Data Privacy, Cybersecurity and Information Law

As modern internet and mobile technologies rapidly evolve, the protection of cybersecurity, data, and personal information has become a key concern for successful businesses. Domestic and overseas clients doing business in China as well as Chinese companies expanding business into foreign countries are paying close attention to issues related to cybersecurity and data compliance. We provide comprehensive compliance solutions regarding cybersecurity, privacy and information protection for our clients in different industries, such as traditional manufacturing, life sciences and healthcare, consumer goods, traffic management, credit investigation, advertising, education, telecommunications, media technologies, big data and cloud computing, AI, and financial technologies, etc. We also keep up with the latest technology and carry out research on the potential legal issues that may arise.  Based on our knowledge of legislation and market practice, we are dedicated to providing our clients with practical advice in this field under the current legal environment.

Our Team

We have a keen-witted and capable team that tracks, studies and advises on cybersecurity, privacy and data protection issues. They not only focus on Chinese developments of data protection, but also take a global perspective and pay attention to the latest developments in other jurisdictions. Meanwhile, data compliance related issues are not standalone and are often relevant with other legal fields, such as labor law, corporate law, IP and litigation, etc. Based on our existing expertise and cooperation with experts in these fields, we are able to grasp the key concerns of our clients, and provide clear, accurate and practicable advice at times when coming across relatively vague issues. We provide creative value-added services for our clients by paying close attention to new legislation, and we are well informed regarding legislative trends and their impacts on business.

Key Practice Areas

  • Compliance Solutions: We conduct overall compliance assessments regarding Cybersecurity Law, Data Security Law, and Personal Information Protection Law. We provide compliance advice regarding cybersecurity and personal information protection for clients in different fields and help clients develop compliance programs;

  • Formulation of Policies: We help clients formulate case-specific compliance policies to satisfy requirements regarding cybersecurity and personal information protection, assist clients to conduct compliance assessment, and provide relevant trainings;

  • Commercial Partnerships: We assist clients to assess the risks related to data protection and cybersecurity in various business partnerships, and help clients mitigate such risks by way of structural design and contractual arrangements; 

  • M&A and Investment: We conduct risk assessment on data assets during M&A or investment transactions and provide legal advice for M&As or investments;

  • Employee Data: We provide advice on the treatment of the personal information of employees for different purposes, such as employee management and investigation, and formulate corresponding policies;

  • Data Cross-border Transfer: For the purposes of M&As, business operations or internal management of the group, we provide legal advice on different scenarios of cross-border data transfer, draft cross-border data transfer agreements, assist clients to establish internal policies, mechanisms and processes of cross-border data transfer, and assist clients to complete the corresponding data compliance work, including the implementation of three paths of cross-border data transfer.

  • Investigation and Litigation & Arbitration: We provide legal advice on the collection, use and transfer of information in domestic or overseas investigations (FCPA, SEC investigation, etc.) and litigation & arbitration;

  • MLPS Compliance: We cooperate with assessment agencies and technical consulting companies to help clients achieve MLPS compliance;

  • Data Security Emergency Response: We provide legal advice on appropriate remedial measures, notification and reporting obligations when data security incidents occur, and assist clients in emergency response;

  • Global Data Compliance: We cooperate with overseas law firms to coordinate the work of different branches of multinational companies and develop global compliance strategies to help multinational companies achieve data compliance in different jurisdictions (including GDPR). We provide global data compliance consulting for business operations of overseas subsidiaries of Chinese enterprises. We design overseas data compliance framework and provide compliance consultation for overseas projects of various products of Chinese enterprises.

Recent Representative Cases

  • Advise companies from various industries on compliance with Cybersecurity Law, Data Security Law, the Personal Information Protection Law and other laws, regulations and standards promulgated or issued thereunder or with respect thereto;

  • Advise companies from various industries on marketing, advertising, IT projects, cloud services, IoT, IoV, AI, algorithm and data commercialization;

  • Advise companies on the establishment of PRC data compliance systems, including privacy policies, employee privacy policies, and internal information security and data compliance policies;

  • Advise companies from various industries on commercial cryptography and data transfer;

  • Assist companies with the drafting, review and negotiation of agreements and documents in relation to data compliance;

  • Assist investors by conducting due diligence on data assets, drafting  investment documents, and advising on post-merger compliance;

  • Assist companies by conducting legal analysis on their data collection and processing practices and provide advice for improvement;

  • Assist companies with internal investigations, government investigations and cross-border arbitration and litigation;

  • Advise companies on the implementation of multi-level protection scheme;

  • Assist companies from various industries with the formulation of global data compliance strategies (including compliance with the GDPR), covering drafting data protection policies, privacy statements, guidelines for cross-border data transfer and other data-related policies;

  • Advise companies which are based in China on data compliance of their overseas subsidiaries and businesses, including data compliance under the GDPR, the CCPA and other foreign jurisdictions;

  • Advise technology companies on data compliance of their products to be exported (including IoV devices, smart TVs, smartphones, tablets, etc.) under the GDPR or other overseas jurisdictions, and assist them in the design of product privacy interfaces and the drafting of Terms and Conditions and Privacy Policy.