Dr Nóra Ní Loideáin

Contact details

Dr Nóra Ní Loideáin
B.A., LL.B., LL.M. (Hons) (National University of Ireland, Galway); Ph.D. (Cantab)
Director and Senior Lecturer in Law, Information Law and Policy Centre
Institute of Advanced Legal Studies
Institute of Advanced Legal Studies 17 Russell Square London WC1B 5DR
Email address:

Research Summary and Profile

Research interests:
Africa, Europe, Ireland, United Kingdom
Summary of research interests and expertise:

Dr Nora Ni Loideain is Assistant Professor in Law and Director of the Information Law & Policy Centre at the University of London’s Institute of Advanced Legal Studies. Her research focuses on EU law, European human rights law, and emerging technologies, particularly within the contexts of privacy and data protection, criminal justice, and national security. Recent research includes a forthcoming monograph on EU Data Privacy Law and Serious Crime (Oxford University Press).

Nora holds BA, LLB, and LLM (Public Law) degrees from the National University of Ireland, Galway, and was awarded a PhD in law from the University of Cambridge. Previously, Nora held the posts of Visiting Lecturer in Law at King’s College London and Research Fellow and Affiliated Lecturer in Law at the University of Cambridge. In 2019, she was appointed to the UK Home Office Biometrics and Forensics Ethics Group (BFEG) which provides independent advice ensuring the robustness of evidence underpinning biometrics and forensics policy development for public security within the Home Office.

Nora is a member of the Board of Trustees for the British and Irish Legal Information Institute (BAILII) and an editor of leading law journal International Data Privacy Law (Oxford University Press). She is also a Senior Fellow at the University of Johannesburg and an Associate Fellow at the University of Cambridge Leverhulme Centre for the Future of Intelligence (LCFI). Prior to her academic career, Nora was a Legal and Policy Officer for the Office of the Director of Public Prosecutions of Ireland and clerked for the Irish Supreme Court. Her work on AI, human rights and data protection law, policing and Brexit, has been published by the BBC, The Guardian, Science, the House of Lords, and the United Nations.

Publication Details

Related publications/articles:

Date Details
17-Feb-2022 Beyond Brexit: EU-UK Policing, Security, and Data Sharing


The final version of this chapter will be published in Eleni Kosta & Franziska Boehm (eds), The Law Enforcement Directive: A Commentary (Oxford University Press 2023).

The EU made legal history in its unprecedented step to grant adequacy decisions under both the EU General Data Protection Regulation (GDPR) and the EU Law Enforcement Directive (LED) to the UK. Of course, although the UK is now a third country, as a former EU Member State it is still considered part of the ‘European privacy family’. However, subsequent developments suggest that major divergences may be on the cards with respect to the relationship of the UK legal order with the EU and ECHR legal systems and the UK’s alignment with both concerning the protection of personal data.

This paper identifies and examines the EU, UK, and international legal frameworks governing data sharing for law enforcement and security purposes established as a result of the UK's exit from the EU.The analysis discusses the overall negotiations process underpinning Brexit and examines the key resulting regimes, including the Trade and Cooperation Agreement (TCA) and the EU-UK data adequacy agreements granted under the GDPR and the LED.

The paper concludes with some critical analysis and reflections on the above frameworks, with particular regard to the implications for the protection of EU fundamental rights, current compliance issues with EU law and Article 8 ECHR posed by the UK Investigtory Powers Act 2016, and how proposed reforms to the UK's Human Rights Act risk jeopardising the TCA and both EU-UK Adequacy Decisions.

Keywords: Brexit, data protection, data adequacy, law enforcement, GDPR, TCA, LED, EU law, EU fundamental rights, ECHR, right to privacy

13-Dec-2021 Rosemary Jay et al, Data Protection Law and Practice (5th edition) (Sweet & Maxwell 2020)


Dr Nóra Ní Loideain reviews the 5th edition of a seminal textbook on data protection for legal practitioners for Society for Computers and Law.

