What do you do?
My practice focuses on information governance, digitalisation, cybersecurity and data privacy – simply put, my work covers anything that involves the use (or transfer) of data, either within an organisation or between organisations.
Why data?
I have always been interested in technology and enjoy playing with new gadgets and computer hardware, so I was looking for a specialism that would relate to such interest while also benefiting from my legal background.
I was drawn into privacy as I found that it is uniquely positioned between law and technology. When I first started, privacy was not as popular as it was today and many of my peers used to run away from any work which was connected to privacy, security or technology since these topics were perceived as being too technical. However, the law and technology just made sense to me so I was glad to be able to take on those projects and have kept on doing so. Today, I still enjoy reviewing evolving applications of technologies – such as artificial intelligence (AI), machine learning, facial recognition, and IOT devices, just to name a few – and how they present novel and exciting challenges from a legal perspective.
What’s keeping you busy?
A lot of clients are revisiting their privacy compliance programmes due to new developments in the privacy space (for example, due to new laws or regulations being enacted in this space, or recent ruling, such as the Schrems II decision from the European Court of Justice). There has been a renewed focus from organisations on their security framework (eg security measures, security policies, cyberattack response plans, etc), so that is also an area keeping me busy at the moment. Finally, there is a lot of work in relation to privacy compliance programmes (eg data mapping, privacy policies, review of data processing agreements, etc).
What mentors or other influential figures have helped you get where you are today?
I am grateful to have had the opportunity with wonderful mentors throughout my career. I would say that the partner I worked with at the first law firm that I worked at (Simpson Thacher & Bartlett) has had a tremendous impact on my career, since this is how I first got the opportunity to work on technology-related matters! In particular, I was grateful to have had the opportunity to work on some exciting cloud-related projects back when the cloud was still in its infancy, which later led to my paper ‘Caught in the Clouds: The Web 2.0, Cloud Computing, and Privacy?’ which I published in the Northwestern Journal of Technology and Intellectual Property in autumn 2010.
If you could change one data-related law, how and why would you change it?
If I could make a change in the current legislation, it would be putting in place federal privacy legislation so that a single comprehensive privacy law is in place throughout the country, instead of the existing patchwork of privacy laws which is currently in place. With new privacy laws coming into force (eg California's upcoming CPRA, Virginia's CDPA, etc), it is becoming increasingly difficult for companies to comply with the applicable requirements in each of the 50 states. Having federal legislation will greatly reduce the overall cost of compliance for organisations operating in more than one state, and would therefore benefit organisations of all sizes, in particular small to mid-sized organisations.
How has covid-19 affected what you do?
I would say that covid-19 has emphasised the incredible resilience of the tech industry and has given us a glimpse of the future of the workplace. For example, remote working and meetings via videoconference (with tools such as Zoom) are now widely accepted. We have also begun to see immensely practical benefits of AI-driven solutions, for example removing background noise from the microphone, applying virtual backgrounds without a green screen, real-time audio transcription of meetings, etc. Connectivity technologies such as 5G and enhanced versions of Wi-Fi (specifically Wi-Fi 6E) are also available now to enable high-speed connections. I think a lot of people will start to consider new workplaces going forward, such as work-from-home arrangements or working from a range of different spice up their everyday work experience.
What’s the next big thing – what data opportunities are companies now looking at?
I think we are looking at a growth in data volume and complexity driven by an increase of data collection across virtually all industries, multiple data types, multiple channels, multiple data inputs (eg embedded, IoT) and an even broader adoption of AI and machine learning.
What’s keeping companies worried at the moment – what are some key data risks?
The difficulty is often trying to comply with the increasingly complex global privacy law framework: while privacy laws may impose similar consumer rights, privacy laws in each jurisdiction is not exactly identical, meaning that organisations have to juggle with local variations and specificities.
What do you do to relax?
Playing with our German Shepherd, and of course playing with new gadgets and computer hardware.