Carol is the head of MWE China’s Data Practice Group, which focuses on privacy and data protection, and cybersecurity compliance. Carol frequently advises clients on protection of personal information, cross-border data transfer compliance, and data crisis response and management. Carol has extensive experiences in representing clients in high-tech and sensitive industries, including health care, autonomous vehicles, IoT and more. She also has an in-depth understanding of conflicting international data regulation, and has significant experience advising clients on global data compliance solutions.
Prior to joining MWE China, Carol was a partner and head of the compliance group of a large PRC law firm’s Shanghai office.
Advised a leading global consultation institution on a security assessment regarding providing data collected in China to entities overseas as well as potential individual liability in connection to a US government investigation
Advised a large Chinese State-owned financial institution on a global data breach contingency plan
Advised a Chinese mobile phone manufacturer on its compliance program and US export control and FCPA matters, and analysed legal risks and advised on its data sharing and optimization project
Advised a well-known video monitoring supplier on global cybersecurity and privacy protection compliance issues under Chinese, US, and EU law
Advised a leading 3D technology company on GDPR compliance, and assisted in drafting its data processing agreements and privacy and Cookies policies
Advised a Chinese-listed medical healthcare and biotechnology company on Chinese data compliance issues, including healthcare data and human genetic resources protection, data collection risk identification, data storage, and cross-border data transfers, and created data compliance plan for the client
Represented a well-known US-listed Chinese hotel group in handling a major data breach, handle a serious data l, evaluated the legal and reputational risks, and advised on a US class-action lawsuit filed by its investors.
Advised a listed US medical technology company on potential risks in data storage and transfer during its R&D cooperation with a large Chinese pharmaceutical company
Advised a European insurance company on localization and cross-border transfer of healthcare data under Chinese laws during its cooperation with a Chinese medical healthcare platform to develop AI healthcare products
Represented a large State-owned financial institution in its GDPR compliance matters, and advised on financial service operation and cross-border data storage and processing issues for its business in the European Economic Area (EEA)
Advised a Chinese mobile phone manufacturer on legal risks and compliance issues concerning its data sharing and optimization project
Advised a large State-owned financial institution on blockchain compliance
Advised a European luxury goods and fashion company on data privacy issues, and assisted to localize their GDPR policies, establish an e-commerce platform in China, and build a customer information data privacy system
Advised a German finance company on data privacy issues related to its Market Data Dissemination Agreement in China as well as structuring and optimizing data systems and contracts
Assisted a world-renown automobile company in responding to a raid by a Chinese authorities, and provided a customer information collection and protection plan to further the client’s business development goals. With MWE China’s guidance, the client was recognized as an advanced group for cybersecurity by relevant government authorities
Guided a leading US online game developer to review data inventory and identify legal risks, including risks related to cross-border data transfers, personal information protection, government inspection, and information governance, based on its JV structure with its local Chinese operators
Provided global data security and compliance trainings to a well-known Japanese cosmetics company, and advised the client on personal information protection under Chinese laws for its global digital marketing strategy. Drafted the Data Processing Agreement between the client and its overseas third-party digital marketing company and assisted in the client in handling a data breach on its e-commerce platform
Advised a leading global health care products company on its FCPA investigation involving multi-jurisdictional legal issues, and provided legal opinions on Chinese laws and regulations
Conducted internal investigations for various clients concerning employee misconduct, embezzlement, trade secret infringement, and fraud, and successfully helped clients recover losses through negotiation and litigation
Represented multinational companies across a wide range of industries to investigate employee misconduct concerning suspected bribery of suppliers in construction projects
Advised a leading global architecture company on cooperating with a PRC Public Security Bureau investigation on a criminal issues involving a real estate developer
Advised a number of multinationals and Chinese SOEs on the criminal risks of doing business in China
Gave several public speeches for Chinese and foreign companies at conferences and seminars on cybersecurity and data compliance
The affiliated firms of MWE China Law Offices and McDermott Will & Emery have lawyers educated and qualified in China, the United States and Europe. Together, the firms are able to staff Chinese cross-border projects with lawyers who are qualified and experienced in China and in the other country involved in the project.
Carol was ranked as one of “Women in Data” in 2019 by Global Data Review
Do not send any information or documents that you want to have treated as secret or confidential. Providing information to McDermott via email links on this website or other introductory email communications will not create an attorney-client relationship; will not preclude McDermott from representing any other person or firm in any matter; and will not obligate McDermott to keep confidential the information you provide. McDermott cannot enter into an attorney-client relationship with you until McDermott has determined that doing so will not create a conflict of interest and until you and McDermott have entered into a written agreement or engagement letter that sets forth the terms of our relationship.