Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
罗嫣律师擅长就美国、欧盟和中国的数据隐私和网络安全、反垄断和竞争法、以及国际贸易法律方面的各类监管事项为客户提供法律咨询。
罗律师在协助跨国公司处理快速发展的中国网络安全和数据隐私规则方面有丰富的经验。她经常为客户就数据本地化和跨境数据转移等战略问题提供重要合规建议,并在战略交易中提供数据保护方面建议。同时,她还就欧盟和美国等主要司法辖区的全球数据治理问题和合规事项为领先的中国科技公司提供咨询服务。
罗律师经常参与中国数据隐私和网络安全方面规则与标准的制定。她作为主要负责人代表科文顿参与中国全国信息安全标准化技术委员会(“TC260”)两个工作组,还是中国人工智能与伦理标准制定小组的一名专家成员。
罗律师在2018年荣获《全球数据评论》(Global Data Review)评选的“40名40岁以下精英律师”奖项,同时,《华尔街日报》和《金融时报》等知名媒体经常引述罗律师的观点意见。
加入本所之前,罗律师在华盛顿特区的美国联邦贸易委员会国际事务办公室完成了实习。她在布鲁塞尔的经验包括代理重要的中国企业处理欧洲委员会以及欧盟成员国国内权力机关主管的贸易、竞争和公共采购事项。
罗律师是国际隐私专业人员协会认证信息隐私专家(CIPP/亚洲)以及美国律师协会反垄断法分会的成员。
数据隐私和网络安全
- 就关键信息基础设施相关规则在内的中国网络安全和数据保护规则为一家领先的美国信用卡支付联盟提供法律咨询服务。
- 就中国跨境数据传输和数据保护的相关要求为一家领先的评级机构提供咨询。
- 就中国法下行业相关的网络安全和数据保护规定为一家领先的美国航空公司提供咨询。
- 为一家领先的运动鞋生产商在交易中提供网络安全和数据保护咨询。
其他监管事项
- 代表一家美国科技公司参与国家发展改革委员会发起的与专利授权相关的调查。
- 就涉及一项关于中国电子支付服务的世界贸易组织决定的市场准入和许可申请事宜为一家领先的支付卡联盟提供咨询。
- 就中国兼并控制和竞争法事宜为领先的生命科学公司提供咨询。
成员资格
- 作为主要负责人代表科文顿参与中国全国信息安全标准化技术委员会(“TC260”)两个工作组
- 美国律师协会反垄断法分会《反垄断在亚洲》大会副主席(2014年5月,北京)
- 认证亚洲信息隐私专家(国际隐私专业人员协会)
职业经历
- 美国联邦贸易委员会国际事务局
March 2021
As the legal, regulatory, and commercial implications of coronavirus COVID-19 continue to evolve, our lawyers and advisors are helping clients navigate the complex considerations that companies around the world are facing and develop plans and strategies in response. Reach out to our COVID-19 task force at COVID19@cov.com. Below is a compendium of resources ...
China's data privacy law
January 29, 2021, Privacy Laws & Business
Yan Luo appeared on “Privacy Paths,” the Privacy Laws & Business’ podcast, to discuss China’s privacy draft law and other cybersecurity legislation.
January 20, 2021, Covington Alert
The Covington Technology Forum – Data in a Connected World, will be taking place on January 27th, 28th, and 29th. Intended for legal and business professionals who manage any aspect of the data economy for their organizations, the Forum will equip attendees with the information and insights they need in order to understand the evolving legal, regulatory and ...
China Issues Rules to Counteract “Unjustified” Extraterritorial Application of Foreign Measures
January 12, 2021, Covington Alert
On January 9, 2021, China’s Ministry of Commerce released the Rules on Counteracting Unjustified Extraterritorial Application of Foreign Legislation and Other Measures, which took effect immediately. Specifically, the Rules are designed to “counteract” the extraterritorial application of “foreign [i.e., non-Chinese] legislation” or “measures” when such ...
October 23, 2020, Covington Alert
On October 21, 2020, the National People's Congress (“NPC”), China’s top legislative body, released its first draft of the Personal Information Protection Law (the “Draft Law”) for public comment (official Chinese version available here and Covington’s unofficial English translation here). The period for public comment ends on November 19, 2020 and comments can ...
