Sarah O'Brien Managing associate

Contact details

Sarah O'Brien

Sarah O'Brien
Managing associate

T: +44 20 7809 2481 M: +44 7766 828548 Email Sarah | vCard Office: London

Sarah navigates the complex landscape of data and technology and brings a unique blend of legal expertise and creativity to her advice.  She has extensive experience working on complex data-related matters ranging from the creation of data protection compliance programmes, to advising on the commercialisation of data generated from connected products.
  • Profile
  • Services
  • Sectors

Skilled at manoeuvring the ever-changing landscape of technology, data and data privacy, Sarah provides strategic counsel across industries and has a track record of providing practical solutions that foster innovation whilst allowing her clients to build and maintain trust with their customers.

With a keen eye for detail and a deep understanding of the legal frameworks governing data, Sarah specialises in advising clients on a range of issues, including the use and reuse of data; privacy and other transparency notices; data processing, data sharing and data transfer agreements; data licensing; strategies for international transfers of data; assessing data processing risk using DPIAs and LIAs; and the reporting of personal data breaches, including guiding clients through personal data breach investigations, preparing personal data breach notifications and liaising with regulators.

With a background in entertainment and advertising, Sarah is well versed in guiding marketers on how to use data for marketing purposes, including data collected via cookies and similar technologies and data used for behavioural advertising purposes.

Sarah also has extensive experience in structuring and negotiating technology transactions that involve data, such as software licences; cloud computing contracts; data analytics partnerships; and AI development and collaboration agreements and licences. 

  • Data protection and information
  • Commercial, outsourcing and technology

UK and Ireland-based medical device manufacturer

Advised on the installation of telematics boxes in company-provided vehicles to employees.

International defence contractor

Providing counsel on the notification requirements following a personal data breach in 90 countries. 

AML technology provider

Providing advice on whether the use of a digital wallet ID in the provision of AML screening is personal data under GDPR.

Executive recruitment firm

Advised on the reuse of an existing data set to train a new AI model for leadership planning.

Continuous glucose monitoring system 

Drafted a global privacy notice aimed at users of a CGM system to comply with data protection laws in over 100 countries. 

More: Data protection and information

Manufacturer of a glucose biosensor

Preparing Terms of Sale, App Terms and Conditions and Website Terms of Use for new glucose monitoring device and accompanying mobile application.

Wellness app provider

Drafting template Influencer Agreement and providing advertising clearance advice for launch campaign.

Carwash subscription software and hardware provider

Drafting template Master Services Agreement with supplemental terms covering hardware sales, software licensing, services and API licensing. 

Private equity-backed travel company

Reviewed and negotiated a white-label online travel services and revenue sharing agreement with a news publisher. 

Executive recruitment

Drafted and negotiated an AI Development and Collaboration Agreement with an AI platform provider. 

More: Commercial, outsourcing and technology

  • Consumer
  • Life sciences
  • Sport
  • Technology

Manufacturer of a glucose biosensor

Preparing Terms of Sale, App Terms and Conditions and Website Terms of Use for new glucose monitoring device and accompanying mobile application.

Wellness app provider

Drafting template Influencer Agreement and providing advertising clearance advice for launch campaign.

Continuous glucose monitoring system 

Drafted a global privacy notice aimed at users of a CGM system to comply with data protection laws in over 100 countries. 

More: Consumer

Global medical device manufacturer

Reviewing the international personal data transfer laws in 20 countries and providing strategic advice on the personal data transfer strategy.

UK-based CRO

Creating a GDPR-compliant strategy for transferring large amounts of sensitive data collected from a clinical trial, from the UK and EU to the US.

Private health insurer

Drafted an IT systems integration contract.

Continuous glucose monitoring system 

Drafted a global privacy notice aimed at users of a CGM system to comply with data protection laws in over 100 countries. 

More: Life sciences

UK sport’s governing body

Conducted a data audit in relation to its membership data and advised in relation to the design of a new membership system.

National sports league

Prepared a privacy notice for use in a mobile application for streaming live and recorded sports matches and prepared and delivered data protection training to the UK office. 

Kids activity watch manufacturer

Providing data protection advice on the collection and use of children’s data from activity watches, in particular, in relation to compliance with the ICO Children’s Code. 

More: Sport

Global medical device manufacturer

Reviewing the international personal data transfer laws in 20 countries and providing strategic advice on the personal data transfer strategy.

AML technology provider

Providing advice on whether the use of a digital wallet ID in the provision of AML screening is personal data under GDPR.

Carwash subscription software and hardware provider

Drafting template Master Services Agreement with supplemental terms covering hardware sales, software licensing, services and API licensing. 

Executive Recruitment

Drafted and negotiated an AI Development and Collaboration Agreement with an AI platform provider. 

More: Technology

Latest news & insights

15 Apr 2024

From Insights

New Security Regulations for Connected Products come into force on 29 April 2024

On 6 December 2022, the UK Product Security and Telecoms Infrastructure Act 2022 ("PSTIA") received Royal Assent, but it is not all yet in effect.

More

print-footer
logo
© Stephenson Harwood LLP 2016. Any reference to Stephenson Harwood in this document means Stephenson Harwood LLP and/or its affiliated undertakings. Any reference to a partner is used to refer to a member of Stephenson Harwood LLP.