Ireland’s privacy regulator has opened a probe of Chinese ecommerce platform, Shein Ireland, over suspected illegal exports of Europeans’ personal data to China.

The Data Protection Commission (DPC) – which is in charge of enforcing the EU’s General Data Protection Regulation (GDPR) for the many Big Tech companies that are regionally headquartered in Ireland – announced the start of the inquiry on Tuesday, which it said will also look at Shein’s general compliance with the GDPR’s rules on transparency and personal data processing.

Under the GDPR, companies may transfer personal data outside the EU so long as there is an adequate or equivalent level of protection for the information, akin to the level it enjoys inside the bloc.

Since the EU and China do not have a data adequacy agreement, additional measures are needed to boost protections and legally export EU people’s information to China.

The DPC’s probe follows a data transfers complaint lodged against Shein back in January 2025. European privacy advocacy group Noyb filed a case against the ecommerce giant with Italian privacy authorities at that time.

The DPC has been contacted to ask whether today’s probe is linked to that complaint.

As regards data transfers to China, nearly a year ago, Ireland’s DPC sanctioned social media platform TikTok after it found the company had allowed employees in China to remotely access Europeans’ personal data. The watchdog deemed that the access amounted to illegal transfers outside the EU.

TikTok appealed the DPC’s decision which is still going through the Irish legal system. Most recently, Ireland’s supreme court ruled that TikTok can continue transfers pending the outcome of its appeal.

“Recent regulatory action by the DPC, together with complaints to other European supervisory authorities, has brought data transfers to China, in particular, into focus,” Graham Doyle, a deputy commissioner at the DPC, said in a statement.

(nl)