October 19, 2020, Covington Alert
On October 17, 2020, China enacted an Export Control Law (“the Law”) that builds upon China’s existing export control regulations, which are scattered across multiple laws, administrative regulations, and rules and measures issued by various departments, with the goal of creating a unified export control system to promote China’s national security and interests ...
October 19, 2020, The Wall Street Journal
Yan Luo is quoted in The Wall Street Journal regarding China’s new export restrictions. Ms. Luo says, “With recent events, China feels a greater need to have this export law in place.” Chinese authorities feel that export-control measures have been used against Chinese companies and they need a way to reciprocate. “The precise point is we don't know how they ...
September 21, 2020, Covington Alert
On September 19, 2020, China’s Ministry of Commerce ("MOFCOM") issued regulations that provide new details on the government’s plans for an “Unreliable Entity List” first proposed in May 2019.
China unveils draft Data Security Law
July 20, 2020, Law360
Yan Luo is quoted in Global Data Review regarding China’s proposed data law intended to protect national security and the development of the digital economy. Ms. Luo says the law marks “a step forward” in establishing a regulatory framework for data security in China. She notes that the proposal has a particular focus on the governance of “important data”, ...
July 14, 2020, Global Data Review
Yan Luo spoke with Global Data Review about China’s new provisions regarding the right to privacy and protection of personal information. Ms. Luo notes that the privacy provisions in the code are stated “only at a high level” – though she does point out that the provisions “remain consistent with [the] Cybersecurity Law.” She says the Civil Code and its privacy ...
July 9, 2020, Covington Alert
China has published a near-final draft of a new Export Control Law that, if enacted as drafted, would build upon China’s existing export control regulations, which are scattered across multiple laws, administrative regulations, and implementation rules, with the goal of creating a unified export control system to promote China’s commitment to nonproliferation ...
Chinese law may require companies to disclose cyber-security preparations outside China
July 3, 2020, Computer Weekly
Yan Luo is quoted in Computer Weekly regarding China’s new draft data security law. Ms. Luo says, “China is considering allowing the law to have an extra-territorial effect that we have not seen before. They want to counteract the extra-territorial effect of U.S. law.” She adds that the law may require a technical audit of a company’s cyber security and to ...
May 29, 2020, Covington Alert
On May 27, Secretary of State Michael Pompeo certified to Congress pursuant to the Hong Kong Human Rights and Democracy Act of 2019 that "Hong Kong does not continue to warrant treatment under United States laws in the same manner as U.S. laws were applied to Hong Kong before July 1997." In a statement, Secretary Pompeo attributed this action to the announced ...
April 28, 2020, South China Morning Post
Yan Luo spoke with the South China Morning Post about new Chinese guidelines for operators of “critical information infrastructure,” requiring them to undergo a cybersecurity review process for any procurements that could have national security implications. According to Ms. Luo, the criteria may push companies to stay away from multinational providers that are ...
China Toughens Procurement Rules for Tech Equipment
April 27, 2020, The Wall Street Journal
Yan Luo is quoted in The Wall Street Journal regarding China’s tough, new adoption of cybersecurity rules for buyers of technology equipment, which could place foreign tech products at a disadvantage in the Chinese market. Ms. Luo says the prospect of potentially lengthy reviews may prompt Chinese companies to stay away from foreign products and services.
COVID-19 Tariff Relief
March 25, 2020, Covington Alert
USTR may exclude tariffs on Chinese imports related to COVID-19 response In response to COVID-19, the Office of the U.S. Trade Representative ("USTR") announced on March 20, 2020, that it is inviting comments on possible modifications to the list of goods from China subjected to additional tariffs under Section 301 of the Trade Act of 1974 (“Section 301 ...
March 18, 2020, Covington Alert
To assist companies that are developing technology solutions to help predict, mitigate or contain the spread of COVID-19, our cross-practice digital health team has put together a checklist of considerations to keep in mind. For additional guidance, please visit our COVID-19 Legal and Business Toolkit or reach out to us at COVID19@cov.com.
January 17, 2020, Covington Alert
On January 15, 2020, President Trump and Chinese Vice Premier Liu He signed the much-anticipated “Phase One” trade agreement between the U.S. and China. Set to take effect no later than February 14, 2020, the “Economic and Trade Agreement Between the United States of America and the People’s Republic of China” (the “Agreement”) is the first formal accord ...
