Chanel Korea has been ordered to pay a fine of 3.6 million won ($2,750) for demanding excessive personal data of its customers. The French luxury fashion house was reported to have denied visitors entry to the store unless they provided their phone number, date of birth date and place of residence.

The Personal Information Protection Commission deemed the actions to be in violation of the Personal Information Protection Act. The commission added that denying service to those refusing to comply with the store’s unreasonable requests went beyond the scope of customer management.

In defense of its actions, Chanel explained that the store had requested the data as a way to prevent visitors from bypassing purchasing limits through transactions made by proxy.

In spite of Chanel’s rationale, visitors voiced their disapproval online, complaining about the way customers were treated as “prospective criminals.”

Chanel Korea has previously faced criticism for leaking the personal information of customers. In August 2021, the company released a statement revealing that sensitive customer data – including names, contact information and addresses – of over 80,000 customers had been leaked in a cyberattack. Chanel was penalized for the lack of data protection measures that the company had in place, as well as easy-to-guess passwords that protected the data.

Other large conglomerates, such as LG, OpenAI and McDonald’s Korea, have also been reported as leaking personal information earlier this year.

Concerns about data breaches and cyberattacks are on the rise. According to a survey conducted by the PIPC in 2022, over 65 percent of respondents were reported to have concerns about hacking and data leaks of their personal information.

Another PIPC survey revealed that 17.1 percent of participants had been the victim of a data breach in 2022.