Privacy Partnership Law
Privacy Partnership Law
  • Home
  • Expertise
  • Industries
  • Insights
  • Find people
  • More
    • Home
    • Expertise
    • Industries
    • Insights
    • Find people
  • Home
  • Expertise
  • Industries
  • Insights
  • Find people
Automotive and Transport
artificial intelligence
Business intelligence
Charities and Third sector
childrens' data
Life Sciences and Health
Market Research
Martech and Adtech
Media, entertainment and sport
Retail, utilities and consumer
Regulatory and advisory
Technology and telecoms

AuTomotive and Transport

We drive compliance success! Our specialist Automotive and Transport team is  led by our Senior Data Protection Consultant Nicola McKilligan .   We advise on the full spectrum of legal issues facing clients operating at the intersection of artificial intelligence, data privacy, and mobility. Our team has deep sector knowledge and technical understanding of the automotive and transport industries, allowing us to support both established players and innovative disruptors. Our services range from supporting routine commercial operations—including technology procurement, data sharing agreements, marketing compliance, and strategic partnerships—to advising on highly complex, high-stakes matters such as:


  • AI governance frameworks and regulatory compliance, including the EU AI Act and global privacy laws
     
  • Privacy and data protection challenges arising from connected vehicles, mobility platforms, and telematics systems
     
  • Risk assessments and ethical reviews for AI deployment in ADS equipped vehicles
     
  • Development and commercialization of data-driven services and in-vehicle technologies
     
  • Structuring and negotiating strategic alliances between OEMs and technology and advertising providers
     
  • Resolving regulatory issues involving algorithmic decision-making, consumer rights, and cross-border data flows.


Our clients include car and bike rental companies, researchers in the ADS equipped vehicle research, telematics providers and other automotive and transport companies. We regularly advise manufacturers, mobility providers, telematics companies and AI software developers, Our breadth of experience enables us to provide tailored, forward-thinking legal solutions to clients leading the evolution of intelligent mobility.  



Artificial intelligence

Selin Ozbek Cittone , Senior AI Counsel and CAIDP Fellow, leads our  AI governance practice which combines regulatory insight, ethical design principles, and practical compliance tools to help clients manage risk and use AI responsibly.


We work with global businesses and technology providers to establish clear, accountable AI governance frameworks that align with legal requirements and public expectations. Our approach is grounded in real-world application—we help clients not only understand the rules, but operationalise them in ways that work.


What We Deliver:


  • AI Governance Frameworks
    Design and implementation of tailored AI governance structures that define roles, responsibilities, model oversight, documentation, and escalation processes.
     
  • AI Risk & Impact Assessments
    Conducting AI-specific DPIAs, risk classification exercises, and algorithmic impact assessments—aligned with GDPR, UK ICO guidance, and EU AI Act requirements.
     
  • Emerging AI Regulation Advisory
    Supporting readiness for EU AI Act, UK AI regulation proposals, and global frameworks including the OECD AI Principles, G7 Hiroshima Process, and US Executive Orders. We help clients translate emerging rules into concrete steps across governance, procurement, and product design.
     
  • Model and Tool Vetting
    Reviewing third-party AI tools and LLMs for compliance, transparency, and data protection risks—particularly for high-risk use cases such as profiling, recruitment, biometrics, and automated decision-making.
     
  • AI Ethics & Transparency Reviews
    Assessing systems for explainability, fairness, and potential discriminatory effects—offering practical advice on how to improve model documentation, user transparency, and ethical safeguards.
     
  • Training & Organisational Readiness
    Delivering workshops, board briefings, and custom training to help teams—from procurement to product—to understand their obligations and embed best practices into day-to-day work.
     


We contribute to shaping the conversation around responsible AI globally, including through engagement with leading research and policy institutions. This informs our strategic insight and allows us to help clients stay ahead of both legal and reputational expectations.
 

Business intelligence, AML and Screening Services

Our team at Privacy Partnership advises leading providers of anti-money laundering (AML), know-your-customer (KYC), due diligence, screening, and verification services, including database operators and real-time checking platforms. Led by Senior Privacy Counsel Jonathan Beak, we support clients delivering trusted intelligence and compliance tools to businesses across finance, legal, corporate, and public sectors.


We understand the legal, ethical, and reputational risks involved in collecting, processing, and distributing sensitive personal data for fraud prevention, risk scoring, background checks, sanctions screening, and identity verification. We advise providers on how to operate with transparency, lawfulness, and accountability, while maintaining the integrity and reliability of their services.

