Esther Franks leads the Data and Technology Transactions Practice in the firm’s Singapore office, and advises clients on complex cross-border data privacy and regulatory issues with an Asia nexus.

Esther leverages her technical science background and a sophisticated understanding of global markets to help clients navigate myriad regulations across the healthcare, technology, internet, insurance, financial services, gaming, entertainment, and social media sectors. She advises on:

  • Regulations and investigations, including those involving artificial intelligence and platform regulation
  • Data privacy compliance with laws across APAC, GDPR, and eprivacy laws
  • Strategies for compliant exploitation of data
  • Data breaches and reporting
  • Technology, intellectual property, and data licensing
  • Commercial contracts and collaborations

She has completed secondments to a global social media company’s data protection and cybersecurity teams, where she focused on GDPR compliance and security matters, and to a major global retail company and a multinational consumer goods company, where she acted as legal counsel for their respective global procurement functions, focusing on technology-related procurement and outsourcing.

A recognized thought leader, she is a member of IAPP (the International Association of Privacy Professionals) and holds IAPP/CIPP/E certification. She regularly speaks and writes on topics related to privacy and AI.

Esther has served on the firm’s Privacy Committee, Security Committee, and WEB Committee.

Esther’s experience includes advising:

Data Privacy and Security

  • Meta on:
    • Rolling out its COVID-19 grants program across the Asia Pacific region, including on data privacy, terms and conditions, and vendor agreements
    • A number of regulatory investigations and inquiries into purported data breaches and alleged instances of non-compliance
  • Farfetch, an online fashion retail platform, on privacy and cybersecurity
  • A multinational telecommunication services company on data privacy relating to developing its digital communications platform
  • Majestic on many aspects of data protection, including marketing, data subject requests, and intragroup documentation (such as data protection policies, intragroup export arrangements, records of processing, and breach procedures)
  • Advising a leading international airline, and its low-cost carrier, on global cybersecurity and data compliance, including establishing a global compliance program, establishing procurement and contracting protocols for data processing, protocols for HR and employment data, and general GDPR compliance
  • Healthcare and pharmaceutical companies on data protection matters, including in the context of sharing clinical trial data
  • An adtech company on the full suite of GDPR-compliant contracts required for each participant in the adtech ecosphere, as well as the IAB framework, appropriate privacy policies, legal basis, and consent mechanisms
  • An entertainment multinational on a data collaboration to launch a new application and online portal, including on database transfers and licensing, privacy policies, terms of service, cookies, children’s consent, and advertising
  • A Chinese internet and social media company on its GDPR compliance project, particularly in relation to its advertising arrangements and consent mechanisms
  • A telecommunications company on its digital platform OTP communications system on the eprivacy regulations and the use of communications data
  • A number of multinational clients on global whistleblowing policies and associated data privacy implications
  • A gaming company on its GDPR compliance, including appointing a data privacy officer, compliant contracting, privacy policies, consent mechanisms, and legal basis analysis (including automatic processing with respect to building profiles of users)
  • Multiple clients on privacy policies and data privacy considerations for initial coin offerings
  • A technology company on data breaches and reporting to regulators, including mitigation and consumer notices

Commercial Contracts and Outsourcing

  • Norgine on due diligence regarding financing a potential acquisition, with respect to its licensing arrangements, intellectual property, and commercial contracts
  • A leading Hong Kong-headquartered company on rolling out its global COVID-19 healthcare tools across Asia and Europe
  • A global online retailer in relation to the purchase of database and the ability to exploit it on a cross-border basis
  • A multinational consumer goods company on exiting an existing IT services agreement in the context of changing its global ITO supplier
  • A multinational fast-moving consumer goods (FMCG) company on the second-generation outsourcing of data centers
  • A global retailer on procuring cloud-based infrastructure
  • A health-related entity on outsourcing print and order management (including payment processing) and dispatching its educational health resources
  • A software vendor on preparing a suite of IT agreements, including SaaS, licenses, development, and consultation
  • A global technology company on rolling out its global collaboration and communication platform, including drafting the terms and conditions for business and consumer users across multiple jurisdictions
  • A healthcare group on setting up an app for booking appointments
  • A global online marketplace on its contract with telecom-related vendors
  • A professional service multinational on acquiring and licensing bespoke software and other IP to exploit as a new business
  • A professional service multinational on the acquisition and licensing of bespoke software and other IP to exploit as a new business
  • A global retailer on its joint ventures licensing IP and data for new online platforms
  • A multinational tour operator on its joint venture in China
  • A healthcare group on the licensing of its IP assets
  • A significant manufacturer in a collaboration agreement related to supply of products

Corporate

  • SunPower, a majority-owned subsidiary of Total, its spinoff of SunPower and Maxeon Solar Technologies, a Singapore-based provider of Interdigitated Back Contact products and premium solar panels, and a corresponding investment in Maxeon by Tianjin Zhonghuan Semiconductor Co.
  • A global healthcare group on an acquisition, including the regulatory risks associated with UK operations
  • Farfetch on acquiring certain operating assets of Style.com, an e-commerce fashion site
  • HLT Healthcare, a TPG Capital and Hong Leong joint venture, on acquiring Columbia Asia Healthcare, a Malaysia-based healthcare company that operates 17 hospitals and a clinic across Malaysia, Indonesia, and Vietnam
  • The seller on the data privacy, IP, and commercial contracts aspects of selling a ride-sharing platform in Asia
  • The Carlyle Group and The Nature’s Bounty Co. on selling Holland & Barrett, a health and wellness retail chain, to L1 Retail, LetterOne’s retail investment arm
  • Norsk Hydro of Rio Tinto Iceland (ISAL), an Iceland-based aluminum plant, on acquiring Aluminium & Chemie Rotterdam, a Netherlands-based chemical plant, and Alufluor, a Sweden- based aluminum fluoride producer
  • RPC Group on selling United Closures and Plastics, a UK- based spirits closures business
  • Coca-Cola on acquiring Chi Limited, a Nigeria-based producer and seller of juices, dairy products, and snacks
  • Silver Lake Partners on acquiring TEG, an Australia-based live entertainment and ticketing company
  • TPG Sixth Street Partners on an equity investment in AvePoint, a provider of enterprise-class governance and infrastructure management solutions for Microsoft SharePoint
  • Acquisition by Intuit of TradeGecko Pte. Ltd., a Singapore-based software-as-a-service company developing online inventory and order management software

Thought Leadership

  • “Extensive Changes to Singapore’s Data Protection Regime Take Effect” Latham & Watkins Article (February 2021)
  • “Hong Kong Considers Sweeping Changes to Privacy Laws” Latham & Watkins Client Alert (January 2020)
  • “China’s New AI Regulations” Latham & Watkins Client Alert (August 2023)
  • “Data Privacy & Transfer in Investigations (Singapore Chapter)” Global Investigations Review 2023

Bar Qualification

  • England and Wales (Solicitor)
  • New Zealand (Solicitor-Barrister)

Education

  • B.Sc. in Pharmacology, University of Otago, 2010
  • LL.B. in Law, University of Otago, 2010
Badges and Logos_Law360_Fintech Group of the Year_2024
February 20, 2025 Recognition

Fintech Group of the Year: Latham

Firm honored by Law360 for advising startups, financial institutions, VCs, digital asset and Web3 participants, and corporations on their most innovative and complex transactions, investigations, litigation, and regulatory matters.