Team size: Eight

Brendan’s Bio

Brendan currently leads the legal and risk areas of data privacy, cybersecurity and artificial intelligence for Agoda, a Booking Holdings company. He is fortunate to have had a comprehensive legal background that has led him to some notable achievements during his career to date. This includes having negotiated significant, complex technology agreements, building and leading privacy programs and teams globally and at the regional level and, more recently, constructing a Responsible AI framework to enable the responsible use of generative AI. He is also seen as an expert in data-related laws across the APAC region, having spoken at international events, including the IAPP Singapore and PrivSec Global. He has further balanced his legal expertise with top-notch professional and leadership training at McKinsey & Co.

Adaptable, curious and cultured, Brendan is a well-rounded and well-travelled New Zealand and qualified Australian lawyer with extensive working experience in the Asia Pacific, Middle East, Africa and Europe.

What are the most significant cases or transactions that your legal team has recently been involved in?

One of the main cases we have been involved in recently has been the architecture of a responsible AI framework for Agoda, enabling the accountable use of generative AI such as Chat GPT. This has led to us being nominated for a Financial Times Innovative Lawyers award under the In-house: Innovation in Risk Management category.

We have been driving the measurement and mapping of Agoda’s global privacy program with the NIST privacy framework and implementing an international regulatory change management programme that enables our risk-based compliance with new and amended privacy and cybersecurity laws with a specific focus on APAC, including China.

We also focused on the further maturation of an Agoda subsidiary company’s privacy programme and posture.

As we enter the next decade, what skills will a corporate legal team need to succeed in the modern in-house industry?

The ability to assimilate artificial intelligence into the day-to-day work and processes of a modern in-house legal team. For legal teams, the focus of AI would be to initially improve productivity for things like intake flows, where the combination of AI along with human architecture and oversight will be crucial for in-house legal teams to succeed in the future.

For growing in-house legal teams with a greater specialisation of legal work/areas, the ability to share relevant information, collaborate and scale smaller teams of relevant legal stakeholders for the business will prove very important. The idea of having a central or lead lawyer or team for different business units where that lead lawyer/team/primary point of contact can coordinate the legal aspects behind the scenes for the business will help ensure that the legal team is approachable, streamlined and can present a consolidated legal view to the busy business teams within a company guaranteeing that in-house legal teams provide necessary, timely and efficient advice.

How do you suggest in-house lawyers build strong relationships with business partners?

Active listening, empathy and the ability to get onto the same side of the problem with business partners to solve the problem will be essential. As alluded to above, ensuring that a solution-focused, collaborative approach that wins over the business and identifies and mitigates risk as much as possible, looking at the threat from the shoes of the business partner, will help create and build strong relationships. With this trust, perspective taking and collaboration, strong relationships are forged, and it also helps when more difficult conversations are required.

What are some of the main legislative or regulatory changes that have impacted you?

In the areas of Privacy, Artificial Intelligence and Cybersecurity, the rate of regulatory change is fast-moving. Recently, the developments in the personal information and data security laws in China have meant that, in many cases, we have had to take a China-specific approach to compliance to navigate some of the novel requirements adequately. Further, the cybersecurity and recent privacy decree in Vietnam has required analysis and planning (as with the Thailand PDPA in the recent past). With an eye to the future, the EU AI Act will be groundbreaking and help inform our Responsible AI framework once passed.