With an impressive client roster featuring some of the most prominent players in the technology, banking and retail sectors, Fangda Partners maintains its standing as a leader in the area of data protection and cyber security issues, acting on data breach responses, compliance programs, and regulatory proceedings. Kate Yin, who demonstrates notable knowledge in regulatory compliance, with a further focus on cross-border matters relating to anti-corruption, export controls, and internal investigations, leads the practice with a footing in Beijing, Guangzhou and Hong Kong. In Shanghai, Gil Zhang stands out as a key contact, noted for his ‘full understanding of client’s needs‘ when advising on cybersecurity matters and data compliance programs in a Chinese legislative and GDPR context. Counsel Huihui Li is experienced in internal compliance checks and assessments of tech-driven products.
Data protection: PRC firms in China
‘Familiar with business practice in pharmaceutical industry.’
‘Provides clients with practical advice to comply with data protection law in China.’
‘The team are professional on data protection and cyber security related issues.’
‘Gil Zhang provides timely and professional guidance on the data protection related issues of our company.’
‘Gil Zhang is one of the most knowledgeable privacy lawyers. He has full understanding of clients’ needs and of how their organizations work.’
‘The lawyer’s understanding of the local regulator and their perspectives and the engagement with the rule makers is an advantage.’
Global Law Office leverages its interlinked offering across practice areas to operate as one when handling data protection issues, acting for multinational clients including Samsung, Xiaomi and Volvo on complex compliance projects and regulatory investigations. Beijing-based Maggie Meng, who regularly acts for companies in the e-commerce, fintech, and AI sectors, leads the practice alongside Shanghai-based Vincent Wang who is singled out for his expertise in emerging technologies such as blockchain, e-mobility and cloud computing. Of counsel Jenny Chen is noted for government and internal investigations as well as personal information protection.
Other key lawyers:
‘Jenny Chen is a professional with good quality work. She can listen to the needs of business and provide reasonable solutions. She has very good experience in PIPL projects.’
The Volvo Group
Auto Home Inc.
The Volvo Group
- Advised Xiaomi Corporation on multiple product lines and business scenarios that require data protection advice.
- Provided effective and comprehensive legal advice for AutoHome’s domestic and foreign business lines involving data protection issues.
- Provided legal support for Volvo Group’s auto drive and smart vehicle business.
Han Kun Law Offices‘ team has a wealth of experience in handling data compliance projects and corporate matters, making the practice a popular choice amongst leading domestic and international corporations looking to expand their presence across multiple jurisdictions. The practice is jointly led by Yan Wang, Kevin Duan, David Tang, Min Zhu, and Michelle Gong. Duan acts on data review matters, assisting companies in their overseas listings, while Zhu is recommended for cybersecurity and data compliance matters. Tang’s ‘knowledge of the local data privacy and protection regulations is second to none‘, which supplements his ability to provide advice on corporate mandates. Associate Kemeng Cai is another notable figure.
Other key lawyers:
‘David Tang’s knowledge of the local data privacy and protection regulations is second to none. David is able to skilfully advise upon the law whilst taking into account the complexities of the business.’
Boston Consulting Group
Volkswagen Investment Company
- Advised Tencent on its various investment deals in relation to data compliance matters.
- Represented Marriott’s China in its data compliance matters.
- Represented Bayer in dealing with its China data compliance matters.
King & Wood Mallesons
King & Wood Mallesons draws from an established China corporate practice, advising a range of domestic and multinational clients on their compliance solutions concerning various regulatory regimes. With a focus on compliance, the firm is active in an array of relevant projects, evidenced by its recent instructions of advising Everbright Bank on its internal data protection program. Beijing-based practice head Susan Ning is praised for her broad practice, which includes advising on data compliance systems, cross-border data transmissions, network security emergencies, and the formulation and modification of privacy policies. Han Wu is also highly recommended for advising multinational companies on their China compliance requirement, as well as representing Chinese companies operating in foreign countries in establishing data compliance systems.
Other key lawyers:
Agricultural Bank of China
China Everbright Bank
- Assisted the Agricultural Bank of China with its data compliance consulting project in complying with the cybersecurity and data compliance obligations.
- Acted for Everbright Bank in data compliance consulting projects, including providing gap analysis on mobile apps and third-party data providers, advice on internal data protection program, and assessing data-sharing arrangements.
- Assisted TravelSky Technology with a data rights and interests research project.
