Grace Tang

Overview

Grace Tang is an associate in Crowell & Moring’s Privacy and Cybersecurity Group, advising clients across a range of industries on technology and privacy-related legal matters. She combines her experience in technology with a strong foundation in privacy as clients often face an overlapping and increasingly complex regulatory landscape – particularly in areas such as online safety and artificial intelligence.

Grace regularly advises on high-value commercial technology and outsourcing arrangements, combining legal insight with a practical understanding of operational and business needs. On data protection matters, Grace has experience with advising on compliance programs, data subject rights and drafting privacy notices, data protection impact assessments and policies.

Having previously trained and qualified into a technology and data team in a London firm, Grace joined Crowell & Moring in 2025. She also gained experience as a paralegal for a few years at an international premium travel and payments company supporting all lines of business and legal operations.

Career & Education

University of Law, LPC, 2021
London School of Economics and Political Science (LSE), LLB Law, 2018
- University of Law, LPC, 2021
- London School of Economics and Political Science (LSE), LLB Law, 2018
Solicitor, England and Wales, 2023
- Solicitor, England and Wales, 2023

Grace's Insights

Client Alert | 8 min read | 05.01.26

Pre-Approved: ICO Publishes Guidance on "Recognised Legitimate Interests”

In March 2026, the UK Information Commissioner (ICO) published guidance on the new lawful basis for processing personal data introduced by the Data (Use and Access) Act 2025 (DUAA): the recognised legitimate interest (RLI) lawful basis. Controllers may now rely upon one of five pre-approved conditions, each focused on specific public-interest justifications, for personal data processing....

Client Alert | 7 min read | 03.23.26
UK Court Rules Duty to Safeguard Personal Data Extends to Hacked Pseudonymised Data in DSG Retail Ltd v The Information Commissioner
Publication | 12.15.25
International Comparative Legal Guide - Telecoms, Media & Internet 2026
Client Alert | 10 min read | 12.01.25
EU AI Act, GDPR, and Digital Laws Changes Proposed

View All Insights

Insights

Client Alert | 8 min read | 05.01.26

Pre-Approved: ICO Publishes Guidance on "Recognised Legitimate Interests”

Client Alert | 7 min read | 03.23.26

UK Court Rules Duty to Safeguard Personal Data Extends to Hacked Pseudonymised Data in DSG Retail Ltd v The Information Commissioner

Publication | 12.15.25

International Comparative Legal Guide - Telecoms, Media & Internet 2026

Client Alert | 10 min read | 12.01.25

EU AI Act, GDPR, and Digital Laws Changes Proposed

International Comparative Legal Guide - Telecoms, Media & Internet 2026
|
12.15.25
iclg
Pre-Approved: ICO Publishes Guidance on "Recognised Legitimate Interests”
|
05.01.26
UK Court Rules Duty to Safeguard Personal Data Extends to Hacked Pseudonymised Data in DSG Retail Ltd v The Information Commissioner
|
03.23.26
EU AI Act, GDPR, and Digital Laws Changes Proposed
|
12.01.25
The UK’s Cyber Security & Resilience Bill at a glance
|
11.18.25
Enhancing UK cyber security resilience and leadership engagement
|
10.29.25
North Korean Threat Actors Target European Drone Makers
|
10.24.25
A Special Relationship Reboot? The US-UK Tech Prosperity Deal
|
09.23.25
DSIT's latest findings on AI, other emerging technologies and cyber security
|
08.14.25
Cloud GDPR risks highlighted by European Commission ruling over Microsoft 365 use
|
08.12.25
Children first: How Ofcom’s Children’s code and age checks change the digital game
|
07.29.25
View All Client Alerts
Crowell & Moring’s Emma Wright Ranked Among Top 10 on Computer Weekly’s 2025 “50 Most Influential Women in UK Tech” List
|
11.11.25
Highly Regarded Patent Team to Join Crowell & Moring in London
|
07.01.25
DPRK Threat Actors Target European Drone Makers
|
10.28.25
Crowell & Moring’s Transportation Law: Moving Forward

View All Insights

Practices

Industries

Grace's Insights

Client Alert | 8 min read | 05.01.26

Pre-Approved: ICO Publishes Guidance on "Recognised Legitimate Interests”

In March 2026, the UK Information Commissioner (ICO) published guidance on the new lawful basis for processing personal data introduced by the Data (Use and Access) Act 2025 (DUAA): the recognised legitimate interest (RLI) lawful basis. Controllers may now rely upon one of five pre-approved conditions, each focused on specific public-interest justifications, for personal data processing....

Client Alert | 7 min read | 03.23.26
UK Court Rules Duty to Safeguard Personal Data Extends to Hacked Pseudonymised Data in DSG Retail Ltd v The Information Commissioner
Publication | 12.15.25
International Comparative Legal Guide - Telecoms, Media & Internet 2026
Client Alert | 10 min read | 12.01.25
EU AI Act, GDPR, and Digital Laws Changes Proposed

View All Insights

Grace Tang

Overview

Overview

Career & Education

Education

Admissions

Grace's Insights

Insights

Publications

Client Alerts

Firm News

Blog Posts

Practices

Industries

Grace's Insights