Dr Nóra Ní Loideáin

Contact details

Dr Nóra Ní Loideáin
B.A., LL.B., LL.M. (Hons) (National University of Ireland, Galway); Ph.D. (Cantab)
Director and Senior Lecturer in Law, Information Law and Policy Centre
Institute of Advanced Legal Studies
Institute of Advanced Legal Studies 17 Russell Square London WC1B 5DR
020 7862 5849
Email address:

Research Summary and Profile

Research interests:
Africa, Europe, Ireland, United Kingdom
Summary of research interests and expertise:

Nóra’s research interests focus on governance, human rights, and technology, particularly in the fields of digital privacy, data protection, and state surveillance. Her forthcoming publications include her PhD from the University of Cambridge on the mass surveillance of citizens’ communications metadata for national security and law enforcement purposes under European human rights law. This is the focus of her forthcoming monograph - EU Data Privacy Law and Serious Crime: Data Retention and Policymaking (Oxford University Press). Nóra’s research interests and publications focus on governance, human rights law, and technology, including her forthcoming monograph – EU Data Privacy Law and Serious Crime (Oxford University Press). Other key scholarship has focused on the role of human rights law and emerging technologies in regulatory frameworks with respect to the Internet of Things, smart cities, and AI virtual assistants. Nóra’s work has been published in leading peer-review law journals, including: Computer Law and Security Review, Cambridge Law Journal, International Data Privacy Law, and Cambridge International Law Journal. Nóra also holds the following academic posts: Senior Research Fellow, Faculty of Humanities, University of Johannesburg; Research Associate, University of Cambridge’s Centre for Intellectual Property and Information Law (CIPIL); and Associate Fellow, Leverhulme Centre for the Future of Intelligence (LCFI), University of Cambridge. Previously, she held the positions of Visiting Lecturer in Law at King’s College London and Affiliated Lecturer in Law, and Research Fellow (Technology and Democracy Project), at the University of Cambridge. In 2019, Nóra was appointed to the UK Home Office Biometrics and Forensics Ethics Group (BFEG) which provides independent advice ensuring that the evidence underpinning biometrics and forensics policy development within the Home Office is robust. She is also a member of the Board of Trustees for the British and Irish Legal Information Institute (BAILII). Prior to her academic career, Nóra was a Legal and Policy Officer for the Office of the Director of Public Prosecutions of Ireland and clerked for the Irish Supreme Court.

Publication Details

Related publications/articles:

Date Details
19-Jun-2021 Enabling the use of health data for research: developing a POPIA Code of Conduct for research in South Africa


Globally, there has been a move toward ‘open science’ that includes the sharing of health data for research. The importance of data sharing for research is generally acknowledged, but this must only be done with legal and ethical procedures and protections in place. The use and sharing of health data for research in South Africa has changed with the coming into force of the Protection of Personal Information Act (POPIA). POPIA should ensure greater transparency and accountability in the use of personal information.

POPIA, however, adopts a principle-based approach to the regulation of personal information, and there is a lack of clarity and uncertainty in the application of some of these principles to the use of health data for research. POPIA provides for sector-specific responses through the development of codes of conduct. In this article, we discuss the need for a code of conduct for health research, and an approach that could be adopted in its development.

01-Jul-2020 ‘Regulating health research and respecting data protection: a global dialogue (2020) 10(2) International Data Privacy Law


(2020) 10(2) International Data Privacy Law - Special Symposium Issue on Health Research and Data Protection in Africa 115 (Editor and author) The global COVID-19 pandemic has focused minds sharply on the valuable role to be played by data collection and analysis for advancing health research, especially how it may help in informing and developing policy responses. Modern health research requires vast collections of data. Ensuring open access and wide sharing of these huge data sets that contain highly sensitive personal information within the international scientific community is also essential to the development of medical treatments and research breakthroughs. The importance of all of these factors drastically increases in times of emergency when rapid responses are urgently needed from the scientific community (such as the development of a vaccine). However, as the European Commission and academic commentators point out, any such measures must also be lawful and proportionate, comply with data protection law, and respect the fundamental rights of those who have shared their health data

24-Apr-2020 ‘Alexa to Siri and the GDPR: The Gendering of Virtual Personal Assistants and the Role of EU Data Protection Law’


(2020) 36 Computer Law and Security Review (co-author with R. Adams) With female names, voices and characters, artificially intelligent Virtual Personal Assistants such as Alexa, Cortana, and Siri appear to be decisively gendered female. Through an exploration of the various facets of gendering at play in the design of Siri, Alexa and Cortana, we argue that this gendering of VPAs as female may pose a societal harm, insofar as they reproduce normative assumptions about the role of women as submissive and secondary to men. In response, this article turns to examine the potential role and scope of data protection law as one possible solution to this problem. In particular, we examine the role of data privacy impact assessments that highlight the need to go beyond the data privacy paradigm, and require data controllers to consider and address the social impact of their products.

