Photo of Gabriela Kennedy

Gabriela Kennedy is a partner of Mayer Brown and head of the Asia IP and TMT group. She is also co-leader of Mayer Brown’s global Intellectual Property practice and a member of the firm’s global Cybersecurity & Data Privacy and Technology & IP Transactions practices. She is based in Hong Kong, practising intellectual property, media, information technology and telecommunications law. She handles the full spectrum of intellectual property work from litigation to licensing, strategic advice and portfolio management. Gabriela advises extensively on technology and data protection issues in Hong Kong and throughout Asia, particularly in relation to business processing outsourcing, the cross-border transfer of data, data compliance, data breaches and cybersecurity issues. She has handled a number of data breach complaints filed with the Privacy Commissioner in Hong Kong and has conducted in-depth data audits and drafted/devised privacy manuals and procedures for the Asia operations of a number of multi-national companies. On the information technology side, Gabriela's particular expertise includes advising on complex IT transactions and projects, IT outsourcing, cloud-computing, mobile payments, smart card projects, the regulation of encryption technology, software licensing, and disputes stemming from failed IT projects. She has been involved with a number of international organisations in discussions involving standard setting for the cross-border transfer of data and the formulation of strategies to deal with cyber-security.

Read Gabriela's full bio.

On the eve of the “Golden Week” in China, the Cyberspace Administration of China (CAC) published the draft Provisions on Regulating and Promoting Cross-Border Data Transfers (the “Draft Provisions”) on 28 September 2023.1

The Draft Provisions provide a welcome rollback of some of the onerous cross-border data transfer regime, first introduced by the Personal

The Secretariat of the National Information Security Standardisation Technical Committee (TC260) released a draft revision of the Technical Specification for Certification of Cross-Border Transfers of Personal Information (Certification Specification V2.0) on 8 November 2022, nearly five months after it issued the finalised specification of the same name (Certification Specification V1.0) (see our previous Legal Update

New ‘Draft Rules for the Regulations on the Management of Human Genetic Resources’ (Draft Rules) were issued by the Ministry of Science and Technology of the PRC (MOST) on 14 March 2022.

Issued pursuant to the Biosecurity Law and the Data Security Law, the Draft Rules are a response from the government to the growing

On 24 June 2022, the Secretariat of the National Information Security Standardisation Technical Committee (TC260) issued the Technical Specification for Certification of Cross-Border Transfers of Personal Information (the Certification Specification), eight weeks after it first issued the draft of the same name (the Draft). The relatively speedy finalisation of the Certification Specification is a reflection

More than nine months after the Personal Information Protection Law (PIPL) came into force in the PRC, the Cyberspace Administration of China (CAC) issued the long-awaited Draft Provisions on Standard Contracts for the Export of Personal Information (Draft Provisions) on 30 June 2022.

The Draft Provisions supplement Article 38(3) of the PIPL, which provides that

On 12 May 2022, the Hong Kong Privacy Commissioner for Personal Data (PCPD) issued a Guidance Note on the Recommended Model Contractual Clauses for Cross-border Transfers of Personal Data (2022 Guidance).

The 2022 Guidance is split into three “parts”:

  1. Part 1 is an introduction of the 2022 Guidance and the rationale underpinning it;
  2. Part 2

New draft Regulations on the Online Protection of Minors (Draft Regulations) were released by the Cyberspace Administration of China (CAC) on 14 March 2022. They update the 2016 Draft Regulations of the same name which were released for public comment but never adopted.

The latest Draft Regulations have been issued pursuant to the PRC Law

On 2 March 2022, the Cyberspace Administration of China (“CAC”) issued draft regulations on the administration of internet pop-up push notifications (the “Draft Regulations”). The Draft Regulations were issued pursuant to a number of laws, including the Cybersecurity Law.

The Draft Regulations bid to further tighten government control over the news followed a

In this National Cybersecurity Awareness Month conversation, Mayer Brown lawyers from our global practice will discuss the latest legal trends and developments relating to cybersecurity in China, Europe and the UK. Topics will include:

  • The implications for international businesses seeking to comply with China’s new Data Security Law and Personal Information Protection Law in combination

On 20 August 2021, China’s much anticipated Personal Information Protection Law (PIPL) was passed. The new law will come into force on 1 November 2021. The PIPL, Cybersecurity Law and the new Data Security Law (which came into force on 1 September 2021) now form the main legal framework governing data security and the handling