Data privacy and data protection in Ireland
John Whelan heads the team at A&L Goodbody, which handles the full spectrum of contentious and non-contentious data protection and privacy work. In addition to advising its domestic and multinational client base on General Data Protection Regulation (GDPR) compliance, the team is particularly skilled in handling data subject access requests, litigation and regulatory investigations resulting from high-profile data breaches. Other key contacts in the practice are Claire Morrissey, who has particular expertise in advising clients in the financial services sector on GDPR compliance, and John Cahir, who focuses on the multinational technology sector.
‘They are very up front and highly diligent. Great at getting back to us in very good time and not afraid to call us out if our current road plan may hit a bump or two.‘
‘Associate Sinéad Mitchell King is fast, reliable and very interested in our business. She keeps us in the know where needed and points out best practice in her experience. A massive team player and someone we know is looking out for our best interests.‘
Liberty Insurance DAC
- Acted for Digital Europe, as an amicus party, in proceedings in Ireland and in the European courts concerning the validity of the European Commission standard contractual clauses, and in its role as an intervenor in a challenge to the US-EU Privacy Shield.
- Advising Enterprise Ireland on all aspects of its GDPR compliance.
- Advising Symantec on its global privacy operations.
The 'responsive and technically strong' Arthur Cox has expertise across a wide range of data protection matters, including advising on cross-border data projects, data breaches and subject access requests. The team acts for leading Irish plcs and corporates, both in the technology sector and in other areas such as retail, energy and transport, and for state bodies and educational institutions. It also has experience handling investigations and enforcement actions initiated by the Data Protection Commission. The 'standout' Rob Corbet heads the practice; 'leading expert' Colin Rooney advises on major data breaches; and newly promoted partner Olivia Mullooly has extensive experience in GDPR compliance projects.
Rob Corbet; Colin Rooney
‘Colin Rooney is a leading expert in his field and has quickly adapted his knowledge and expertise to support us in a very new and unique business area in Ireland. He is solution oriented without ever compromising on the quality of his advice.‘
‘The team are reliable, available and commercial in their approach.‘
‘There is a broad level of expertise and depth of experience.‘
‘Colin Rooney’s advice is exceptionally commercial and pragmatic.‘
‘Arthur Cox have a very solid and commercial data protection practice. Their approach is always to see what can be done and they would be our most trusted advisers in this area.‘
‘Colin Rooney is outstanding in this area and is able to give practical, commercial advice at short notice whenever required. He provided invaluable support and advice during a cyber attack situation.‘
‘The team are always responsive and provide consistently high-quality advice.‘
‘Rob Corbet’s advice is unfailingly thoughtful, pragmatic, concise and business-friendly. He has demonstrated an ability to quickly understand the issues and advise quickly and effectively. He’s proven himself to be a trusted adviser for us.‘
‘The team is responsive and technically strong.‘
‘Colin Rooney is a trusted adviser. He is responsive and practical. We have great confidence in his advice.‘
‘Consistent, timely, reasoned and practical privacy and data protection advice, based not just on the legal principles at play but also on strong and pragmatic business logic.‘
‘Rob Corbet is the standout – he consistently goes above and beyond and doesn’t “over lawyer” negotiations beyond what’s needed to get the job done. His particular qualities would be integrity – always focusing on the client’s needs rather than grandstanding for optics – transparency and honesty about fees and timelines, and availability.‘
‘Commercial and solution focused. Practical advice that you can clearly implement.‘
Paddy Power Betfair plc (now Flutter Entertainment plc)
Genomics Medicine Ireland
Egis Road and Tunnel
Trinity College Dublin
- Advising Flutter Entertainment plc (formerly Paddy Power Betfair plc) on data privacy, data security, contract and online gambling issues.
- Assisting a number of large corporations – including CRH, Musgrave, Ellucian and Egis Road & Tunnel – with data protection.
- Advising Viridian Group (including Power NI and Energia) on data protection compliance.