Zhong Lun Law Firm covers the full gamut of data and privacy issues; although the team primarily features practitioners with an IP focus, it is active in areas including face recognition, online payments, and cloud computing, with close collaboration across the firm’s broad specialisms resulting in a one-stop-shop for clients. Jointly led by Jihong Chen and Yongjun Ni, with the former demonstrating notable expertise in cybersecurity, personal information protection, and compliance with a telecoms element. Peng Cai handles data security risks, compliance challenges and artificial intelligence technologies, with further focus on data life-cycle processes, and Jeffrey Liu, is recommended for data and privacy issues related to financial products.
China Three Gorges Corporation
Greentown Ideal Life Technology
Keppel Land China
WATRIX. AI Technology
- Advised Tencent Holdings on its essential data protection compliance mechanism for its key services and products including WeChat and Tenpay.
- Advised Microsoft on regulatory data compliance supervision in China, with respect to its key products.
- Advised Volkswagen on a data protection compliance system and compliance issues regarding Intelligent Connected Vehicles (“ICV”) and automated driving.
AnJie Broad Law Firm
Anjie Broad Law Firm stands out as one of the first PRC firms to handle data protection and cybersecurity matters. Accordign to a client, the team has ‘very good technical grasp of the PRC data protection law regime and is very up to date with the latest enforcement trends.’It acts for clients from a broad range of sectors on data transfers, compliance regimes, and data storage. Leading the team is Beijing-based Samuel Yang, highlighted for having ‘outstanding data protection knowledge’. While Yang is primarily recognised for his expertise in the telecoms sector, his practice extends to regulatory, commercial agreements, cybersecurity and e-commerce.
‘The team is strongly focused on the data protection landscape in China.’
‘Samuel Yang is a fantastic lawyer who has outstanding knowledge of the evolving and complex data protection regime in China.’
‘The team at AnJie has very good technical grasp of the PRC data protection law regime and is very up to date with the latest enforcement trends.’
‘Samuel Yang of AnJie team is very responsive and is able to provide clear and commercial guidance in an area of law that is still developing.’
‘AnJie Broad Law Firm has an excellent data protection practice. They are very responsive and easy to get hold of. They meet their deadlines.’
‘Samuel Yang has good expertise in PRC data protection law. His advice is very practical and helpful and his experience in Western firms means he is very good at explaining PRC law to Westerners.’
- Advised a global leading insurance group on its data protection compliance project in China.
- Advised a well-known international bank on its data protection compliance project in China.
- Advised a well-known global hotel group on its data protection compliance project in China.
Recognised as a go-to firm for clients in the TMT sector, DaHui Lawyers leverages its broader compliance experience to provide advice on personal privacy and cross-border data transfer requirements. Within the team, founding partner Richard Ma heads the practice with experience advising on regulatory and data compliance matters primarily; Joanna Jiang advises on data compliance requirements; and associate Dimitri Phillips is active in dispute resolution, compliance and corporate matters.
Other key lawyers:
Dimitri Phillips; Joanna Jiang; Cloud Li
As a prominent player in the regulatory space, Hui Ye Law Firm has longstanding expertise in the data protection field, with over 10 years of experience advising local and foreign clients on the full spectrum of relevant contentious and non-contentious data protection work. Tianhang Li and Ramon Huang co-head the practice from Shanghai, handling work concerning cybersecurity and data compliance, and network security, respectively. Huang is regularly instructed by high-profile clients including Adidas, JD and Chanel. Junlei Guo joined from Anli Partners in February 2022.
Other key lawyers:
China United Network Communication Group
Beijing Lingyue Information Technology
JD Dada Group
- Advised China United Network Communication Group on non-bank financial business legal services concerning subsidiaries in the field of big data.
- Advised Tencent on a data compliance legal programme.
- Advised Pfizer on cyber-security and data compliance legal services.
Llinks Law Offices’s compliance practice group is active in cybersecurity, e-marketing, and wider data protection matters, with a prominent presence in the automotive, technological, and pharmaceutical sectors. Practice head David Pan, who is qualified in both China and New York, handles network security, data protection, antitrust, and anti-commercial corruption matters. Xun Yang adds to the firm’s international experience and acts for clients in the TMT, life sciences, and financial services sectors on information security, privacy, intellectual property and unfair competition matters. Nigel Zhu is another name to note.