Our expertise includes:


  • Legitimate interest and fraud prevention bases under UK/EU GDPR
     
  • Fairness and transparency in data sourcing and disclosures
     
  • Accuracy and data quality obligations under Article 5
     
  • Automated decision-making, scoring, and explainability
     
  • Data protection impact assessments (DPIAs) and risk assessments
     
  • Regulatory alignment with the ICO, FCA, EDPB, and global DPAs
     

We support clients in designing and updating policies, notices, contracts, and due diligence protocols, ensuring compliance with data protection laws, AML regulations, and sector-specific expectations. Our work helps data providers and intermediaries build robust governance frameworks, clarify controller/processor roles, and manage complex relationships with data sources, users, and subjects.

We also work on issues around:


  • Cross-border data transfers
     
  • Retention policies and audit trails
     
  • Data subject access, rights management, and redress processes
     
  • Use of AI and automation in risk scoring and alerts
     
  • Vendor onboarding, oversight, and assurance
     

Our clients include AML platforms, credit reference agencies, employment background screening companies, corporate registry and sanctions data providers, and identity tech startups. We are also trusted advisors to financial institutions and legal services that use these tools and need assurance of lawful and ethical data processing.


Charities and Third Sector

 At Privacy Partnership, we are proud to support charities, foundations, membership bodies, NGOs, and social enterprises in their missions to serve the public good while protecting the rights and dignity of the individuals and communities they support.


We advise on the responsible collection and use of personal data in fundraising, donor engagement, volunteer management, programme delivery, advocacy, and safeguarding. We help organisations build privacy frameworks that are proportionate, practical, and transparent, balancing compliance with resources and public trust.


Our services cover:


  • Lawful basis assessments for fundraising and supporter outreach
     
  • Consent and preference management
     
  • Safeguarding and sensitive data handling protocols
     
  • Privacy notices, supporter communications, and accountability
     
  • DPIAs for new services, partnerships, or tech platforms
     
  • Data sharing and collaboration across networks or consortia
     
  • Third-party processor and donor platform governance
     

We also support charities and NGOs embracing digital transformation, AI tools, and data analytics to advance their missions. From automated case triaging and predictive analytics to chatbots and donor segmentation, we guide clients through the data protection, algorithmic fairness, and ethical risks that come with innovation.


Our team frequently advises on:


  • Cross-border data transfers and international compliance
     
  • Regulatory engagement with the ICO
     
  • Responding to subject access and complaints with care and integrity
     

We understand the pressures third sector organisations face—working with limited resources, often in high-stakes or emotionally sensitive contexts. Our approach is grounded in collaboration, clarity, and pragmatism, helping clients meet their obligations while delivering impact.


From policy design and staff training to audits, breach response, and trustee briefings, we act as long-term partners to our charity and non-profit clients, ensuring that privacy and accountability are built into every layer of service and strategy.


Life Sciences and Health

The Privacy Partnership Life Sciences & Health Practice is a dedicated advisory group providing specialist data protection, privacy, and AI compliance services to pharmaceutical, biotechnology, medical device, and diagnostics companies globally.


Our team of legal and regulatory experts  led by Senior Privacy Counsel, Nick Tyler brings extensive experience supporting life sciences organisations with data protection and emerging AI governance requirements. We deliver practical, risk-based advice across the product lifecycle—from early-phase research and clinical development through to regulatory submission, commercialisation, and post-market compliance.


We support clients with:


  • Data protection strategies for clinical trials, including lawful basis, transparency, data subject rights, and cross-border transfers
     
  • DPIAs and legitimate interests assessments tailored to R&D, pharmacovigilance, and real-world data use
     
  • Privacy risk assessments and governance frameworks for AI applications in drug discovery, diagnostics, and patient engagement
     
  • Vendor risk management and third-party compliance for CROs, CDMOs, and AI providers
     
  • Operationalising global privacy obligations, including UK/EU GDPR, HIPAA, and local regulatory requirements
     
  • Advising on data protection and AI compliance for medical devices and digital health products, including connected devices, algorithmic tools, and software as a medical device (SaMD)
     
  • Embedding data protection by design into health technologies and AI-driven platforms across the product lifecycle
     
  • Responding to regulatory scrutiny and building accountability frameworks for high-risk data and AI use
     

We work with global and scaling life sciences businesses to ensure their privacy and AI governance keeps pace with innovation, enabling responsible data use in high-stakes, fast-moving environments. Our approach is legally rigorous, commercially attuned, and built on deep sector knowledge.