What to expect in 2021: China - Preview
January 8, 2020, Reuters
Yan Luo is quoted in Reuters Practical Law China's GC Agenda China with her thoughts on the new compliance challenges that China's new data privacy and cybersecurity regimes with bring. Specifically, Yan expects that China's draft Data Security Law and Personal Information Protection Law will be finalized in 2021. Together with the Cybersecurity Law, the three ...
October 31, 2019, Covington Alert
On October 26, 2019, China enacted a landmark Encryption Law, which will take effect on January 1, 2020. The Encryption Law significantly reshapes the regulatory landscape for commercial encryption, including foreign-made commercial encryption products, but leaves many questions to be answered in future implementing regulations.
October 21, 2019, Covington Alert
On October 18, 2019, the U.S. Administration announced the launch of a new product-specific exclusion request process for tariffs on approximately $112 billion in Chinese imports that were imposed on September 1, 2019. The exclusion process will close on January 31, 2020, and its requirements are similar to those applicable to the latest exclusion process for an ...
Will China’s revised cybersecurity rules put foreign firms at risk of losing their secrets?
October 13, 2019, South China Morning Post
Yan Luo is quoted in the South China Morning Post regarding China's revised cybersecurity rules. Ms. Luo says many of the relevant cybersecurity requirements are “not that out of the global norm”, and unlikely to be a challenge for firms that already has “robust cybersecurity programmes.”
Covington Promotes Data Lawyer in Beijing
October 3, 2019, Global Data Review
Global Data Review covered Yan Luo’s recent promotion to partner. Ms. Luo is a member of GDR’s inaugural 40 under 40 set. “This experience has broadened my horizons and is very fulfilling for me personally,” she told GDR.
October 2, 2019, The American Lawyer
October 2019, Intellectual Property & Technology Law Journal
Covington Promotes Its Most Diverse Partner Class Ever
October 1, 2019
WASHINGTON—Covington has promoted to its partnership 14 lawyers based in eight different offices, including nine women and six lawyers of ethnically diverse backgrounds. “Our new partners are exceptionally talented lawyers from a wide range of the firm’s offices and most important practices, and they are extremely well-positioned to carry the firm forward,” ...
August 30, 2019, Covington Alert
On August 27 and 29, 2019, the U.S. Administration released notices concerning increases in certain tariffs on Chinese imports, marking the latest escalation in bilateral trade frictions.
July 17, 2019, Covington Alert
On July 5, 2019, China’s Standing Committee of the National People's Congress (NPC) published a new draft Encryption Law (“the draft Law”) for public comment. The draft Law, if enacted as drafted, would bring significant new changes to China’s commercial encryption regime.
June 21, 2019, Covington Alert
Earlier this week, the Office of the U.S. Trade Representative (USTR) announced a process through which companies can request that their products be excluded from duties imposed on $200 billion in Chinese imports under Section 301 of the Tariff Act of 1974 (Section 301). Tariffs on these imports have been in effect since September 2018, and recently increased ...
June 10, 2019, TechNode
Yan Luo was quoted in Technode regarding China's evolving cybersecurity framework. Ms. Luo says foreign companies operating in China are pursing compliance through tailoring their existing global cybersecurity program to fit China's regulatory environment.
May 14, 2019, Covington Alert
On May 13, days after increasing tariffs on $200 billion in Chinese imports, the U.S. Administration proposed imposing an additional 25 percent tariff on a new list of $300 billion in Chinese imports. The Administration cited China’s “failure to meaningfully address” problematic intellectual property (IP) practices and its retaliatory responses to U.S. tariffs ...
May 8, 2019, Covington Alert
On May 8, the U.S. Administration confirmed its intent to increase tariffs on $200 billion in Chinese imports from 10 percent to 25 percent, effective Friday, May 10, 2019, and establish a process for requesting exclusions from these tariffs. As justification for these actions, the Administration cites the “lack of progress in discussions with China” and ...
March 31, 2019, The Economist Intelligence Unit
Yan Luo was acknowledged as an advisory board member for the special report The Transparent Business Barometer: Preparing for the End of Easy Data, published by the Economist Intelligence Unit. The report revealed key trends in data privacy and cyber security on global businesses through the survey of hundreds of business executives across China, the U.S., ...
