Esther Franks leads the Data and Technology Transactions Practice in the firm’s Singapore office, and advises clients on complex cross-border data privacy and regulatory issues with an Asia nexus.

Ms. Franks leverages her technical science background and a sophisticated understanding of global markets to help clients navigate myriad regulations across the healthcare, technology, internet, insurance, financial services, gaming, entertainment, and social media sectors. She advises on:

  • Regulations and investigations, including those involving artificial intelligence and platform regulation
  • Data privacy compliance with laws across APAC, GDPR, and eprivacy laws
  • Strategies for compliant exploitation of data
  • Data breaches and reporting
  • Technology, intellectual property, and data licensing
  • Commercial contracts and collaborations

She has completed secondments to a global social media company’s data protection and cybersecurity teams, where she focused on GDPR compliance and security matters, and to a major global retail company and a multinational consumer goods company, where she acted as legal counsel for their respective global procurement functions, focusing on technology-related procurement and outsourcing.

A recognized thought leader, she is a member of IAPP (the International Association of Privacy Professionals) and holds IAPP/CIPP/E certification. She regularly speaks and writes on topics related to privacy and AI.

Ms. Franks has served on the firm’s Privacy Committee, Security Committee, and Women Enriching Business (WEB) Committee.

Ms. Franks’ experience includes advising:

Data Privacy and Security

  • Meta on:
    • Rolling out its COVID-19 grants program across the Asia Pacific region, including on data privacy, terms and conditions, and vendor agreements
    • A number of regulatory investigations and inquiries into purported data breaches and alleged instances of non-compliance
  • Farfetch, an online fashion retail platform, on privacy and cybersecurity
  • A multinational telecommunication services company on data privacy relating to developing its digital communications platform
  • Majestic on many aspects of data protection, including marketing, data subject requests, and intragroup documentation (such as data protection policies, intragroup export arrangements, records of processing, and breach procedures)
  • Advising a leading international airline, and its low-cost carrier, on global cybersecurity and data compliance, including establishing a global compliance program, establishing procurement and contracting protocols for data processing, protocols for HR and employment data, and general GDPR compliance
  • Healthcare and pharmaceutical companies on data protection matters, including in the context of sharing clinical trial data
  • An adtech company on the full suite of GDPR-compliant contracts required for each participant in the adtech ecosphere, as well as the IAB framework, appropriate privacy policies, legal basis, and consent mechanisms
  • An entertainment multinational on a data collaboration to launch a new application and online portal, including on database transfers and licensing, privacy policies, terms of service, cookies, children’s consent, and advertising
  • A Chinese internet and social media company on its GDPR compliance project, particularly in relation to its advertising arrangements and consent mechanisms
  • A telecommunications company on its digital platform OTP communications system on the eprivacy regulations and the use of communications data
  • A number of multinational clients on global whistleblowing policies and associated data privacy implications
  • A gaming company on its GDPR compliance, including appointing a data privacy officer, compliant contracting, privacy policies, consent mechanisms, and legal basis analysis (including automatic processing with respect to building profiles of users)
  • Multiple clients on privacy policies and data privacy considerations for initial coin offerings
  • A technology company on data breaches and reporting to regulators, including mitigation and consumer notices

Commercial Contracts and Outsourcing

  • Norgine on due diligence regarding financing a potential acquisition, with respect to its licensing arrangements, intellectual property, and commercial contracts
  • A leading Hong Kong-headquartered company on rolling out its global COVID-19 healthcare tools across Asia and Europe
  • A global online retailer in relation to the purchase of database and the ability to exploit it on a cross-border basis
  • A multinational consumer goods company on exiting an existing IT services agreement in the context of changing its global ITO supplier
  • A multinational fast-moving consumer goods (FMCG) company on the second-generation outsourcing of data centers
  • A global retailer on procuring cloud-based infrastructure
  • A health-related entity on outsourcing print and order management (including payment processing) and dispatching its educational health resources
  • A software vendor on preparing a suite of IT agreements, including SaaS, licenses, development, and consultation
  • A global technology company on rolling out its global collaboration and communication platform, including drafting the terms and conditions for business and consumer users across multiple jurisdictions
  • A healthcare group on setting up an app for booking appointments
  • A global online marketplace on its contract with telecom-related vendors
  • A professional service multinational on acquiring and licensing bespoke software and other IP to exploit as a new business
  • A professional service multinational on the acquisition and licensing of bespoke software and other IP to exploit as a new business
  • A global retailer on its joint ventures licensing IP and data for new online platforms
  • A multinational tour operator on its joint venture in China
  • A healthcare group on the licensing of its IP assets
  • A significant manufacturer in a collaboration agreement related to supply of products


  • SunPower, a majority-owned subsidiary of Total, its spinoff of SunPower and Maxeon Solar Technologies, a Singapore-based provider of Interdigitated Back Contact products and premium solar panels, and a corresponding investment in Maxeon by Tianjin Zhonghuan Semiconductor Co.
  • A global healthcare group on an acquisition, including the regulatory risks associated with UK operations
  • Farfetch on acquiring certain operating assets of, an e-commerce fashion site
  • HLT Healthcare, a TPG Capital and Hong Leong joint venture, on acquiring Columbia Asia Healthcare, a Malaysia-based healthcare company that operates 17 hospitals and a clinic across Malaysia, Indonesia, and Vietnam
  • The seller on the data privacy, IP, and commercial contracts aspects of selling a ride-sharing platform in Asia
  • The Carlyle Group and The Nature’s Bounty Co. on selling Holland & Barrett, a health and wellness retail chain, to L1 Retail, LetterOne’s retail investment arm
  • Norsk Hydro of Rio Tinto Iceland (ISAL), an Iceland-based aluminum plant, on acquiring Aluminium & Chemie Rotterdam, a Netherlands-based chemical plant, and Alufluor, a Sweden- based aluminum fluoride producer
  • RPC Group on selling United Closures and Plastics, a UK- based spirits closures business
  • Coca-Cola on acquiring Chi Limited, a Nigeria-based producer and seller of juices, dairy products, and snacks
  • Silver Lake Partners on acquiring TEG, an Australia-based live entertainment and ticketing company
  • TPG Sixth Street Partners on an equity investment in AvePoint, a provider of enterprise-class governance and infrastructure management solutions for Microsoft SharePoint
  • Acquisition by Intuit of TradeGecko Pte. Ltd., a Singapore-based software-as-a-service company developing online inventory and order management software

Thought Leadership

  • “Extensive Changes to Singapore’s Data Protection Regime Take Effect” Latham & Watkins Article (February 2021)
  • “Hong Kong Considers Sweeping Changes to Privacy Laws” Latham & Watkins Client Alert (January 2020)
  • “China’s New AI Regulations” Latham & Watkins Client Alert (August 2023)
  • “Data Privacy & Transfer in Investigations (Singapore Chapter)” Global Investigations Review 2023

Bar Qualification

  • England and Wales (Solicitor)
  • New Zealand (Solicitor-Barrister)


  • B.Sc. in Pharmacology, University of Otago, 2010
  • LL.B. in Law, University of Otago, 2010