Technology Regulation and Investigations

Our Technology Regulation and Investigations team is a strategic partner to the world’s largest technology companies. Our expert team can help you to navigate the increasingly complex landscape of intensifying technology regulation in Europe.

Located in Dublin at the heart of Ireland’s EU technology regulation hub, we offer a fully-integrated team of experts in privacy and data protection law, litigation, content and platform regulation, security and law enforcement issues and all other aspects of digital regulation.

Our lawyers work fluently with legal specialists, business leadership, policy teams, product counsel and engineers to deliver the best possible outcomes in regulatory investigations involving the most complex products and data uses.

A&L Goodbody LLP is a market-leader in:

Data protection investigations under GDPR’s one-stop shop

  • We have been lead advisors on many of the most significant cross-border statutory inquiries by Ireland’s data regulator, the Data Protection Commission (DPC), under the General Data Protection Regulation (GDPR) to date in the technology sector. We thrive on complex, fast-paced and cross-border investigations for business-critical data uses. Our team offers a single point of contact on an investigation from first engagement by complainants and data protection authorities through to the investigation and enforcement stages. We help technology companies respond to enforcement decisions to manage risks, and implement product privacy remediation in a way that builds user and regulator trust. Where necessary we defend on follow-on litigation and limit secondary risks. We represent our clients in statutory appeals and judicial review actions before the Irish and EU courts.

Data breaches, crises and cyber security incidents

  • We help technology companies to respond to and contain data incidents, including data breaches under the GDPR, cyber attacks, outages and systems failures. Large-scale data incidents require a coordinated response. We support on breach and incident notifications to regulators across Europe, including to the DPC and other data protection authorities under the GDPR and the ePrivacy Directive, competent cyber security regulators under the Network & Information (NIS) Directive, telecommunications regulators under the European Electronic Communications Code and all other relevant authorities. We have helped many of our clients to develop their core policies and procedures in these areas and we are available around the clock to implement them.

Content and platform regulation

  • The technology regulation landscape in Europe is changing. We have helped to build compliance structures and manage regulatory engagement for gatekeeper platforms under the Digital Markets Act (DMA), online intermediaries and platforms under the Digital Services Act (DSA) and Platform to Business (P2B) Regulation, as well as video sharing platforms under the Audio Visual and Media Services (AVMS) Directive and Ireland’s Online Safety and Media Regulation Act (OSMR). We advise major service providers across the digital economy including online marketplaces, social networks, content-sharing platforms, app stores, online travel and accommodation platforms and many others. Our experts support on, and defend, regulatory investigations and enforcement action across all of these areas of digital regulation.

Law enforcement issues and data disclosure strategy

  • We support the world’s largest technology companies on engagement with law enforcement agencies around the world, including on user data access issues. We develop policies and strategies to manage lawful data requests while limiting risk, protecting privacy and maintaining user trust. We help providers to navigate the complexities of international data flows, conflicts of law and the requirements of EU and member state government and law enforcement authorities and related security and privacy issues. We offer export support in all areas relating to the regulation and collection of digital evidence, including under the proposed e-Evidence Regulation, EU member state data laws on data retention and lawful interception. We represent our clients in litigation including judicial review actions in the Irish courts and beyond to protect providers and their users.