01-Dec-2019 'Addressing indirect discrimination and gender stereotypes in AI virtual personal assistants: the role of international human rights law'


(2019) 8(2) Cambridge International Law Journal 241 (co-author with R. Adams) Virtual personal assistants (VPAs) are increasingly becoming a common aspect of everyday living. However, with female names, voices and characters, these devices appear to reproduce harmful gender stereotypes about the role of women in society and the type of work women perform. Designed to ‘assist’, VPAs – such as Apple's Siri and Amazon's Alexa – reproduce and reify the idea that women are subordinate to men, and exist to be ‘used’ by men. Despite their ubiquity, these aspects of their design have seen little critical attention in scholarship, and the potential legal responses to this issue have yet to be fully canvassed. Accordingly, this article sets out to critique the reproduction of negative gender stereotypes in VPAs and explores the provisions and findings within international women's rights law to assess both how this constitutes indirect discrimination and possible means for redress. In this regard, this article explores the obligation to protect women from discrimination at the hands of private actors under the Convention on the Elimination of All Forms of Discrimination Against Women, and the work of the Committee on Discrimination Against Women on gender stereotyping. With regard to corporate human rights responsibilities, the role of the United Nations Guiding Principles on Business and Human Rights is examined, as well as domestic enforcement mechanisms for international human rights norms and standards, noting the limitations to date in enforcing human rights compliance by multinational private actors.

28-Jun-2019 ‘A port in the data-sharing storm: the GDPR and the Internet of things’


(2019) 4(2) Journal of Cyber Policy 178 The onward march of the ‘Internet of Things’ (IoT) heralds an all-encompassing data-driven society where the collection, analysis, sharing, and retention of personal data by service providers, machines and objects will be pervasive and ubiquitous, thereby normalising sustained data gathering from any source possible. In other words, the full realisation of the IoT would best be described as a data-sharing storm where there are no controls or safeguards on what data is shared, who it is shared with, or for what purposes data is used or re-used. As a legal framework that stipulates key principles and safeguards that must be employed when processing of personal data takes place within its scope of application, the EU General Data Protection Regulation (GDPR) represents a port in the data-sharing storm put forward by this vision of the IoT. This article examines what role the recent major upgrade of EU data protection law, under the GDPR, may play in addressing the data protection implications and challenges posed by the IoT for data controllers and processors.

22-May-2019 ‘Ethical and practical issues to consider in the governance of Data Sharing for Genomic and Human Research Data in South Africa: a meeting report’


AAS Open Res 2019, 2:15 (co-author with C. Staunton et al)

29-Nov-2018 A Bridge too Far? The Investigatory Powers Act 2016 and Human Rights Law”

Edited Book

in L. Edwards (ed), Law, Policy and the Internet (2nd ed., London: Hart, 2018) (forthcoming)

01-Feb-2018 An Unstoppable Force and an Immoveable Object? EU Data Protection Law and National Surveillance

Journal articles

 (2018) 8(1) International Data Privacy Law 1 (with C.Kuner, O.Lynskey, C.Millard, F.Cate & D.Svantesson)

01-Jan-2018 Children and Digital Rights


 (2018) 23(1) Communications Law 1 (with P.Wragg)

01-Nov-2017 Cape Town as a Smart and Safe City: Implications for Governance and Data Privacy (2017) 7(4) International Data Privacy Law 314

Journal articles

(2017) 7(4) International Data Privacy Law 314

01-Sep-2017 Review of R. Jay, Guide to the General Data Protection Regulation


(London: Sweet & Maxwell, 2017) (2017) 22(4) Communications Law 140

Professional Affiliations

Professional affiliations:

Name Activity
International Data Privacy Law (Oxford University Press) Peer-reviewed journal editor
Consultancy & Media
Available for consultancy:
Media experience:
Back to top