Privacy, Data Protection & Information Management

The Practice

We have a market leading reputation in the area of privacy, data protection, security and information management. We have built our practice over many years by providing solutions-oriented advice across the broadest spectrum of industries and issues. We pride ourselves on understanding our clients’ perspectives and on the responsiveness and practicality of our advice in what is an increasingly challenging area of European and international law.

Led by partner Rob Corbet, our team includes partner Colin Rooney and Consultant Dr. Robert Clark while our strength in depth is supplemented by several associates within our Technology & Innovation team, each of whom has built expertise in the protection and commercial exploitation of data as an intellectual asset.

On Tuesday 5 November 2019, Arthur Cox hosted the inaugural Data Protection Leadership Forum in the National Concert Hall, Dublin. The event featured a key note speech from Data Protection Commissioner, Helen Dixon, followed by a range of panel discussions and a Q&A session. Here, we look at a few highlights from the event:


We are consistently ranked as the market leading data protection group in Ireland.  We act for many of the world’s highest profile data controllers who have their main EU establishments in Ireland.  We have advised on GDPR compliance projects on a global scale and we are actively advising many clients in relation to their response to regulatory investigations and enforcement actions undertaken by the Data Protection Commission and by other EU Data Protection Supervisory Authorities.


Within the data privacy sphere, we routinely advise clients in relation to the following areas:

Legislative Compliance – including compliance with the Data Protection Acts 1988 to 2018 and the EU GDPR, the laws governing ePrivacy, the right to privacy established by the Irish Constitution and the right to private correspondence under Article 8 of the European Convention on Human Rights.

Defending Enforcement Actions – we have market leading experience in advising domestic and multi-national clients in relation to enquiries, investigations, prosecution, dawn raids and other enforcement actions undertaken by the Data Protection Commission and EU Data Protection Supervisory Authorities.

International Data Transfers – Ireland as a corporate data centre and trans border data flows (including Model Clauses, Binding Corporate Rules, EU-US Privacy Shield and other permitted means to legitimise the export and disclosure of personal data).

Cyber Security – our lawyers have advised on some of the highest profile data breach incidents in Ireland and internationally. We have acquired a depth of experience in cyber security matters, including incorporating proactive steps to comply with security laws and standards, responding to a cyber incident, engaging with law enforcement and data protection authorities and defending associated litigation.

Data Protection in the Workplace – we have acted for some of the highest profile cases involving the theft or abuse of data in the workplace, working closely with our colleagues in our market leading Employment Group.

Freedom of Information

The Technology and Innovation Group advises on all aspects of Freedom of Information (“FOI”) law and other laws governing access to records. We work with both public bodies who fall within the scope of FOI and with private sector entities in their dealings with such public bodies. We advise on the full range of issues relevant to the Freedom of Information Act 2014 and other relevant legislation, including:

  • Making and processing FOI requests and applications.
  • Interaction of the FOI Act with the GDPR, the Data Protection Act 2018 and other privacy laws.
  • Interaction with confidentiality and legal privilege, and disclosure in litigation, investigations and inquiries.
  • Access to Information on the Environment (AIE) Regulations, with our colleagues in the Environment and Planning team.
  • Guidance for public bodies on compliance with the FOI Act 2014 and the FOI Code of Practice.
  • Guidance for private bodies engaged in third party consultation under section 38 of the FOI Act 2014.
  • Application of available exemptions in relation to requests pursuant to the FOI Act 2014 and mechanisms for addressing refusals of access by public bodies.
  • Dealing with public bodies in relation to the provision of confidential and commercially sensitive information by commercial entities.
  • Procedural advices on the review of decisions, including on public body internal reviews and review by the Information Commissioner.
  • Appeals of Information Commissioner decisions to the High Court.
  • Publication Schemes.
  • Tailored FOI training.
  • Information management and document retention policies.

Recent Work

  • Advising a multinational pharmaceutical company on third party consultation with a public body and making submissions in relation to the non-disclosure of confidential information.
  • Advising a third level institution on an FOI request from one participant in a tender process in relation to records relating to other participants in the tender.
  • Advising on use of FOI in the context an employment law dispute.
  • Advising a public body on the interaction of GDPR and FOI disclosure requirements.
  • Advising on the voluntary release of records in the context of an FOI request.
  • Advising on the submission of sensitive records to a public body.
  • Advising on the interaction of the FOI Act and the AIE Regulations.
  • Advising on a request for mixed records (subject to the FOI Act and not subject to the FOI Act).