Christine E. Lyon

About Christine E. Lyon

Chris helps companies develop privacy and data protection strategies for new products and services and privacy compliance programs for their customer and employee data, enabling them to leverage the value of their data while complying with evolving global privacy and data protection laws.

Working across a broad range of industries—including technology, consumer products, e-commerce, life sciences, retail, hospitality, social media and professional services—Chris assists clients in navigating privacy risks as they develop innovative new products, services and data-driven initiatives. Chris advises clients on building privacy protections into cutting-edge B2B and B2C offerings, including connected products and services (Internet of Things), artificial intelligence (AI) and machine learning, and marketing platforms. She conducts privacy assessments of new products and services, as well as company-wide data protection compliance reviews. She helps structure and negotiate the privacy aspects of M&A and other strategic transactions to both achieve compliance and manage data risks.

Chris works with clients to develop privacy programs that span multiple jurisdictions and data protection laws, such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), including with respect to cross-border data transfers. She advises clients on workplace and employee privacy issues, such as employee monitoring. Chris has coordinated projects spanning privacy law requirements in dozens of countries, consolidating this information into practical, actionable advice for clients. She also advises on privacy-related issues arising from litigation and enforcement matters.

Chris frequently writes and speaks on the topics of the intersection of privacy and technology, and won the Burton Award for Distinguished Legal Writing. She is ranked among leading lawyers for Data Privacy and Security by Chambers USA and recommended for Cyber Law: Data Privacy and Protection by Legal 500 US. In 2022, she was shortlisted for Privacy & Data Protection Lawyer of the Year by Euromoney's America Women in Business Law Awards. 

Recent work

Multinational organizations:

Developing privacy compliance programs, including privacy-related terms for customer and vendor agreements, internal and external privacy and data protection policies, cross-border data transfer mechanisms (including EU binding corporate rules), and internal privacy governance frameworks and procedures.

Cloud-based services, data analytics and AI:

Advising on building privacy protections into new data-driven services, including services leveraging AI and other cutting-edge data analytics, taking into account global data protection requirements and privacy by design principles.

IoT and device manufacturers:

Assisting in developing privacy policies and procedures for connected “smart home” appliances and other consumer products, as well as industrial IoT devices, along with related service offerings.

M&A and strategic investments:

Advising acquirers and investors on data privacy considerations in mergers, acquisitions, and other strategic investments, including assessing privacy-related risks in data-driven business models and developing risk mitigation and remediation strategies.