I came to the data field through working in Fortune 500 multinational companies (such as Nokia) for more than 10 years, and also serving as the general counsel and data protection officer in a renowned AI unicorn company. During this time I witnessed the rapid formulation and implementation of China’s Cybersecurity Law, the GDPR and other related data protection regulations that required my previous company to adopt and implement internal compliance practices. As I was given the chance to be involved in this process, this led me to have a keen interest in the field of data compliance.
Data compliance was a new field a few years ago, and I realised that my previous experience was highly re-usable and could help other companies start their data compliance efforts from scratch. Focusing on legal services relating to corporate data compliance gave me the opportunity to gain a broader understanding of these initiatives across a wide variety of industries.
As data compliance is cutting-edge in many aspects and as it also involves new technologies, one needs to be constantly forward-looking and willing to face new challenges. The constant evolution of technology has created many new data compliance issues for which neither industry nor government has precise answers, and it can be rewarding to study such issues and come up with workable solutions. I believe that it was this sense of challenge and achievement that encouraged me to pursue a career in data compliance.
I feel most proud of building a team of highly qualified, innovative and passionate data compliance attorneys who are skilled in both law and technology and who are committed to helping our clients’ business operation succeed in China’s challenging regulatory environment. To me, being able to share in each client’s journey to success is a special highlight. Over a period of less than 4 years, my team now supports over 150 clients from over 30 countries, many of whom are the top players in their industries and with whom we have worked with for successive years in data compliance issues or other areas of law by cooperating with other specialist legal or technical teams.
I am now closely following new technologies and new application areas, such as connected vehicles, artificial intelligence, cloud computing, internet of things, NFTs, block chain, big data, etc, which are important drivers of industry development. The application of these technologies often involves issues such as prevention of security incidents, ethics, transparency, and protection of user rights, which can lead to issues such as algorithm governance and balancing data utilisation and data compliance needs. Further, as certain application of new technologies may also lead to data fusion and new areas of concern, I believe that data compliance applied to new technology and innovative areas will be raised to a higher level of importance to keep pace with the evolution of the new economy.
Antitrust compliance and platform governance with data incorporated are also topics that require attention and continuous research. Specifically, in recent years, internet platforms have attracted a large number of users and a large amount of data by creating a network ecosystem which has brought convenience to peoples’ lives and work. In order to retain a competitive advantage in obtaining and retaining users, market leaders have created a winner takes all situation. As data and resources continue to be consolidated, monopolies are set up by the creation of market or technical barriers or preferential treatment to related businesses. This has resulted in adverse situations that restrict fair market competition. This situation will certainly lead to the corresponding compliance requirements, and regulators are expected to introduce requirements for platforms to encourage competition and restrict monopoly accordingly.
Cross-border data transfers are an inevitable trend arising from the development of economic globalisation, and the issue of secure and efficient data interconnection and data sharing between jurisdictions is a long-discussed challenge that has yet to result in comprehensive and globally acceptable solution.
An example of how gender gave me a different perspective on a data protection issue at work is that as a mother of a young child, I also appreciate when companies who sell products or services aimed at children take extra steps to protect their data and provide options on how we as parents can manage the use of such data.
With the prevalent use of social media today, there are certain aspects of privacy which perhaps women should be more mindful about, given the many cases involving abuse of private data through bullying and doxxing. In particular, I note the higher risk among female teenagers of being influenced negatively by social media. I believe that being a woman allows me to look at issues from the perspective of vulnerable groups when advising clients on how to build trust with such users.
As certain data protection issues may be more relevant or sensitive to women, I believe that women may pay greater attention to such issues and be more patient and diligent in understanding and resolving such issues.
Data compliance is inextricably linked to technology, and legal analysis needs to be combined with a good understanding of technology. However, technical areas are still male-dominated. Apart from being an expert on data compliance laws and regulation in relevant jurisdictions, female professionals need to also keep up with learning about the latest technology and having a better understanding of the application of new technologies, web system architecture, app functions, plugins, SDKs, data link and security technologies. I am happy to see that more and more women in China have taken up this challenge and are enjoying success in their data compliance careers.
I have also noted that more women in China have also been entrusted with management roles in the last decade. These opportunities are important to allow women to have real-life working experience in developing management skills. As compliance involves such issues as risk management, building of corporate culture, leading from the top and development of management systems, having good management skills is essential.
My first and foremost piece of advice is: never give up. Data compliance is a sunrise industry. While the initial process of research and learning is hard and requires continuous effort, as long as you remain firm in your goals and true to your original aspirations, you will be rewarded. If you are uncertain about whether a data compliance career is what you’re looking for, consider doing an internship or talking with friends or colleagues in this field to understand what their daily work life is like.
Secondly, become a specialist as well as a multidisciplinarian with knowledge of law, compliance, business, technology and management. Develop yourself as an international lawyer by familiarising yourself with the laws and regulation in your country but in other jurisdictions as well. Finally, understand how to apply your knowledge to risk management for business and product operations.