 

Market Research

We support clients across quantitative and qualitative research, behavioural analytics, neuroscience and biometric research, ethnography, UX testing, and social listening, offering strategic advice on data protection, AI risk, and ethical use of personal and sensitive data.


As the sector adapts to AI and automation, we advise on the deployment of tools such as large language models, synthetic data, and algorithmic analysis, ensuring responsible innovation in respondent recruitment, insight generation, and interpretation. We help clients assess and mitigate risks around automated profiling, bias, transparency, and participant trust.


Our advice covers all stages of the research lifecycle—from informed consent and participant rights to data minimisation and retention. We are experts in international data transfers, joint controller scenarios, DPIAs, and legitimate interests balancing, and regularly support clients with policy frameworks that align with GDPR, UK GDPR, and global standards including ISO 20252 and ESOMAR codes.


In support of B2B and B2C research, we work with global insight agencies, data panel providers, ad testing firms, political polling groups, and academic institutions. Our support also extends to tech vendors that enable research, such as survey platforms, biometric tools, and audience analytics engines, ensuring end-to-end privacy compliance.


We are trusted to deliver across complex and high-stakes projects, including AI governance programmes, supplier due diligence frameworks, contractual reviews, and preparation for regulator scrutiny. Our work spans multi-jurisdictional engagements, often coordinating with specialist firms worldwide to ensure local and sector-specific requirements are met.


In an industry built on trust, we help market research leaders to innovate confidently, operate ethically, and demonstrate accountability—not just to regulators, but to participants, clients, and the public.

Childrens' data and age appropriate design

Protecting children’s data and supporting ethical digital design are central to our work at Privacy Partnership. Led by Senior Privacy Counsel and Special Advisor Robert Bond, our team brings deep legal and sectoral expertise to clients designing digital services and technologies accessed by children and young people.

We advise global clients across edtech, gaming, social media, entertainment, streaming, and consumer platforms, helping them navigate the legal and ethical obligations of processing children’s data under UK GDPR, the Children’s Code (AADC) and wider international frameworks. Our work supports responsible innovation that puts children’s rights and welfare at the core of digital experiences.


We provide strategic and operational advice on:


  • Age-appropriate design and UX best practices
     
  • Age assurance and verification methods
     
  • Parental consent and guardian rights
     
  • Safeguarding risk assessments
     
  • Transparency for children and young users
     
  • Profiling and automated decision-making restrictions
     
  • Children’s rights impact assessments (CRIA/CPIA)
     

Our clients include major platforms, emerging app developers, and education providers, as well as regulators and policy bodies. We support the design of child-first policies, privacy dashboards, and in-service prompts, ensuring services are not only legally compliant but developmentally appropriate and supportive of children’s evolving capacities.


We also contribute to policy development and industry standards, working with regulators, civil society, and international working groups to promote safe-by-design principles, age-appropriate governance, and the harmonisation of children’s data protection standards globally.


Our advisory services extend to:


  • DPIAs and children's rights DPIAs
     
  • Safeguarding frameworks and moderation oversight
     
  • Responding to regulator queries and stakeholder scrutiny
     
  • Design audits and AI/algorithm governance in child-directed services
     

Through collaborative, hands-on engagement, we help organisations to build trust with young users and families, comply with high regulatory expectations, and lead in designing ethical, child-centred digital environments.

Martech and AdTech

Our Marketing and Adtech team is led by Senior Privacy Counsel Jo Murphy, 


We advise ad networks, publishers, DSPs, SSPs, Martech providers, agencies, and brands on the complex regulatory and ethical dimensions of programmatic advertising, real-time bidding (RTB), and audience profiling.


Our expertise spans consent management, legitimate interests assessments, cookie compliance, and DPIAs, helping clients to responsibly leverage data in compliance with GDPR, ePrivacy, and global privacy laws.


As advertising becomes increasingly data- and AI-driven, we support clients in navigating the risks and responsibilities of automated decision-making, algorithmic bias, behavioural targeting, and consumer trust. We advise on AI governance in adtech, including vendor risk assessments, explainability in algorithmic systems, and oversight frameworks for AI tools used in targeting, segmentation, and optimisation.


