Shauna Joyce

I am an associate in Bird & Bird's International Privacy and Data Protection Group, based in the Dublin office where I am a member of the Irish Privacy & Data Protection team. I advise across a broad spectrum of privacy and data protection issues.

My experience covers all areas of data protection law. I have extensive experience advising domestic and multinational companies on regulatory strategy and response to the Data Protection Commission in the context of statutory inquiries, information requests and complaint handling. I advise on a number of large-scale regulatory issues, including in relation to (i) large-scale data subject access request strategy and response; (ii) cyber incident response; and (iii) DPIAs.

I have additional experience advising on largescale GDPR compliance projects and data transfer and sharing arrangements, with a focus on the underlying contractual frameworks required by such projects.

Prior to joining Bird & Bird, I qualified into the Technology & Innovation Group of a leading Irish law firm, spending two years there before leaving to pursue an LLM in International Human Rights Law at the University of Galway. During my LLM year, I maintained my commercial practice, working in the Technology Group of another leading Irish firm through a flexible service model.

Given my background, I am passionate about privacy as a collective and individual human right. I have particular interest in the intersection of business, human rights and surveillance technologies, as well as the European framework on human rights and its interaction with data protection regimes.

• Join strategy lead on a large multinational technology company's submissions to, and interactions with, the Oireachtas Joint Committee on Justice and Equality on online harassment and harmful communications.
• Advising in relation to a largescale cyber security incident, including strategy advice and drafting notifications to the relevant authorities and affected individuals, including managing notifications in other jurisdictions.
• Advising in relation to a number of largescale contentious data subject access requests, including drafting review methodologies, conducting and managing the reviews, drafting response letters to the data subject and managing interaction with the Data Protection Commission.
• Advising in relation to the development of a Code of Conduct for the Digital Safety of Children in conjunction with a large business representative group.
• Advising on cookies, direct marketing and geolocation tracking under the ePrivacy Directive.