Shauna Joyce

I am a senior associate in Bird & Bird's International Privacy and Data Protection Group, based in the Dublin office where I am a member of the Irish Privacy & Data Protection team. I am a specialist in my field, advising across a broad spectrum of privacy, data protection and related issues.

I have extensive experience advising domestic and multinational organisations across a broad spectrum of privacy and data protection issues, as well as on regulatory strategy and engagement in the context of statutory inquiries, information requests and complaint handling. I advise on a number of large-scale projects, including in relation to (i) large multijurisdictional projects involving children's data protection and online safety obligations; (ii) large-scale data subject access request strategy and response; (iii) cyber incident response; and (iv) data protection by design and by default obligations.

I have additional experience advising on largescale GDPR compliance projects and data transfer and sharing arrangements, with a focus on the underlying contractual frameworks required by such projects.

Prior to joining Bird & Bird, I qualified into the Technology & Innovation Group of a leading Irish law firm, before leaving to pursue an LLM in International Human Rights Law at the University of Galway. During my LLM year, I maintained my commercial practice, working in the Technology Group of another leading Irish firm through a flexible service model.

Given my background, I have a keen interest in the intersection between privacy and children's rights and children as digital rightsholders. I particularly enjoy advising on the GDPR, UN Convention on the Rights of the Child and current EU and domestic laws on online safety and content moderation, as well as on forthcoming EU legislation and regulatory developments in this ecosystem.

• Project management and delivery of a largescale multijurisdictional project across 30 EEA jurisdictions on issues relating to children's data protection and online safety obligations.
• Project management of and delivery of advice on (i) the handling of personal data relating to minors; and (ii) transactions and marketing involving minors in the context of its online gaming and connected services, across 15 jurisdictions.
• Advising a number of clients in relation to the concept of lead supervisory authority ("LSA") under the GDPR, and the requirements for demonstrating that an organisation falls under the remit of a particular data protection authority in the EU/EEA as an LSA.
• Advising in relation to a largescale cyber security incident, including strategy advice and drafting notifications to the relevant authorities and affected individuals, including managing notifications in other jurisdictions.
• Advising in relation to a number of largescale contentious data subject access requests, including drafting review methodologies, conducting and managing the reviews, drafting response letters to the data subject and managing interaction with the Data Protection Commission.