Susan Ning

NING, Susan (Xuanfeng)

Areas of Practice

Susan Ning received a LLB from Peking University and a LLM from McGill University. She was admitted as a Chinese lawyer in 1988.

She joined King & Wood Mallesons (KWM) in 1995, where she is a partner and the head of the Compliance Group. Her main areas of practice include antitrust and competition law, and cybersecurity and data compliance. In addition, she also practices international trade and investment law.

Cybersecurity and Data Compliance

As the value of data for business competition increases, Susan Ning is one of the pioneers engaged in the cybersecurity and data compliance sector and leads a professional team of lawyers with interdisciplinary backgrounds. Susan Ning’s practice areas include: assisting clients in establishing enterprise data compliance system (including personal information protection); assisting clients in formulating and modifying privacy policy and compliance plans; assisting clients in developing cross-border data transmission plans; assisting clients in developing data commercialization compliance programs; assisting clients in self-assessment of cybersecurity and data compliance; assisting clients in conducting internal training on cybersecurity and data compliance; assisting clients in responding to cybersecurity inspections; assisting clients in responding to network security emergencies; assisting clients in telecom regulation and cybersecurity compliance concerning cloud services; providing clients with review and consultation services concerning cross-border transfer of evidence in litigation and arbitration; providing consultation services on data compliance in pioneer areas such as block-chain, artificial intelligence, and Internet of Things.

Susan Ning specializes in assisting companies to establish and improve cybersecurity and data compliance systems in compliance with requirements of many jurisdictions including China, the European Union (GDPR), and the United States, to protect the global flow and commercialization of enterprise data. Susan Ning has assisted companies in sectors such as IT, communications, mobile payment, intelligent connected vehicle (ICV), finance, media, energy, aviation, chemical and manufacturing.

Representative projects are set out as follows:

Cybersecurity and Data Compliance under PRC Cybersecurity Law (“Cybersecurity Law”)

- (show more) - (show less)
  • Assist a domestic clearing institution in its data compliance system and provide legal advice on the legality of its overseas branch’s access to domestic data platform. 
  • Assist a renowned domestic internet news and information company in the personal information protection compliance project, including due diligence on internal network security and data compliance based on compliance obligations under the Cybersecurity Law and its supporting measures. 
  • Assist a famous domestic mobile phone manufacturer in the personal information protection project, including identifying relevant risk points, proposing corresponding rectification proposals and conduct compliance training for employee in accordance with compliance obligations under the Cybersecurity Law and its supporting rules. 
  • Assist a renowned international daily-use chemical company in due diligence on the data compliance of its suppliers regarding a data commercialization application project and provide data compliance consultation services.
  • Assist a globally renowned mobile Internet enterprise to communicate with government agency on data access issues, submit legal analysis and provide compliance advice on the collection and processing of personal information involved in its cloud computing services. 

GDPR Data Compliance

- (show more) - (show less)
  • Assist a famous well-known domestic fin-tech enterprise in the multi-jurisdictional data compliance project, including conducting due diligence on data processing activities of various business lines in accordance with GDPR requirements, identifying compliance risks in the data life cycle, proposing corresponding rectification opinions, updating and localizing the internal data compliance system for the company in accordance with diversified legal and regulatory requirements of other jurisdictions in which the company conducts its business.
  • Assist a globally famous automobile manufacturer in GDPR data compliance project, including sorting out collection, storage, use of personal data and cooperation with third parties possibly involved in the company’s European business, and analyzing the potential issues concerning GDPR and provide suggestions for rectification.
  • Assist a well-known domestic mobile phone operating system operator in the GDPR data compliance project, including revising privacy policy and the terms of use; formulating internal compliance management policies; identifying the country where the European data center to be located; selecting and appointing data protection officer; assisting the company in signing standard agreement concerning cross-border transfer of data; applying for third-party GDPR compliance certification, etc.
  • Assist a renowned international computer operating system developer in GDPR data compliance project, including reviewing the existing global privacy policy, identifying the compliance risks, which do not comply with the requirements of the Cybersecurity Law and GDPR, proposing a feasible improvement program and conducting GDPR compliance training for employees.

