Our experienced global Data team advises on all aspects of data, including on privacy, “big data”, confidentiality, secrecy, IP rights, commercialisation, cyber and crisis response
Our Data and Cyber practice is over thirty years old and is one of the most sophisticated and experienced anywhere in the world. We have good relationships with policy makers, regulators, and industry bodies in Europe, the UK, Asia and the US, giving us unique insights into risks and opportunities.
We take a holistic approach to data – working on cutting edge data compliance, commercial and contentious mandates for leading global clients, often in highly regulated sectors. Our Data team’s unparalleled view across the multiplicity of issues affecting data allows us to give you pragmatic, risk-based advice. We are business enablers.
We also specialise in advising on cyber preparedness, response, remediation and investigation. While much of our best work never reaches the public domain, we have also advised on many high-profile cyber incidents that are in the public eye.
Advising a range of global clients on the enhancement of their GDPR privacy compliance programmes to accommodate new US and Asian privacy legislation
Advising on the evolution of data privacy programmes to incorporate compliance obligations drawn from new digital regulation
Advising on risk assessments relating to the use of personal data within AI products and on social media platforms, for experimentation and social listening purposes, within data warehouses and more
Advising a leading social media company on its transparency practices following a decision of the Irish Data Protection Commissioner
Advising Genomics England on complex data privacy issues relating to the use of genomic data for research and related purposes
Advising a range of clients on all aspects of their cyber preparedness, including risk assessments, policies and procedures, third party mitigations, Board briefings, war games and more
Advising Capita (as replacement counsel) on all aspects of its very high profile data incident
Advising a multinational jeweller with their response to a ransomware attack which saw confidential details of employees and clients (some of whom were extremely high-profile individuals) shared on the dark web
A global regulated organisation on the response to the largescale compromise of commercially sensitive and personal information in over 140 countries (including on related injunctions and criminal proceedings)
Briefing the Board on the results of our investigation into a serious global incident affecting a network of connected entities and on recommended remediations
Advising on the licensing of global media databases for use within GenAI tools
Advising a number of large global cloud service providers on their standard form contracts, including on their standard form data protection addendums, data transfer arrangements, explanatory customer collateral and negotiation playbooks
Advising on secrecy, confidentiality and trade secret issues in connection with the re-use of data by regulated organisations
Drafting and negotiating data arrangements for the use of data in conjunction with technology (including fintech and digital health tools)
Negotiating some of the most pioneering data transactions globally, injecting new revenue streams into companies looking to leverage their data assets
Advising on a privacy regulator’s 3+ year investigation into the practices of a leading data vendor, which resulted in no adverse action being taken and no adverse publicity
Advising Experian on the ICO’s investigation into its use of data for analytics and marketing and on its successful appeal against ICO action to the First-Tier (Information Rights) Tribunal
Acting for the International Association on its intervention before the Supreme Court in the leading case of Lloyd v Google
Advising a major technology platform on its response to an investigation by a European regulator concerning their international data transfers
Acting for a major technology platform on its defence of a representative action concerning alleged breaches of the GDPR