Michelle Lee
Associate
Michelle guides clients on innovative and responsible use of data and technology with practical advice on data protection and digital regulations.
Associate
Michelle guides clients on innovative and responsible use of data and technology with practical advice on data protection and digital regulations.
Languages - English, Mandarin
Jurisdiction - England & Wales
Michelle is a solicitor in the Commercial, Data and Tech team, specialising in data protection and digital regulations. She also holds IAPP CIPP/E accreditations. She helps clients build data protection frameworks from the ground up, navigate the opportunities and obligations AI brings, and deliver digital transformation and adoption initiatives. Her sector experience includes global investment firms, hospitality groups, tech and professional services providers.
In relation to data protection and the EU AI Act, Michelle advises on governance framework, data transfer agreements, data subject access requests, privacy notices, risk assessments and gap analysis.
Clients work with Michelle not only as a specialist adviser for high-complexity challenges but also as an extension of their in-house team for practical day-to-day support. Her versatility means her clients get tailored support with the right level of involvement most suited to their needs.
Michelle also has experience in commercial contracting such as AI procurement agreements, licence agreements and intra-group operating agreements.
Whether clients are looking to adopt new technologies, manage complex regulatory requirements or scale AI responsibly, Michelle provides strategic solutions with her legal expertise and commercial mindset.
Pharmaceutical company
Advised on complex data processing relationships, including joint controllership assessments, for a product administration model.
Global investment company
Developed a global AI governance framework including conducting EU AI Act applicability assessment, preparing AI and risk management policies, and drafting template AI agreements.
Global hospitality company
Advised on automated decision-making relating for AI-driven upsell initiatives.
International hotel group
Produced a gap assessment report analysing data protection obligations and identifying material deviations across key jurisdictions, with clear priority ratings and actionable remediation plans.
Renewable energy company
Delivered a GDPR compliance framework including data protection policy, privacy notices, data protection impact assessment procedure, data subject request handling procedures, data retention strategy and template data processing agreement.