In order to grasp the latest developments and regulatory trends in big data legislation, the KWM cybersecurity and data compliance team, led by Susan Ning, joined the Information Security Management Working Group in the National Information Security Standardization Technical Committee, the Big Data Standards Working Group in National Information Technology Standardization Technical Committee and the National Artificial Intelligence Standardization General Group and actively participates in the formulation of industry standard of big data. 

Antitrust and Competition Law

With the implementation of the Anti-Monopoly Law (AML) on August 1, 2008, Susan Ning began to fully engage in the area of AML and anti-unfair competition law. Her practice in this area mainly includes merger control filings, antitrust investigations, compliance and antitrust litigation.

KWM officially established its Antitrust Group in 2003, which was the first specialized practice division in this area among Chinese law firms. Prior to the enactment of the AML in 2008, Susan Ning took a very active role in counselling the Chinese government on the drafting of the AML. Since the enactment of the AML, she continued to be actively involved in drafting regulations, measures for implementation and guidelines accompanying the AML. Through these consultations and her extensive experiences in helping clients to deal with antitrust investigations, Susan Ning built and maintained a close working relationship with the antitrust authorities in China.

Since 2003, Susan Ning and her team have undertaken hundreds of merger control filings on behalf of clients, mostly consisting of multinational corporations from industries such as chemicals and manufacturing, semiconductors, luxury goods, transportation, hotels, automobiles, high technology, finance, trade, telecommunications, energy and the Internet. Susan Ning has also assisted a large number of clients in confidential investigations involving cartel conducts, resale price maintenance and abuse of dominance and advised on several landmark litigation cases in relation to monopoly agreements and abuse of dominance. Susan Ning has also advised a number of clients on the establishing and improving of their antitrust and competition compliance systems and internal audits.

Her representative projects include: 

Merger Control Filings

- (show more) - (show less)

  • Represent both Toyota and Panasonic in the merger filing of the establishment of a joint venture by Toyota and Panasonic in the area of electric car batteries.
  • Represent Praxair in the merger filing of Praxair and Linde.
  • Assist Tronox, a globally renowned supplier of inorganic minerals and chemicals in the merger filing of its acquisition of the titanium dioxide business of Cristal, another leading company in the same industry and obtain clearance without condition. 
  • Assist Hisense in the merger filing of its acquisition of equity of Toshiba
  • Represent Mead Johnson in the merger filing of Reckitt Benckiser Group’s acquisition of equity of Mead Johnson.
  • Represent Lam Research in merger filing of merger of Lam Research and KLA-Tencor.
  • Assist Chinese shareholders of Blueair in merger filing of Unilever’s acquisition of Blueair.
  • Assist Sherwin Williams, a leading brand in the U.S. coating industry in merger filing of its acquisition of Valspar, another industry-leading company for $ 11.3 billion. 
  • Assist Alcatel-Lucent in the merger filing of Nokia’s acquisition of equity of Alcatel-Lucent.
  • Assist in the merger filing of establishment of a joint venture by Corun, Toyota China, PEVE, Xin Zhong Yuan and Toyota Tsusho. 
  • Represent Nokia in the merger filing of Microsoft’s acquisition of equipment and services of Nokia.
  • Assist Pfizer in the merger filing of Pfizer’s acquisition of Wyeth.

Antitrust Investigations and Compliance

- (show more) - (show less)
  • Represent a RORO shipping company to apply for leniency in an investigation initiated by the NDRC against an international cartel and assisted the client to obtain full immunity.
  • Represent an auto part company to apply for leniency in an investigation initiated by the NDRC against an international cartel and assisted the client to obtain full immunity.
  • Represent a multinational smelting company on a complex antitrust dispute involving three different types of legal proceedings (international arbitration for IP infringement, civil antitrust litigation and administrative antitrust investigation), and assisted client in reaching settlement with the plaintiffs, and the client eventually received no penalties from the NDRC.
  • Represent a Standard Setting Organization in an antitrust investigation initiated by the NDRC on alleged abusive conducts, and assisted client to settle with the whistleblower and investigation agency, and the client eventually received no penalties from the NDRC.
  • Represent a technology licensing company in an antitrust investigation initiated by the NDRC on alleged excessive pricing and other abusive conducts and represented client before the NDRC, and the client eventually received no penalties from the NDRC.
  • Represent a pharmaceutical company in an antitrust investigation initiated by the NDRC and represented client before the NDRC