19-Jun-2021 Enabling the use of health data for research: developing a POPIA Code of Conduct for research in South Africa


Globally, there has been a move toward ‘open science’ that includes the sharing of health data for research. The importance of data sharing for research is generally acknowledged, but this must only be done with legal and ethical procedures and protections in place. The use and sharing of health data for research in South Africa has changed with the coming into force of the Protection of Personal Information Act (POPIA). POPIA should ensure greater transparency and accountability in the use of personal information.

POPIA, however, adopts a principle-based approach to the regulation of personal information, and there is a lack of clarity and uncertainty in the application of some of these principles to the use of health data for research. POPIA provides for sector-specific responses through the development of codes of conduct. In this article, we discuss the need for a code of conduct for health research, and an approach that could be adopted in its development.

03-Jun-2021 Gender as Emotive AI and the Case of ‘Nadia’: Regulatory and Ethical Implications

Conference papers

Selected for presentation at the Privacy Law Scholars Conference 2021, Georgetown University (co-authored with Rachel Adams and Damian Clifford).

This paper unpacks the regulatory and ethical problematics of the artificial intelligence (AI) powered virtual assistant, ‘Nadia’, developed for use in the Australian Government’s National Disabilities Insurance Agency (NDIA).

We explore how Nadia is gendered female, utilises high-risk AI technologies, including emotive-inducing AI and machine learning to monitor highly sensitive health and biometric data, and was developed for use by a group deemed vulnerable to further human rights violations under international law.

Drawing from the human rights frameworks of the EU and the European Convention on Human Rights, particularly the rights to data protection law and privacy, we explore how a system like Nadia poses interferences with, and potential violations to, the fundamental human rights of vulnerable groups, and discuss what regulatory provisions and frameworks could have been put in place to safeguard Nadia.

Keywords: AI, Australia National Disability Insurance Agency (NDIA), biometrics, dignity, emotion monitoring, ethics, facial recognition, governance, regulation, gender, impact assessments, privacy, protection of personal data, virtual personal assistants, vulnerable groups

01-Jul-2020 ‘Regulating health research and respecting data protection: a global dialogue (2020) 10(2) International Data Privacy Law


(2020) 10(2) International Data Privacy Law - Special Symposium Issue on Health Research and Data Protection in Africa 115 (Editor and author) The global COVID-19 pandemic has focused minds sharply on the valuable role to be played by data collection and analysis for advancing health research, especially how it may help in informing and developing policy responses. Modern health research requires vast collections of data. Ensuring open access and wide sharing of these huge data sets that contain highly sensitive personal information within the international scientific community is also essential to the development of medical treatments and research breakthroughs. The importance of all of these factors drastically increases in times of emergency when rapid responses are urgently needed from the scientific community (such as the development of a vaccine). However, as the European Commission and academic commentators point out, any such measures must also be lawful and proportionate, comply with data protection law, and respect the fundamental rights of those who have shared their health data

24-Apr-2020 ‘Alexa to Siri and the GDPR: The Gendering of Virtual Personal Assistants and the Role of EU Data Protection Law’


(2020) 36 Computer Law and Security Review (co-author with R. Adams) With female names, voices and characters, artificially intelligent Virtual Personal Assistants such as Alexa, Cortana, and Siri appear to be decisively gendered female. Through an exploration of the various facets of gendering at play in the design of Siri, Alexa and Cortana, we argue that this gendering of VPAs as female may pose a societal harm, insofar as they reproduce normative assumptions about the role of women as submissive and secondary to men. In response, this article turns to examine the potential role and scope of data protection law as one possible solution to this problem. In particular, we examine the role of data privacy impact assessments that highlight the need to go beyond the data privacy paradigm, and require data controllers to consider and address the social impact of their products.