- Advised SciClone on E-marketing.
- Advised Roche on data compliance issues.
- Advised Michelin Investment China Ltd. on cybersecurity and data protection compliance issues.
With a strong footing in a global context thanks to its ties to international firms, TransAsia Lawyers is noted for acting on the data protection aspects of cross-border transactions. The team is sought out by payment service providers as well as clients in the cloud services and automotive industries to advise on data compliance, cross-border data transfers and data storage. Managing partner Philip Qu is the main contact in Beijing, with a broad practice encompassing data matters in relation to M&A and VC investments. Karen Hu joined the firm from Merits & Tree Law Offices in June 2022.
Other key lawyers:
- Advised Weibo on data security and compliance issues for possible cross-border data transfers related to overseas litigation proceedings.
- Acted as PRC counsel to AWS for its China operational structure, re-structuring, license application, and regulatory matters.
- Advised GM China on data and PI policy and compliance, including collection, sharing, cross border transfer, storage, access, and related agreements.
Anli Partners is a popular choice among TMT sector clients; its practice spans compliance, data transfers and personal privacy procedures. Standout team members include regulatory expert Wei Luo, who acts as the firm’s TMT director and counsel Shanshan He.
Other key lawyers:
Fresenius Medical Care
- Advised Tencent Cloud and Smart Industries Group, Tencent Advertising Group, and Tencent Interactive Entertainment Group on the compliance and regulatory issues of various products.
- Advised Nestle on its collaboration project with Chinese hospitals, individual doctors, and service providers on HGRAC issues.
- Provided legal services for Fresenius Medical Care in its data compliance and personal information projects in China.
Dentons China benefits from its impressive global footprint, allowing it to act for clients such as Tencent, Alibaba and Lenovo on complex data compliance issues. It is also equipped to advise on cross-border data transfers, data asset transactions and data breach contingency plans. Zhangwei Wang heads the team which includes Kaiming Cai and Donghui Ruan. Cai focuses on data protection and cross-border compliance, while Ruan has notabel experience advising on compliance matters for clients in the technology sector.
- Advised Beijing Bytedance Technology on information security and in response to US policies.
- Advised Tencent on data compliance issues.
- Advised Anker Innovation Technology in compliance matters.
Haiwen & Partners‘ advises multinational companies and major funds on data compliance issues. It has seen an increase in cybersecurity-related instructions for overseas listings, assisting clients in relevant applications and reviews. Jianyuan Yang, who is noted for cross-border data protection matters as well as the establishment of data protection programs, leads the practice alongside M&A expert Peng Fu, who has a wealth of experience representing clients in the healthcare industry.
Other key lawyers:
HHP Attorneys-At-Law’s cybersecurity and data compliance department, which is a part of the Meritas data protection group, is a popular choice among clients in the consumer goods and services, manufacturing, and automotive industries. The firm is increasingly advising on data breach and compliance matters for e-commerce sector clients. Practice head Yao Rao is a cybersecurity and personal data protection specialist with ‘strong problem-solving abilities‘. Associate Shuaijie Lu is another key contact, with experience addressing data compliance issues for both domestic and foreign clients.
‘The firm provides very professional and effective legal and compliance support in respect of data protection. The lawyers have a strong command of the fast-changing laws and keep working on new compliance requirements. By virtue of their close working relationship with Meritas law firms in other jurisdictions, they can handle our cybersecurity and data protection projects involving multi-jurisdictions. Their billing system is friendly, and they can offer more than you pay.’
‘Yao Rao is very experienced. He is an expert in the field of data protection and has a very up-to-date knowledge of the practice. He has strong problem-solving abilities and provides the client with very valuable advice. He is also a great leader. His team work together efficiently with high quality under his direction.’
‘Shuaijie Lu and Shihao Xiao both have strong capacities and a wealth of experience in cybersecurity and data compliance issues. They stand out for their high quality and results-oriented service as well as excellent attitude. The advice provided by them was very appropriate and useful.’
Valeo Siemens eAutomotive
- Advised a company in the solar energy industry on its cloud service data compliance project.
- Advised a European industrial manufacturer on cybersecurity classified protection and grade assessment on its e-commerce website.
- Advised a leading industrial manufacturer on the overall data compliance assessment on its business platform.
East & Concord Partners is noted for its compliance focus, especially regarding the construction of cybersecurity systems and the implementation of relevant measures. Beijing-based Xiaoyu Shen leads the practice and focuses on data and cybersecurity compliance matters.
