Data Privacy, Cybersecurity and Information Law

Data privacy and cybersecurity issues have become increasingly important in the modern business world where technology is changing at a fast pace and information and data become core to businesses in many industrial sectors.  JunHe recognizes that privacy and internet compliance has drawn the close attention of many multinational and domestic clients who do business in China, as well as Chinese companies expanding overseas.  We provide compliance advice on a full range of privacy, data protection and cybersecurity issues for our clients in various industries: from traditional manufacturing, medical services, consumer products and education to e-commerce, advertising, big data and cloud computing, traffic administration, credit investigation and internet finance.  We also keep apace with and research legal cases in relation to changing technologies.  We have extensive knowledge and experience to help our clients navigate the areas of law relating to these sectors.


Our Team


Our Privacy and Cybersecurity group has been extremely active in researching and advising on issues relating to privacy, cybersecurity and data protection.  Their focus is not only on the latest developments in China, but also on new developments and practices across jurisdictional lines.  Personal data issues rarely exist in a vacuum, and in many instances they relate to employment, corporate, intellectual property and litigation.  Combined with our proven expertise in these areas, we are able to work with industry experts to quickly understand the concerns and needs of our clients, and provide clear, precise and practical advice to our clients within the time required under relatively ambiguous regulations.  It is our creative and innovative approach that differentiates us from others and ensures that we can add value to the business of our clients.  By closely following the development of legislation, we do not lose sight of how laws are developing and its potential impact on business.


Key Practice Areas


  • Compliance: advising on compliance matters related to the steps and strategies of personal data protection and cybersecurity in various industries, and assisting clients in formulating compliance plans;

  • Policymaking: based on our clients particular conditions, assisting them in formulating policies and systems for compliance purposes, and conducting compliance audits and providing related training;

  • Commercial Arrangements: assisting and advising clients in risk assessment,data protection and cybersecurity in connection with various business partnerships, and assisting with designing appropriate commercial structures and contractual arrangements to meet the needs of risk control;

  • Employee Data: advising on the collection, processing and transmission of employee data for various purposes such as employee management and investigation, and formulating policies accordingly;

  • Cross-border Transfer: advising on cross-border transfer of information of different natures, either for M&A transactions or group management purposes, and drafting data transfer and/or processing agreements;

  • Investigation and Litigation & Arbitration: advising on the collection, use and transfer of information in connection with an investigation (FCPA, SEC investigation or others) or litigation and arbitration proceedings, either in China or overseas;

  • Data Security: advising on appropriate corrective measures to be taken in case of any data breach, and assisting with emergency responses.

Recent Representative Cases

Advising several companies in various industries on compliance with the latest Cybersecurity Laws;


Advising several companies in various industries on matters related to marketing, advertising, IT, cloud services and the Internet of Things;


Assisting several companies in developing privacy policies, employment information policies and internal compliance policies;


Advising several companies in various industries on commercial encryption and data transfer issues;


Drafting, reviewing and negotiating agreements and documents of all types in relation to data collection, usage, processing and transfer;


Providing several companies with legal assessments and suggestions in respect of their various types of data collection and processes; and


Providing several companies with compliance support in connection with their internal investigations, governmental investigations and cross-border arbitration and litigation.