With 'deep subject-matter expertise', Mason Hayes & Curran LLP counts a growing number of global technology companies among its clients. The team handles contentious and non-contentious matters, from advising on cross-border data transfers, data security breaches and GDPR compliance to representing clients in significant data privacy-related litigation. It also handles high-profile Data Protection Commission investigations. 'True standout' Philip Nolan leads the practice, while Robert McDonagh advises technology and financial services clients on GDPR compliance and other matters. The team's partnership ranks were bolstered by the promotions of John Farrell and Brian Johnston in April 2019, and it also draws on the support of senior associate Jevan Neilan, who has extensive experience advising social media companies, including on data subject rights compliance, and of Oisín Tobin in the San Francisco office.
‘The Mason Hayes & Curran privacy team have unrivalled expertise and industry knowledge in their area.‘
‘Philip Nolan is a heavyweight in his field – he provides practical, commercial, easy to digest advice.‘
‘Oisín Tobin (San Francisco) is super accessible.‘
‘Mason Hayes has extensive experience dealing with the Data Protection Commission – it’s extremely valuable. They are able to advise on probable outcomes with respect to regulator interaction.‘
‘I’m really pleased with how responsive the team is, even across multiple time zones. They give pointed advice and are good at debating options and interpretations. I appreciate how collaborative they are.’
‘They have deep subject matter expertise with strong technical experience. They provide excellent client service and response times. They have a strong sense of the regulatory landscape and priorities, helping to separate theoretical from actual risk.‘
‘Philip Nolan and Oisín Tobin are true standouts in the data protection space. They know our business, provide terrific client service, give practical advice that can be operationalised, they continue to stay current, and they have excellent relationships with key regulators.‘
Slack Technologies Limited
- Acting for Facebook Ireland in the statutory inquiry opened by the Data Protection Commission into a security breach relating to access tokens and into other breach notifications.
- Advising Facebook, Instagram and WhatsApp on statutory inquiries opened by the Data Protection Commission following the complaint made by None of Your Business, the not-for-profit run by Max Schrems.
- Acting for Facebook in Irish High Court and CJEU proceedings brought by the Data Protection Commission successfully seeking a referral to the CJEU regarding the validity of standard contractual clauses through which data is transferred from the EEA to the US.
Matheson's 'all-round solid data protection service' covers advice on GDPR compliance projects, outsourced data processing arrangements, data subject access requests and data transfers, particularly in the healthcare and financial services sectors and consumer-facing industries. The team also has expertise in responding to data security breaches and Data Protection Commission investigations. 'Expert' practice head Anne-Marie Bohan specialises in advising financial institutions and asset managers; Chris Bollard, who divides his time between the firm's Dublin and San Francisco offices, is a 'go-to' lawyer for advice on GDPR and data breaches; and Deirdre Kilroy assists with the data privacy aspects of technology and commercial agreements.
‘Matheson offer commercially practical advice and are market leaders in the area of data privacy and data protection.‘
‘Chris Bollard and senior associate Carlo Salizzo both take the time to really understand the business and its needs. They are both extremely responsive, creative and forward thinking.‘
‘A client-focused approach is followed.‘
‘The data protection team are highly efficient and very approachable. They take a very practical approach to how they manage their engagements and leverage off the expertise of the wider financial services and banking team. They have taken the time to deeply understand our business.‘
‘Anne-Marie Bohan is an expert in the area of data protection and privacy. As well as being widely recognised within the sector, Anne-Marie deeply understands the challenges facing our sector and where legislative and regulatory changes have an impact on our operations.‘
‘The Matheson data protection team provides an all-round solid data protection service. They have a young and ambitious team with very good connections to the US.‘
‘Chris Bollard is a leader in data protection and IT. He is the go-to guy on GDPR. His approach is without fail focused yet flexible and he always provides pragmatic, commercially and legally sound advice. He provides a Rolls-Royce service on data protection matters generally and understands the privacy regimes on both sides of the Atlantic.‘
‘Leaving aside their expertise in this space (which is of itself highly impressive), the team take a very proactive approach in supporting us.‘
‘Chris Bollard takes a proactive approach in supporting his clients – he is always quick to identify potential issues and never shy from highlighting risks that may be coming down the tracks. Chris takes time to understand his client’s business, their business strategy and risk appetite.‘
‘Our go-to for data protection issues. Top of the market expertise along with commercial know-how.‘
‘Chris Bollard gets our business and the concerns of not just the in-house legal team but also our commercial team.‘
Secret Escapes Group
- Advised Secret Escapes Group on the data protection aspects of its acquisition of a data-rich marketing group of businesses, Empathy Marketing.
