Christine E Lyon

Practice Areas

Chris helps companies develop privacy and data protection strategies for new products and services, and privacy compliance programs for their customer and employee data, enabling them to leverage the value of their data while complying with evolving global privacy and data protection laws. Working across a broad range of industries—including technology, consumer products, e-commerce, life sciences, retail, hospitality, social media, and professional services—Chris assists clients in navigating privacy risks as they develop innovative new products, services and data-driven initiatives. Chris advises clients on building privacy protections into cutting-edge B2B and B2C offerings, including artificial intelligence (AI) and machine learning, connected products and services (Internet of Things), and marketing platforms. She conducts privacy assessments of new products and services, as well as company-wide data protection compliance reviews. Chris works with clients to develop privacy programs that span multiple jurisdictions and data protection laws, such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), including with respect to cross-border data transfers. She advises clients on workplace and employee privacy issues, such as employee monitoring. Chris has coordinated projects spanning privacy law requirements in dozens of countries, consolidating this information into practical, actionable advice for clients. She helps companies structure and negotiate the privacy aspects of M&A and other strategic transactions to both achieve compliance and manage data risks. She also advises on privacy-related issues arising from litigation and enforcement matters.

Work Highlights

Data protection and governance programs: Developing privacy compliance programs, including internal and external privacy and data protection policies, privacy-related terms for customer and vendor agreements, cross-border data transfer mechanisms (including EU binding corporate rules), and internal privacy governance frameworks and procedures.

Cloud-based services, data analytics and AI: Building privacy protections into new data-driven services, including services leveraging AI and other cutting-edge data analytics, taking into account global data protection requirements and privacy by design principles.

IoT and device manufacturers: Assisting in developing privacy policies and procedures for connected “smart home” appliances and other consumer products, as well as industrial IoT devices, along with related service offerings.

Education