We work with global media platforms, data brokers, and measurement providers to address issues such as cross-device tracking, data clean rooms, identifier usage (IDFA/GAID replacements), and international data transfers. Our guidance enables clients to remain competitive while aligning with the fast-evolving expectations of users, regulators, and industry codes like the TCF and DSA.


We also advise streaming platforms, content distributors, and rights holders on adtech integrations involving first-party data strategies, contextual targeting, dynamic ad insertion, and biometric data use in interactive content and advertising formats.


From regulatory strategy and litigation support to AI audits and operational implementation, we act as trusted partners to our clients—collaborating with specialist law firms in key markets and supporting projects with multi-jurisdictional and high-risk footprints. Our aim is to help organisations in the adtech ecosystem innovate responsibly, reduce regulatory exposure, and build sustainable data-driven models.


Media, Entertainment and sport

Our Media, Entertainment and Sports team  is  led by our Senior Privacy Counsel and Special Advisor 

Robert Bond.  Robert manages a team which brings together deep sector expertise and a sharp focus on data protection and AI governance to support clients operating at the intersection of media, technology, and sport.


We advise leading publishers, national newspapers, global broadcasters, and digital media platforms on the evolving legal and ethical challenges of processing personal data, deploying AI systems, and innovating responsibly in an era of algorithmic decision-making and complex regulatory demands. Our clients rely on us to help them navigate issues such as AI in content curation, audience analytics, targeted advertising, biometric use in production, and cross-border data flows.


In the sports sector, we work with leagues, clubs, and tech providers to address sensitive issues around athlete data, performance tracking, facial recognition, and automated decision-making. We help clients manage these innovations with integrity, ensuring compliance with global standards and sector-specific codes.


We also have extensive experience supporting the gaming and gambling industries, advising operators and developers on AI-enabled player profiling, behavioural monitoring, age verification, transparency, and regulatory readiness. Our deep understanding of these fast-moving sectors makes us a strategic partner for organisations seeking to lead responsibly and reduce risk.


From regulatory strategy to AI risk assessments, algorithm audits to international data compliance, our clients trust us to lead and coordinate their projects worldwide through collaboration with other hand chosen specialist law firms who partner with us  often across multiple jurisdictions and with wide-ranging technological and operational impact.



retail, uitilities and Consumer

At Privacy Partnership, we work with some of the world’s most prominent retailers, consumer brands, and utilities providers to help them responsibly manage the use of personal data and AI technologies across highly regulated, customer-facing environments. Our Senior Privacy Consultant Gary Brooks specialises in this area and has over 20 years experience advising UK companies on these issues. 


We support clients in embedding data privacy and AI governance at the heart of innovation—across everything from e-commerce personalisation and connected products, to smart infrastructure and predictive analytics in the utilities sector. Our advice is rooted in a deep understanding of the commercial pressures and operational realities faced by these industries.


Our team is particularly experienced in delivering high-impact advisory services that include:


  • Data Protection Impact Assessments (DPIAs) and AI risk assessments for automated decision-making, profiling, and personalisation systems
     
  • Legitimate Interests Assessments (LIAs) to ensure robust, well-documented risk balancing
     
  • Ethical and transparency reviews, including dark patterns audits and user journey testing
     
  • AI governance frameworks aligned with the GDPR, UK ICO guidance, and EU AI Act developments
     

We also provide strategic support in handling complex Data Subject Access Requests (DSARs) and managing complaints—including those involving AI decisions, data sharing, or sensitive issues such as profiling, biometrics, or behavioural targeting. Our team helps clients design effective workflows, mitigate enforcement risks, and respond confidently to regulatory scrutiny.


In the utilities space, our sector specialists also advise on:


  • Smart meter data processing and retention
     
  • AI-powered demand forecasting and system optimisation
     
  • Customer data platforms and cross-channel transparency
     

Whether clients need help responding to a regulator, assessing the impact of new AI tools, or developing sector-appropriate data ethics frameworks, our advice is clear, practical, and grounded in deep industry knowledge.


We’re trusted by leading organisations to:


  • Build compliance into new digital products, platforms, and services
     
  • Audit and remediate legacy data processing operations
     
  • Navigate cross-border data flows and third-party risk
     
  • Engage with regulators and support enforcement preparedness
     

 

reGulatory and advisory

 Our team regularly liaises with supervisory authorities, including the ICO, CNIL, DPC, and EDPS, as well as US regulators, to advocate on behalf of our clients, provide expert input on complex investigations, and facilitate transparent, constructive regulatory relationships. 


