Data Privacy, Cybersecurity and State Secrecy

Fangda is a leading PRC law firm advising clients on data privacy, cybersecurity, state secrecy and related data compliance. Our areas of expertise include helping clients build global and China-specific data protection programs, implementing the program, establishing third party management, conducting data privacy due diligence, and advising clients on challenging data privacy issues arising from business operations.

  • A well-known China-based company in establishing and improving its global data compliance system, establishing a global data network and operating mechanism (such as data localization and cross-border transfer, among other practices), advising on various data issues relating to products and services in the global markets, assisting it to deal with various global emergencies (such as data leaks, government investigations and inquiries) and conducting data compliance due diligence in various investments, and responding to comprehensive data compliance reviews by business partners, such as Facebook.
  • A number of well-known MNCs and Chinese companies (in the AI, big data, automotive and transportation, entertainment, life sciences, e-commerce, consumer product, and manufacturing sectors) in data mapping, gap analysis, and establishing data compliance programs; advising on a series of complex legal issues, such as internal data security management, third-party data cooperation, cross-border data transfer, important data identification, and data localization.
  • A number of companies in responding to data breaches and managing the crises, including filing data breach reports, communicating with a number of regulatory agencies, notifying personal information subjects and handling complaints from personal information subjects, managing media disclosure and tracking public opinion, assisting the companies in filling criminal cases and taking remedial measures.
  • A leading hotel management company in the criminal litigation and an investigation initiated by multiple Chinese law enforcement authorities in connection with alleged cybersecurity law violation. We successfully persuaded the Public Security Bureau (PSB) to withdraw the criminal case and achieved a positive result for the other investigation.
  • A fintech company in a criminal investigation conducted by the PSB and assisting the client in improving its compliance program. The investigation was caused by suspected infringement of personal information by one of the client’s business partners. The PSB dropped the investigation.
  • A China-based media company in a case involving several executives and employees suspected of infringing citizens’ personal information; and assisting the client in reviewing its business models and providing regular data consulting services in relation to its data products. The executives and employees all successfully obtained bail.
  • A Chinese state-owned airline on data compliance matters, including data-related dispute resolution, extraterritorial application of laws and emergency response.
  • A China-based, U.S.-listed company in its data compliance due diligence for a potential investment of a logistics group and its post-merger compliance integration. The due diligence was conducted based on PRC data protection laws and the GDPR.
  • A Chinese company on its data compliance due diligence in connection with its IPO in Hong Kong.
  • A number of Chinese companies and MNCs to evaluate the risk of cross-border data transfers; advising the best transfer solutions under various scenarios.
  • A number of companies in managing dozens of state secrecy review projects in connection with the audit work papers requested by the U.S. Securities and Exchange Commission (SEC) as well as Hong Kong Securities and Futures Commission (SFC).
  • Big Four accounting firms on state secrecy and data privacy relating to audit work papers and the mechanism of cross-border securities investigations.