McCann FitzGerald's varied client base includes domestic and international companies from the technology, pharmaceutical and healthcare, and financial services sectors, as well as large public and regulatory bodies. Noted for its 'great industry knowledge', the team advises on GDPR compliance, data subject access requests, responses to security breaches, and statutory investigations by the Data Protection Commission. The team is also involved in high-profile international litigation relating to data privacy. 'The godfather of data privacy in Ireland', according to one client, practice head Paul Lavery is highly experienced in advising public and private sector clients on GDPR matters, while Adam Finlay and recently promoted partner Doug McMahon are 'top of their field'.
‘Timely and practical advice makes this team stand out.‘
‘Paul Lavery is the expert in this field and his way of working leads to results when dealing with either contentious or non-contentious matters.‘
‘Doug McMahon has an excellent eye for detail and is a pleasure to deal with.’
‘Their command of the subject matter is excellent and advice is delivered to clients in a very simple and understandable manner.‘
‘Doug McMahon is excellent and the best I have dealt with.‘
‘Paul Lavery has an exceptional depth of knowledge and experience in his area of expertise and provides advice that is both considered and commercial.‘
‘Great industry knowledge, legal knowledge and speed of response.‘
‘Paul Lavery is the godfather of data privacy in Ireland and one of the nicest men in the law.‘
‘Commercially focused approach to the provision of legal advice. McCann FitzGerald partners apply their excellent knowledge of the law to commercial situations, providing excellent analysis and pragmatic solutions to complex issues.’
‘Paul Lavery is unmatched in his expert knowledge of data privacy law and the no-nonsense manner in which he communicates with his clients and delivers his advice.‘
‘Top-notch technical knowledge along with a very professional output.‘
‘Adam Finlay and Doug McMahon are both top of their field. They are smart, get our concerns and don’t get bogged down in legal points. They are practical yet thorough.‘
‘Paul Lavery is a consummate professional, who puts me at ease with his calm and knowledgeable approach, and his sensible interpretation and understanding of privacy law.‘
‘Doug McMahon has excellent knowledge of the subject and is technically sound, but always explains things in an understandable and relevant way.‘
Transport Infrastructure Ireland
United States Department of Justice
National Transport Authority
Independent News & Media
Genomics Medicine Ireland
- Advising Hostelworld on data protection compliance, including in relation to international data transfers, email marketing, record retention, cookies and user-generated content.
- Advising Transport Infrastructure Ireland on data protection compliance.
- Assisting Vhi with the processing of personal data.
William Fry advises on GDPR compliance, international data transfers, data subject access requests, the data protection aspects of cloud computing, and the management of data breaches and statutory investigations. On the contentious side, the team is involved in significant data privacy litigation. Clients include a number of multinationals and are drawn from the financial services, retail, transport, sports and life sciences sectors, as well as the technology industry. Practice head David Cullen specialises in handling data compliance projects and large-scale data breaches; Leo Moore acts for clients across the technology, financial services, sport, and food and beverages sectors; and John O’Connor has longstanding experience advising on GDPR compliance and cyber security.
BSA / The Software Alliance
Irish Rugby Football Union
FBD Insurance plc
Tesco & Tesco Mobile
Smurfit Kappa Group
- Acting for BSA / The Software Alliance in its successful application to be admitted as an amicus curiae in a significant data protection action brought against Facebook.
- Advising Free Now (formerly mytaxi) on data protection and privacy matters.
- Advising the Irish Rugby Football Union on its GDPR readiness programme.
Beauchamps has particular strength in advising public sector bodies on data protection issues, including GDPR compliance and training, data subject access requests and the crossover between data protection and freedom of information law. The team also advises on interactions with the Data Protection Commission such as data protection audits and responding to data breaches. Maureen Daly leads the practice and acts for public and private sector clients across a range of areas, including arts and entertainment, housing, healthcare, education, sports, technology and local government.
National Disability Authority
Nursing and Midwifery Board of Ireland
Irish Tax Institute
Institutes of Technology
Timbercreek Ireland Private Debt DAC
AIB Development Capital
- Advising the National Disability Authority on data protection issues.
- Acting for the Nursing and Midwifery Board of Ireland on data protection matters.
- Advising Pobal on data protection issues.
