broader EU position. Europe wants access to global digital services, but it also wants EU data rights to remain enforceable when personal information moves outside the bloc.

That balance is creating a tougher operating environment for companies with global data systems. Platforms that depend on cross-border data access may face more compliance checks, stronger legal safeguards and tighter technical controls.