Other key lawyers:
‘The team is able to provide comprehensive advice from a business, technical and legal standpoint. It also provides compliance plans that are practical and feasible in their implementation.‘
‘The firm has resources to provide guidance from a technical standpoint. It never fails to meet the requirements imposed by companies from local and US backgrounds in a timely, diligent and cost effective manner.‘
‘Xiaoyu Shen is a very experienced lawyer. The completeness of her advice is very valuable. She is able to provide companies with the most important points, highlighting risk areas, and her advice is in-depth.‘
China Pacific Insurance
China CITIC Bank
Cyber Security Association of China
Chengdu Vcolco Information Technology
Societe General Finance Leasing
- Provided Chengdu Vcolco with special legal services on automobile data compliance.
- Provided comprehensive legal services for Organizing Committee on data compliance matters.
- Provided special legal services for the development and operation of the online duty-free social store applet of a multinational luxury goods group.
Drawing from a prominent corporate practice, FenXun Partners supports a range of clients in cybersecurity matters, including in relation to employee privacy training and transactional assessments. Co-heading the practice are Shanghai-based Zhenyu Ruan who has notable expertise in the TMT sector, and Beijing-based Vivian Wu who is noted for compliance investigations and risk assessments.
- Assisted Porsche on legal and regulatory issues concerning the launch of the new version of the Porsche Connect mobile app in Mainland China and Hong Kong.
- Represented Subway on agreements with several Chinese IT vendors concerning the design setup and implementation of a China franchisee online ordering, loyalty program and WeChat Mini-Program.
Jingtian & Gongcheng is active in the cybersecurity and data compliance space, regarded for addressing matters in relation to data governance, cross-border flow requirements, and privacy breaches. Zhenhua Xiang heads the practice alongside Yongqing Huang, with notable members including Lizhi Yuan and Yang Zhou.
Xiamen Yaki Software
Huatai Insurance Group
Guangdong Rural Credit Union Association
Digital Trade Technology
Beijing Nefly Technology
Chinese Academy of Sciences
Shenzhen TCL New Technology
Shihui Partners primarily advises clients in the TMT sector on data compliance matters. Raymond Wang leads the firm’s compliance business group, having acted for a number of central ministries and commissions on data-related legislation and regulation. The team continues to expand with the hire of Jing Lu who joined from Sidley Austin LLP in January 2022, and a number of individuals in March 2021 including Tian Li from Fangda Partners and Rui Wang from Global Law Office.
Other key lawyers:
‘The team members are very active and hard working, and usually respond to requests promptly. Also, the partner of the team is very hands-on.‘
Beijing Sohu Internet Information Service
Intercontinental Hotels Group
- Provided all-round compliance service for Tencent.
- Advised Zhihu on its data compliance and personal information protection project before its IPO in Hong Kong.
- Advised Pfizer on its establishment of a personal information protection compliance system.
Yuanda China Law Offices
Yuanda China Law Offices leverages its strategic alliance with international firm Winston & Strawn LLP to act on cross-border compliance issues facing Chinese companies. The team is jointly led between John Huang, James Jiang and Andy Pan. Jiang combines his private equity and corporate practice with compliance matters, whilst Pan supplements the firm’s compliance capabilities, with particular knowledge of the TMT sector.
- Advised Bridgestone (China) Investment Co., Ltd. on cross-border data compliance matters.
- Acted for S&C Electric (China) Co. Ltd. in settin up its data protection system.
- Handled data compliance matters for BCD Travel (China) Limited.
Zhao Sheng Law Firm
Zhao Sheng Law Firm‘s integrated data protection department benefits from its joint operation with Linklaters, allowing it to address an array of cybersecurity and data protection issues for clients in the TMT sector. Colette Pan leads the team and handles data protection matters arising out of cross-border M&A transactions and private equity investments. Associate Roger Li is a further name to note.
Other key lawyers:
Asia Securities Industry & Financial Markets Association
- Advised ASIFMA in preparing responses to consultation papers on draft rules including the Measures for the Security Assessment of Outbound Data.
- Advised Elex on a broad range of GDPR compliance, privacy-by-design, age-appropriate design and other data protection regulatory issues.
- Advised on a long-standing client on implementation of the new Personal Information Protection Law (PIPL) across each of its digital pathways.