DAC Beachcroft Dublin
DAC Beachcroft Dublin has particular expertise in contentious data protection matters, including handling data breaches and reporting to the regulator, and regulatory investigations. The team also advises on GDPR compliance, data subject access requests, and data protection and data transfer issues arising from company restructurings. With the support of the firm's global network, it also advises on cross-jurisdictional matters. Clients are drawn from the insurance, financial, healthcare and pharmaceutical, professional regulatory and sports sectors. The practice is jointly led by Rowena McCormack and legal director Aidan Healy.
Rowena McCormack; Aidan Healy
Irish Horseracing Regulatory Board
Health Market Research Ireland Limited (hmR Ireland)
St. James’s Place International
- Advising Marsh on complex cross-border data protection issues and the restructuring of the client’s business arising from Brexit.
- Assisting Sport Ireland with data protection issues arising out of anti-doping investigations.
- Advising a number of insurers on data protection policies, data subject access requests and Brexit planning.
Eversheds Sutherland advises leading domestic and multinational clients on GDPR compliance, cross-border data transfers (including Brexit planning), and data processing arrangements. The team also assists with responding to data breaches and multi-jurisdictional data protection audits, and has particular expertise in advising on the data protection aspects of innovative Internet of Things and AI projects. Practice head Marie McGinley 'has a deep knowledge of the GDPR' and also advises on matters including data protection issues stemming from direct marketing initiatives.
‘Marie McGinley has a deep knowledge of the GDPR.‘
‘The team stands out for its expertise, professionalism, empathy, availability and affability.‘
‘It offers a genuine partnership, sustainable solutions and market expertise.‘
‘Unique ability in the practice area.‘
‘Good commercial skills. Able to adapt complex law to practical situations.‘
Independent News and Media
SunLife Financial of Canada
Ernst & Young
Competition and Consumer Protection Commission
Goffs Bloodstocks Limited
American Chamber of Commerce
Córas Iompair Éireann
- Advising Independent News and Media on data protection and privacy matters.
- Acting for Goffs Bloodstocks Sales Limited on GDPR compliance, the data aspects of direct marketing and data access requests.
- Advising the Competition and Consumer Protection Commission on GDPR compliance and data protection projects.
LK Shields Solicitors counts a number of leading Irish corporates and multinationals with Irish operations among its clients, as well as an increasing number of companies active in the foreign direct investment space. The team advises on GDPR compliance, data subject access requests, cross-border data transfers and data processing arrangements. It also assists with data breaches and regulatory investigations. The practice is led by Peter Bolger, who has particular expertise in advising on the data protection aspects of technology agreements, especially in relation to fintech, while Jeanne Kelly is also a key contact.
- Advising Merc Partners on the data protection aspects of its acquisition by Spencer Stuart International.
- Acting for Pramerica on data protection and privacy matters.
Philip Lee is best known for acting for the Data Protection Commission, with recent work including high-profile investigations and enforcement proceedings, judicial reviews challenging the decisions of the regulator, and significant data privacy-related litigation. The team also provides ongoing advice on GDPR, data sharing agreements, data breaches and notifications to other public and private sector clients. Damien Young specialises in acting for public bodies; the 'standout' Eoghan Doyle advises on GDPR compliance and the data protection aspects of corporate transactions; and Anne Bateman is particularly active advising clients in the transport and pharmaceutical sectors.
Damien Young; Eoghan Doyle; Sean McElligott
‘The team has the ability to fully understand the issues raised and address them in a very understandable way, and they stand out for their promptness, courtesy and friendliness.‘
‘The standouts are Eoghan Doyle and associate Sophie O’Connor.‘
‘Philip Lee offers the knowledge and expertise of a larger firm but the pricing and value for money is very competitive. While also a large firm, access to partners and associates is very good.‘
Broadcasting Authority of Ireland
Computer Services, Inc
Data Protection Commission
Dublin City Council
Irish Credit Bureau
National Treatment Purchase Fund
Riverdance group of companies
Road Safety Authority
Sigmoid Pharma (now Sublimity Therapeutics)
Tipperary, Clare and Limerick County Councils
- Advised Tipperary County Council, Limerick City and County Council and Clare County Council on GDPR compliance.
- Acting as sole legal advisers to the Data Protection Commission in matters including challenges to the regulator’s decisions, enforcement notices and the prosecution of offences, as well as the ongoing Schrems litigation.