01-Dec-2019 'Addressing indirect discrimination and gender stereotypes in AI virtual personal assistants: the role of international human rights law'


(2019) 8(2) Cambridge International Law Journal 241 (co-author with R. Adams) Virtual personal assistants (VPAs) are increasingly becoming a common aspect of everyday living. However, with female names, voices and characters, these devices appear to reproduce harmful gender stereotypes about the role of women in society and the type of work women perform. Designed to ‘assist’, VPAs – such as Apple's Siri and Amazon's Alexa – reproduce and reify the idea that women are subordinate to men, and exist to be ‘used’ by men. Despite their ubiquity, these aspects of their design have seen little critical attention in scholarship, and the potential legal responses to this issue have yet to be fully canvassed. Accordingly, this article sets out to critique the reproduction of negative gender stereotypes in VPAs and explores the provisions and findings within international women's rights law to assess both how this constitutes indirect discrimination and possible means for redress. In this regard, this article explores the obligation to protect women from discrimination at the hands of private actors under the Convention on the Elimination of All Forms of Discrimination Against Women, and the work of the Committee on Discrimination Against Women on gender stereotyping. With regard to corporate human rights responsibilities, the role of the United Nations Guiding Principles on Business and Human Rights is examined, as well as domestic enforcement mechanisms for international human rights norms and standards, noting the limitations to date in enforcing human rights compliance by multinational private actors.

28-Jun-2019 ‘A port in the data-sharing storm: the GDPR and the Internet of things’


(2019) 4(2) Journal of Cyber Policy 178 The onward march of the ‘Internet of Things’ (IoT) heralds an all-encompassing data-driven society where the collection, analysis, sharing, and retention of personal data by service providers, machines and objects will be pervasive and ubiquitous, thereby normalising sustained data gathering from any source possible. In other words, the full realisation of the IoT would best be described as a data-sharing storm where there are no controls or safeguards on what data is shared, who it is shared with, or for what purposes data is used or re-used. As a legal framework that stipulates key principles and safeguards that must be employed when processing of personal data takes place within its scope of application, the EU General Data Protection Regulation (GDPR) represents a port in the data-sharing storm put forward by this vision of the IoT. This article examines what role the recent major upgrade of EU data protection law, under the GDPR, may play in addressing the data protection implications and challenges posed by the IoT for data controllers and processors.

22-May-2019 ‘Ethical and practical issues to consider in the governance of Data Sharing for Genomic and Human Research Data in South Africa: a meeting report’


AAS Open Res 2019, 2:15 (co-author with C. Staunton et al)

29-Nov-2018 A Bridge too Far? The Investigatory Powers Act 2016 and Human Rights Law”

Edited Book

in L. Edwards (ed), Law, Policy and the Internet (2nd ed., London: Hart, 2018) (forthcoming)

01-Feb-2018 An Unstoppable Force and an Immoveable Object? EU Data Protection Law and National Surveillance

Journal articles

 (2018) 8(1) International Data Privacy Law 1 (with C.Kuner, O.Lynskey, C.Millard, F.Cate & D.Svantesson)

01-Jan-2018 Children and Digital Rights


 (2018) 23(1) Communications Law 1 (with P.Wragg)

01-Nov-2017 Cape Town as a Smart and Safe City: Implications for Governance and Data Privacy (2017) 7(4) International Data Privacy Law 314

Journal articles

(2017) 7(4) International Data Privacy Law 314

01-Sep-2017 Review of R. Jay, Guide to the General Data Protection Regulation


(London: Sweet & Maxwell, 2017) (2017) 22(4) Communications Law 140

Professional Affiliations

Professional affiliations:

Name Activity
International Data Privacy Law (Oxford University Press) Peer-reviewed journal editor
Biometrics and Forensics Ethics Group, UK Home Office


Name Type Activity Start date End date
British and Irish Legal Information Institute Trustee 02-Sep-2019
Consultancy & Media
Available for consultancy:
Media experience:
Back to top