Esther Franks

Ms. Franks’ experience includes advising:

Data Privacy and Security

• Facebook on:
  • Rolling out its COVID-19 grants program across the Asia Pacific region, including on data privacy, terms and conditions, and vendor agreements
  • A number of regulatory investigations and inquiries into purported data breaches and alleged instances of non-compliance
• Farfetch, an online fashion retail platform, on privacy and cybersecurity
• A multinational telecommunication services company on data privacy relating to developing its digital communications platform
• Majestic on many aspects of data protection, including marketing, data subject requests, and intragroup documentation (such as data protection policies, intragroup export arrangements, records of processing, and breach procedures)
• Advising a leading international airline, and its low-cost carrier, on global cybersecurity and data compliance, including establishing a global compliance program, establishing procurement and contracting protocols for data processing, protocols for HR and employment data, and general GDPR compliance
• Healthcare and pharmaceutical companies on data protection matters, including in the context of sharing clinical trial data
• An adtech company on the full suite of GDPR-compliant contracts required for each participant in the adtech ecosphere, as well as the IAB framework, appropriate privacy policies, legal basis, and consent mechanisms
• An entertainment multinational on a data collaboration to launch a new application and online portal, including on database transfers and licensing, privacy policies, terms of service, cookies, children’s consent, and advertising
• A Chinese internet and social media company on its GDPR compliance project, particularly in relation to its advertising arrangements and consent mechanisms
• A telecommunications company on its digital platform OTP communications system on the eprivacy regulations and the use of communications data
• A number of multinational clients on global whistleblowing policies and associated data privacy implications
• A gaming company on its GDPR compliance, including appointing a data privacy officer, compliant contracting, privacy policies, consent mechanisms, and legal basis analysis (including automatic processing with respect to building profiles of users)
• Multiple clients on privacy policies and data privacy considerations for initial coin offerings

Commercial Contracts and Outsourcing

• Norgine on due diligence regarding financing a potential acquisition, with respect to its licensing arrangements, intellectual property, and commercial contracts
• A technology company on data breaches and reporting to regulators, including mitigation and consumer notices
• A leading Hong Kong-headquartered company on rolling out its global COVID-19 healthcare tools across Asia and Europe
• A global online retailer in relation to the purchase of database and the ability to exploit it on a cross-border basis
• A multinational consumer goods company on exiting an existing IT services agreement in the context of changing its global ITO supplier
• A leading New Zealand insurance company on re-negotiating its agreement for outsourced project management services
• A New Zealand Crown-owned company on procuring the ultra-fast broadband network for New Zealand, including the agreement’s subsequent re-negotiation
• A multinational fast-moving consumer goods (FMCG) company on the second-generation outsourcing of data centers
• A global retailer on procuring cloud-based infrastructure
• A health-related entity on outsourcing print and order management (including payment processing) and dispatching its educational health resources
• The New Zealand Department of Corrections on outsourcing two prisons’ design, construction, finance, asset management, and facilities maintenance
• A software vendor on preparing a suite of IT agreements, including SaaS, licenses, development, and consultation
• A global technology company on rolling out its global collaboration and communication platform, including drafting the terms and conditions for business and consumer users across multiple jurisdictions
• A healthcare group on setting up an app for booking appointments
• District Health Boards Shared Services on behalf of New Zealand’s 20 District Health Boards, the national community pharmacy services agreement with all community pharmacies
• A global online marketplace on its contract with telecom-related vendors
• A professional service multinational on acquiring and licensing bespoke software and other IP to exploit as a new business

Corporate

• A professional service multinational on the acquisition and licensing of bespoke software and other IP to exploit as a new business
• A global retailer on its joint ventures licensing IP and data for new online platforms
• A multinational tour operator on its joint venture in China
• A healthcare group on the licensing of its IP assets
• A significant manufacturer in a collaboration agreement related to supply of products
• SunPower, a majority-owned subsidiary of Total, its spinoff of SunPower and Maxeon Solar Technologies, a Singapore-based provider of Interdigitated Back Contact products and premium solar panels, and a corresponding investment in Maxeon by Tianjin Zhonghuan Semiconductor Co.
• A global healthcare group on an acquisition, including the regulatory risks associated with UK operations
• Farfetch on acquiring certain operating assets of Style.com, an e-commerce fashion site
• HLT Healthcare, a TPG Capital and Hong Leong joint venture, on acquiring Columbia Asia Healthcare, a Malaysia-based healthcare company that operates 17 hospitals and a clinic across Malaysia, Indonesia, and Vietnam
• The seller on the data privacy, IP, and commercial contracts aspects of selling a ride-sharing platform in Asia
• The Carlyle Group and The Nature’s Bounty Co. on selling Holland & Barrett, a health and wellness retail chain, to L1 Retail, LetterOne’s retail investment arm
• Norsk Hydro of Rio Tinto Iceland (ISAL), an Iceland-based aluminum plant, on acquiring Aluminium & Chemie Rotterdam, a Netherlands-based chemical plant, and Alufluor, a Sweden- based aluminum fluoride producer
• RPC Group on selling United Closures and Plastics, a UK- based spirits closures business
• Coca-Cola on acquiring Chi Limited, a Nigeria-based producer and seller of juices, dairy products, and snacks
• Silver Lake Partners on acquiring TEG, an Australia-based live entertainment and ticketing company
• TPG Sixth Street Partners on an equity investment in AvePoint, a provider of enterprise-class governance and infrastructure management solutions for Microsoft SharePoint
• Acquisition by Intuit of TradeGecko Pte. Ltd., a Singapore-based software-as-a-service company developing online inventory and order management software

Thought Leadership

• “Extensive Changes to Singapore’s Data Protection Regime Take Effect” Latham & Watkins Article (February 2021)
• “Hong Kong Considers Sweeping Changes to Privacy Laws” Latham & Watkins Client Alert (January 2020)