- Advising An Bord Bia on GDPR compliance.
Public sector bodies form the core of Byrne Wallace's client base, but the 'experienced' team also acts for banks, financial institutions and companies in the technology and healthcare sectors, among others. The practice advises on GDPR compliance, data subject access requests, managing data breaches and reporting to the regulator, and appeals against decisions of the Data Protection Commission. The 'proficient, engaged and highly responsive' Séan O’Donnell jointly leads the practice with Brendan Gavin, who advises on data protection-related contractual matters such as data processing, sharing and transfer arrangements.
Seán O’Donnell; Brendan Gavin
‘The team provide an excellent service. They are easy to work with and quick to identify and resolve issues raised.‘
‘I found the individuals very helpful and enjoyable to work with. Associate Sarah Reavey provided excellent advice to guide our practice.‘
‘Practical, smart and value for money‘
‘Seán O’Donnell is client and delivery focused.‘
‘The team are highly competent across all levels.‘
‘Seán O’Donnell is proficient, engaged and highly responsive. He is also an unusually good listener and an excellent strategist. I couldn’t rate him more highly.‘
‘The Byrne Wallace team was very experienced in data protection and they provided experts in different areas such as HR and procurement and contract management as needs required. The team were firm and were certain of their expertise in the area, which in turn provided confidence to the organisation.‘
‘Sarah Reavey had a very practical approach and provided us with an end-to-end service, far exceeding our expectations.‘
- Advising a public sector body on GDPR compliance.
The 'knowledgeable and insightful' team at Ronan Daly Jermyn acts for public and private sector clients across the education, healthcare, insurance, financial services, media and technology sectors. The practice advises on matters ranging from GDPR compliance, data transfers, and data processing and sharing agreements to the management of data breaches and investigations by the Data Protection Commission. In Dublin, the 'fantastic' Bryan McCarthy advises private companies and state bodies on data management, while the 'excellent' Ricky Kelly advises on personal data breaches, notifications and investigations from the Cork office.
Bryan McCarthy; Ricky Kelly
‘The team is available, provides practical advice and understands the business.‘
‘Approachable, available, concise advice‘
‘Ricky Kelly provides a professional and well-thought-through service.‘
‘Associate Sarah Slevin is always able and willing to help us at a moment’s notice. The quality of work is always second to none.‘
‘The team acted in a very efficient and timely way. The advice was to a high standard.‘
‘Ricky Kelly was excellent to work with. He and his team were efficient in getting the work completed within the short timeframe available. Finally, he was very good at explaining issues to a person without a legal background. I found Ricky and his team very easy to work with and appreciated their clarity, professionalism, knowledge and approachability.‘
‘Very knowledgeable about current developments in the fast-moving area of data protection, Personable and approachable. Ricky Kelly and associate Aoife O’Sullivan stood out.‘
‘The team showed astute understanding of the primary legal issues as well as the commercial considerations relevant to my company’s business. This was invaluable.‘
‘The team at Ronan Daly Jermyn is knowledgeable and insightful.‘
‘Ease of contact. Speed and efficiency of reply on any questions asked. In-depth knowledge and comprehensive answers given.‘
‘Open and uncondescending. When dealing with both Bryan McCarthy and Sarah Slevin, I never feel the questions I ask are in any way stupid or a waste of time. Their answers and help always go above my expectations and never fall short.‘
‘I have always found them excellent in their knowledge and attention to detail.‘
‘Bryan McCarthy and Sarah Slevin have been fantastic.‘
‘The team is very good at understanding the client’s business and tailoring their advice accordingly.‘
‘Bryan McCarthy provided really comprehensive advice with practical next steps in order to address and mitigate against legal risks. He spent a great deal of time understanding the regulatory environment within which our company operates and tailored his advice appropriately.‘
GTT Communications, Inc.
Lidl Ireland GmbH
Gas Networks Ireland
Dominos Pizza UK and Ireland Limited
- Advising the Technological Higher Education Association on the data protection aspects of the collection, processing and sharing of student personal data.
- Assisting the Ombudsman for Children with the Data Protection Commission’s public consultation on the processing of children’s personal data.
- Advising Hiscox on policyholders’ cyber and data security incidents.