February 19, 2019, Covington Alert
Late last week, President Trump signed an appropriations bill to keep the government funded. In its Joint Explanatory Statement accompanying this legislation, Congress directed the Trump Administration to establish an exclusion request process for tariffs on $200 billion in Chinese imports by March 17, 2019, in line with the process provided for prior rounds of ...
February 11, 2019, Covington Alert
On February 1, 2019, China’s National Information Security Standardization Technical Committee (“TC260”) released a set of amendments to GB/T 35273-2017 Information Technology – Personal Information Security Specification (“the Standard”) for public comment. The comment period ends on March 3.
January 2, 2019, Covington Alert
The past year was a particularly significant one for the development of Chinese privacy law. During 2018, the Chinese government systematically established the country’s regulatory requirements for cybersecurity and data privacy and continued to implement the Cybersecurity Law, which took effect on June 1, 2017.
December 3, 2018, Covington Alert
On December 1, during a working dinner meeting in Buenos Aires following the G20 Summit, U.S. President Donald J. Trump and Chinese President Xi Jinping agreed to temporarily ease trade tensions as both sides continue negotiating over longer-term solutions to U.S. concerns about bilateral economic relations.
Yan Luo Named to Global Data Review's “40 Under 40”
September 19, 2018
BEIJING — Global Data Review has named Covington’s Yan Luo to its inaugural “40 Under 40” list, recognizing the 40 individuals who represent the best and the brightest of the data law bar around the world. Based in the firm’s Beijing office, Ms. Luo advises clients on a broad array of regulatory matters in connection with data privacy, international trade, ...
September 18, 2018, Covington Alert
On September 17, 2018, the Office of the U.S. Trade Representative (USTR) released its final list of approximately $200 billion in Chinese imports subject to an additional ad valorem tariff. The final list, which covers 5,745 product categories, will take effect on September 24, 2018.
August 8, 2018
The Trump Administration has released its final list of approximately $16 billion in Chinese imports that will be subject to an additional 25 percent ad valorem tariff, which will go into effect on August 23, 2018. The Administration has announced that it will provide an opportunity to request that "particular products" subject to the additional duties be ...
July 11, 2018, Covington Alert
Last night, the Office of the U.S. Trade Representative (“USTR”) released a new proposed list of $200 billion worth of products from China that could face an additional 10 percent ad valorem tariff. The list covers 6,031 product categories, including a multitude of consumer goods such as luggage, tires, furniture, apparel, mattresses, household goods, components ...
July 10, 2018, Covington Alert
As anticipated, an additional 25 percentage point ad valorem tariff on $34 billion worth of Chinese imports into the United States (covering 818 product categories in sectors including aerospace, information communication technology, machinery, and medical instruments) went into effect on July 6, 2018.
July 5, 2018, Covington Alert
On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply ...
June 15, 2018, Covington Alert
As anticipated, the Trump Administration today released its final list of Chinese imports subject to an additional 25 percent ad valorem tariff. The imposition of the tariffs follows the Administration’s determination in March that China’s technology transfer and intellectual property (“IP”) policies are harming U.S. companies, and the submission of public ...
May 4, 2018, Covington Alert
The Trump Administration’s senior economic and trade officials held talks with their Chinese counterparts in Beijing, May 3-4. The talks concluded with no agreement, and each side tabled expansive demands that appear well beyond what the other side would be able to accept.
China’s internet lenders fall foul of data privacy rules
April 1, 2018, Financial Times
Yan Luo is quoted in a Financial Times article regarding survey findings that suggest that more than half of Chinese internet finance lenders are failing to comply with data privacy regulations. According to Luo, “Investors should certainly expect more government scrutiny on their business model from a data protection perspective."
March 22, 2018, Covington Alert
Earlier today, the administration announced its findings that China’s theft of U.S. technologies and intellectual property (“IP”) have caused at least $50 billion in harm to the U.S. economy per year.
5 Cybersecurity And Privacy Policies To Watch In 2018
January 1, 2018, Law360
Kristof Van Quathem and Yan Luo are quoted in a Law360 article regarding cybersecurity and privacy policies to watch in 2018. Commenting on the General Data Protection Regulation (GDPR), Van Quathem says that although one of the legislation's aims is to harmonize a splintered set of national data privacy laws within Europe, it may end up causing companies aiming ...
