Karen Lee is a counsel in the IP & TMT group of Mayer Brown in Hong Kong, and is part of the firm’s global Cybersecurity & Data Privacy practice. Her focus is on commercial and non-contentious IP & TMT matters, as well as data privacy.

Karen's experience includes working on large-scale multi-jurisdictional outsourcing projects, and drafting technology procurement and management services agreements covering the Asia-Pacific Region. She regularly drafts and negotiates a wide range of IT and IP commercial agreements, including software licence agreements; consulting, development and services agreements; data centre agreements; software as a services agreements; procurement contracts; franchise agreements; distribution agreements; end-user software licence agreements; intellectual property licenses and assignments, and non-disclosure agreements. Karen also provides regular support for merger and acquisition transactions, including carrying out the IT and IP due diligence, and amending or drafting the related licences, assignments and warranties.

Karen also has extensive experience advising on cybersecurity and data privacy issues, including carrying out data privacy audits, drafting personal information collection statements, privacy policies and internal guidelines on how clients can comply with data privacy laws.

Karen also advises on domain name issues, and has filed and succeeded in numerous UDRP and URS complaints.

Karen was named 'Rising Star in Intellectual Property' at the Euromoney Asia Women in Business Law Awards (2016).

She is admitted in Hong Kong.

Spoken Languages

  • English
Staying Ahead of the Curve: Cybersecurity and Data Privacy–Hot Topics for Global Businesses
Legal Perspectives for Technology & Innovation


Information Technology and Outsourcing

  • Advised a multinational banking and financial services organisation in relation to the HK$44 million launch of their new mobile e-wallet payment platform including handling the outsourcing and regulatory authorisations, drafting and negotiating the outsourcing agreement between the client and its service provider for the operation and maintenance of the e-wallet, the end user terms and conditions and personal data collection statement and privacy policy.
  • Advised an airport operator on the drafting of a contract relating to a tender for the acquisition of a video analytics system that utilizes artificial intelligence.
  • Acted for a leading airline in relation to the outsourcing of its internal data centre operations for its critical and core system to a third party service provider, and drafted and negotiated the data centre services agreement.
  • Advised a leading investment bank on the outsourcing of facilities management services, and assisted in amending the local agreements and data protection agreements to ensure compliance with local data privacy laws for several Asian jurisdictions.
  • Acted for an IT company on all contractual aspects concerning the launch of its new messaging platform, which is the first financial industry supported messaging platform of its type, including drafting and negotiating the subscription agreement for subscribers to the platform, and reviewing and amending the vendor agreements to obtain hardware, software and cloud services in support of the platform.
  • Advised a real estate developer in Hong Kong on regulatory issues with respect to stored value facilities (SVF) for their retail offering. We provided advice on compliance with regulatory bodies such as the HKMA.
  • Advised a real estate developer in Hong Kong on their service agreement with a payment gateway service.
  • Advised a financial institution in Hong Kong on their chatbot initiative, including drafting their user Terms & Conditions and the merchant agreements for merchants who are accepting payments via the chatbot.
  • Advised an IT start-up company in its innovative new technology combining smartphone hardware and apps, including reviewing and amending web and app development agreements, cloud services agreements, and the developer agreement.
  • Advised on a Software as a Service Agreement between a leading property developer and software company for the provision of a software solution for lease management, and providing data privacy advice on the transfer of personal data for the foregoing purpose.
  • Represented a major investment bank in the outsourcing of facilities management services, and assisted in amending the local agreements and data protection agreements to ensure compliance with local data privacy laws for Hong Kong, China, the Philippines, South Korea, Japan, Taiwan, Thailand, Indonesia, India, Malaysia, Singapore, Vietnam, Australia and New Zealand.
  • Advised a leading media and information company in the outsourcing of facilities management services, and assisted in amending the local agreements and data protection agreements to ensure compliance with local data privacy laws for Hong Kong, China, the Philippines, South Korea, Japan, Taiwan, Thailand, Indonesia, India, Malaysia, Singapore, Australia and New Zealand.
  • Advised an airport operator on the adoption of an e-tendering system and on private/public certificates. Advised on a variety of IT contracts including contracts relating to the use of radio frequency identification technology to track luggage, technology for screening and transporting luggage to and from airplanes and technology for self-check in kiosks.
  • Acted for leading gaming company on the drafting and negotiation of a consultancy services agreement with a global IT company for the development of a data management system.
  • Advising a French luxury brand on IT and Data Centre Agreements for a data centre in Hong Kong.
  • Advised a global multinational supply chain manager on all IP and IT aspects relating to the acquisition of an e-commerce platform.
  • Advised a leading insurance company on a transitional services agreement and software licence agreement, as part of a large share purchase acquisition.
  • Advised a shopping mall in Hong Kong, on setting up an e-commerce platform, including their potential liability for third party content (i.e. copyright infringement and defamation), the Trade Descriptions Ordinance and data privacy issues.
  • Advised an Asia Pacific financial institution on the development and use of a cloud system.
  • Advised a leading supplier of casino gaming technology, with headquarters in Australia on the legal framework and parameters of social gaming to ensure the client does not breach provisions under the Gambling Ordinance (Cap. 148) and Hong Kong regulators. Our advice enables the client to successfully enter the Hong Kong market.