We support clients in preparing for regulatory investigations, audits, and enforcement, offering a clear and strategic voice in high-risk or politically sensitive matters.


We also contribute to public consultations, working with industry groups, NGOs, and international organisations to shape regulatory approaches to privacy, AI, and emerging technologies. Our input reflects both legal rigour and a practical understanding of implementation challenges, ensuring that the perspectives of data controllers, processors, and technology providers are well-represented.

Clients rely on us for strategic guidance in areas such as:


  • Regulatory strategy and positioning
     
  • Pre-emptive engagement and voluntary disclosures
     
  • Responding to investigations and enforcement actions
     
  • Policy development and codes of conduct
     
  • Designing and negotiating Binding Corporate Rules (BCRs)
     
  • Certifications, codes, and Article 40/42 frameworks
     
  • Advising on participation in regulatory sandboxes or innovation initiatives
     

We also support clients in sectors subject to overlapping and evolving regulatory regimes—such as adtech, healthtech, finance, and AI-driven platforms—to ensure a cohesive and coordinated approach across data protection, consumer protection, and algorithmic accountability laws.


Through our global network of specialist counsel and thought leaders, we offer clients a multi-jurisdictional and forward-looking perspective, helping them to align operational practices with both current obligations and future regulatory expectations. Our goal is not just to ensure compliance, but to position our clients as leaders in transparency, accountability, and trust.


 

Technology and Telecoms

Senior Privacy Counsel, Boris Wojtan advises some of the world’s most prominent technology companies, digital platforms, and global tech outsourcers on how to responsibly design, scale, and govern data-intensive systems and AI-powered services. Our clients include Big Tech leaders, rapidly scaling innovators, and strategic vendors delivering critical outsourced services across cloud infrastructure, AI tooling, content moderation, and user operations.

We work with product, legal, compliance, and engineering teams to embed data protection and AI governance into the heart of technological innovation—supporting use cases ranging from generative AI and LLMs, to smart devices, behavioural analytics, SaaS platforms, and global cloud services.

Our advisory services include:


  • DPIAs and AI risk assessments for profiling, automation, and algorithmic decision-making
     
  • Design and implementation of AI governance frameworks and model oversight mechanisms
     
  • Vendor due diligence, including evaluation of third-party tools and ML supply chains
     
  • Dark pattern audits and UX transparency reviews for digital platforms
     

We are also recognised for our expertise in handling high-risk DSARs and complaints—especially where sensitive or complex processing is involved. This includes support for:


  • Large-scale or global DSAR workflows, often involving unstructured data
     
  • Requests touching on surveillance, algorithmic decisions, or sensitive profiling
     
  • Strategic complaints to regulators or raised in the context of product launches, media coverage, or enforcement risk
     

In the telecommunications sector, we advise fixed and mobile operators, cloud comms providers, satellite services, and OTT platforms on:


  • Subscriber data governance and lawful access frameworks
     
  • DPIAs for real-time location data, network optimisation, and service analytics
  • Customer transparency and accountability for bundled content, apps, and digital services
     

We also work directly with  Standards bodies and Regulators, supporting with:


  • Drafting and reviewing data protection standards, regulatory guidance, and sector-specific codes
     
  • Advising on regulator-led DPIAs, impact analysis, and enforcement readiness
     

Our strength lies in combining deep legal and technical expertise with industry insight to deliver pragmatic, risk-aware guidance. 

  • Privacy Policy
  • Legal
  • Contact Us
  • Careers
  • Website Terms
  • Terms of Business
  • Nominated Representatives
  • Complaints
  • About us

Privacy Partnership Law Ltd  is regulated by The Solicitors Regulation Authority with registration number  829686 .  

Privacy Partnership Law Ltd. is a registered company based in England and Wales with a registration number 13211514 - and a registered office at

7 Eland Rd, London Sw11 5JX. VAT number 401788010.  It forms part of the Privacy Partnership Group of Companies.


Copyright © 2025 Privacy Partnership Law Ltd - All Rights Reserved no part of this website may be copied or reproduced without permission.

This website uses cookies.

We use necessary cookies to make our site work. We would  also like your permission  to set optional analytics cookies to help us improve it. Clicking 'Accept' below will set cookies on your device to remember your preferences. Find out more in our Privacy Policy or scroll down to read more about the different types of cookies.

Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics cookies

Where you select "Accept" we set Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone. For more information on how these cookies work see https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en-US

DeclineAccept