October 13, 2017, Covington Alert
In a draft regulation released earlier this year, China proposed regulating the import, export, manufacture, sale, and use of “commercial encryption products,” building on a patchwork of regulations.1 These regulations have focused on restricting the import and use of encryption products produced by certain manufacturers, and many entities have expressed concern ...
China Seeks Comments on Updated Draft of Cross-Border Data Transfer Security Assessment Standard
August 31, 2017, Covington Alert
On August 31, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released an updated draft of the Information Security Technology - Guidelines for Data Cross-Border ...
July 21, 2017, Covington Alert
On June 16, 2017, China’s Ministry of Commerce (MOFCOM) released for public comment a draft of the Export Control Law (“the Draft Law”). While China has a number of regulations relating to export controls and has signed numerous nonproliferation agreements, the Draft Law would be China’s first law specifically addressing export controls and would implement an ...
July 12, 2017, Covington Alert
On July 11, 2017, the Cyberspace Administration of China (CAC) released the draft Regulation for the Protection of the Critical Information Infrastructure (“Draft Regulation”) for public comment (official Chinese version available here). The comment period ends on August 10, 2017.
New cyber law in China stirs alarm
June 1, 2017, The Hill
Yan Luo is quoted by The Hill in an article regarding some of the uncertainties surrounding China's new Cybersecurity Law. Under the new law, cross-border data transfers for operators of "critical information infrastructure" are subject to security reviews and restrictions. According to Luo, "We don’t really have a definition of critical information ...
May 19, 2017, Covington Alert
On May 19, 2017, the Cyberspace Administration of China (“CAC”) invited international stakeholders to attend a seminar to discuss an updated version of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Measures”). Given that the Measures have an intended effective date of June 1, 2017, it is likely ...
May 9, 2017, Covington Alert
On April 13, 2017, China’s State Cryptography Administration (“SCA”) published a draft Encryption Law (“the draft Law”) for public comment. After several years of drafting, the draft Law, if enacted as drafted, would be the first Chinese statute to systematically address encryption, covering “the research, production, management, import and export, testing, ...
May 3, 2017, Covington Alert
On May 2, 2017, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Security Review of Network Products and Services (Trial) (“the Measures”), with an effective date of June 1, 2017 (official Chinese version available here). The issuance of the Measures marks a critical first step toward implementing China’s ...
April 12, 2017, Covington Alert
On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).
February 7, 2017, Covington Alert
On February 4, 2017, the Cyberspace Administration of China (“CAC”) released the draft Measures on the Security Review of Network Products and Services (“the draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the draft Measures is here). The comment period ends on March 4, 2017.
January/February 2017, EuroBiz
January 23, 2017, Covington Alert
On January 9, 2017, eight Chinese ministries announced a significant new policy that aims to reduce marked-up prices and corruption in multi-tier distribution chains. The policy effectively requires that under most circumstances, at most two invoices may be issued throughout the distribution chain, with one from the manufacturer to a distributor and another from ...
November 8, 2016, Covington Alert
On November 7, the Standing Committee of China’s National People’s Congress (“NPC”) passed China’s first Cybersecurity Law (the “Law”), which will take effect starting June 1, 2017. Described as China’s “fundamental law” in the area of cybersecurity, the new Law articulates the government’s priorities with respect to “cyberspace sovereignty,” consolidates ...
Privacy Protection and Its Challenges In the Big Data Era - US Perspective
October 16, 2016, China Cybersecurity Law Governance Conference
July 12, 2016, Covington Alert
On July 5, 2016, China’s National People’s Congress (“NPC”) released a new draft of the Cybersecurity Law for public comment (official Chinese version available here; unofficial translation from AmCham China available here). The revised draft contains a number of significant changes from the first draft, which was released in July 2015, but retains many of the ...
February 20, 2014, Covington E-Alert
Winter 2014, Competition Policy International
January 4, 2013, Covington E-Alert
May 15, 2012, Covington E-Alert
March 2010, Kluwer Law International
- 《中国法律商务》, “年度国际律师事务所:贸易领域” (2016)