Intellectual Property

  • Acted for a global multinational supply chain company in drafting and negotiating several agreements with a famous French clothing brand for the manufacture and distribution of clothes and the operation of stores throughout Asia.
  • Advised an international food and beverage company on all intellectual property issues relating to the dissolving of a joint venture in Indonesia.
  • Drafted a franchise agreement for a leading US coffee company, and providing related intellectual property advice.
  • Drafted franchise agreements for a football academy covering various Asian jurisdictions.
  • Drafted and advised an international airline on a design collaboration agreement for the development of luxury cabins, including all intellectual property aspects of the deal.
  • Advised a major music label on its acquisition of the recorded music catalogue and artist roster of one of the largest independent music companies in China with operations in the PRC, Taiwan and Hong Kong. The deal involved some pre-sale restructuring and an asset sale in the PRC which involved some technical artist consent and transfer of IP issues.
  • Provided copyright advice to a leading Asian retail company in relation to the negotiation of a film licence agreement and merchandising agreement for their mascot.
  • Drafted a template procurement agreement for a global supply chain manager, in relation to the procurement of various goods or services, including guidelines on how the template should be used internally.
  • Reviewed and amended research collaboration agreements, including an agreement between a resource-based manufacturing company and a national research institution.

Data Privacy

  • Advised an international financial institution on the laws and regulations governing client data and personal data across 14 Asia Pacific jurisdictions, covering personal data privacy laws, outsourcing regulations and banking regulations.
  • Advised an international luxury hotel group on the collection and use of personal data in light of the China Cybersecurity Law.
  • Advised a leading Asian retail group on the application of the China Cybersecurity Law and the EU GDPR in relation to the use of outsourced third party service providers to provide payroll and attendance record services.
  • Advised several international luxury fashion brands on the personal data privacy laws of various jurisdictions in Asia, including Hong Kong, Taiwan, Singapore, Malaysia and South Korea, on the collection, use, processing, transfer and retention of personal data, and reviewing and amending the client's internal personal data guidelines.
  • Carried out a data privacy due diligence for an investment firm, and amended their internal guidelines and employee handbook for the handling of personal data, and drafted various personal information collection statements for employee-related personal data.
  • Provided a hotel group with data privacy advice on the collection and use of personal data on food and beverage preferences, allergies and other health related data and the processing of table reservations at food and beverage outlets operated by the hotel group, and the sending of direct marketing materials to corporate clients.
  • Advised a travel management company on its privacy policy and terms and conditions in relation to the launch of their online booking system.
  • Advised an international operator of luxury residences on Hong Kong data privacy issues in relation to the collection, use and transfer of personal data inside and outside Hong Kong, and reviewed and amended the company's template clauses for inclusion in third party service provider agreements regarding the retention and use of personal data; the data privacy policy and cookies policy.
  • Advised a leading insurance company on the transfer, processing, retention, storage and use of personal data by an IT service provider company outside of Hong Kong.
  • Conducted an Asia Pacific data privacy audit for global alternative asset manager to ensure that its policies and procedures are in compliance with data privacy laws on the collection, use, disclosure, transfer and processing of personal data of job applicants and employees.
  • Advised a leading business and data analytics company on the risks posed under Hong Kong law in relation to the collection of personal data from public records which are then used in business reports and marketing activities.
  • Advised a leading oil and gas company on amending and reviewing their application form, personal information collection statement and terms and conditions in relation to its discount card membership program.
  • Advised a leading luxury Italian fashion brand on their handling of customers' personal data for direct marketing purposes in Hong Kong.
  • Assisted an internationally renowned Italian luxury brand with its compliance with data access requests under the Hong Kong data privacy laws.
  • Advised a leading Italian luxury fashion and cosmetics brand on their handling of customers' personal data for direct marketing purposes in Hong Kong.
  • Advised a leading Italian luxury footwear and handbag brand on the cross border transfer of personal data in compliance with data privacy laws across 7 jurisdictions.
  • Led data audits for clients, review of policies and drafting of data protection manuals.
  • Handled a number of complaints to the Privacy Commissioner.
  • Handled and led many Pan-Asian data protection projects (mostly for banks, relating to data processing, cross-border transfer issues and disclosure of information to overseas authorities).


  • Advised a China-based listed company on several matters concerning the telecommunication licensing, data privacy and unsolicited electronic messaging requirements in relation to the client’s international SMS messaging service, SIP voice line services, cloud services and other value added services. They concerned the cross-border nature of telecommunications services, and the related licensing and data privacy issues.
  • Advised a Chinese state-owned company on their investment in a telecommunications infrastructure and civil engineering business to fund the construction and deployment of a new telecommunication infrastructure to 600 villages in Hong Kong, in order to be able to provide the residents in the villages with broadband services. Provided advice on the type of telecommunication permits and licences (including the unified carrier license) that need to be obtained in order to operate in the business of construction of telecommunications infrastructure in Hong Kong.
  • Advised a financial software, data, and media company on the provision of "click-to-dial" services on its platform, which is an emerging method of communication which does not fit squarely into the existing regulatory framework.

Domain Names

  • Handled over 60 domain name complaints, including UDRP and URS complaints.


The University of Hong Kong, PCLL

The College of Law, London, LPC

London School of Economics and Political Science, LLB
Upper Second Class Honours


  • Hong Kong
  • Rising Star in IP – Euromoney Asia Women in Business Law Awards (2016)