Edward Machin

Associate

Edward Machin is an associate in the data, privacy and cybersecurity group, based in London. He provides clear and business-focused advice on a wide range of legal and regulatory issues in the rapidly evolving areas of privacy, data protection and security, e-commerce and marketing, and information law. Secondments at data-rich businesses in the life sciences and market research sectors have given Edward a deep understanding of what clients want – and these experiences inform his approach to providing practical legal and commercial solutions to organisations across Europe, the U.S. and Asia.

Edward’s practice encompasses regulatory compliance, advisory and transactional work for founders, start-ups, corporates, venture capitalists and asset managers across the technology, life sciences and healthcare, financial and professional services, food and beverage, consumer goods, entertainment and media sectors. He regularly advises on the development and operationalisation of global compliance programmes, new products and services, complex international data transfer issues, and emerging technologies and regulatory trends (such as the use of alternative data and COVID-19-related compliance).

In addition, Edward has particular expertise in crisis and incident management. He helps clients respond to requests from law enforcement agencies and data protection authorities, and frequently advises on personal data breaches, security events and contentious subject rights requests. He also works closely with colleagues across the firm on the data protection aspects of internal investigations and litigation matters.

Edward writes widely on privacy, data protection and security issues, and has been quoted in the Financial Times, the Wall Street Journal, the Daily Telegraph, the Irish Times and various industry publications. Before his legal career, Edward worked for six years as an award-winning financial journalist.

Experience
Publications

Experience

Providing day-to-day counsel to a leading electronic cigarette manufacturer, a multinational digital printing company and one of the world’s largest investment management firms on a wide range of data protection, cybersecurity and information law issues
Designing and implementing GDPR compliance programmes for private investment houses, asset managers and hedge funds in the US, UK, Europe and Asia
Advising a US technology company in its response to a data breach, one of the largest global security incidents in 2018, which affected more than 400 million individuals
Advising a major financial institution in relation to global law enforcement demands
Conducting data protection risk assessments into multiple private equity-backed investee companies

Notable transactions in which Edward has been involved prior to joining the firm include:

Provided day-to-day counsel to a multinational car rental company on the GDPR and ePrivacy Directive
Advised a UK restaurant chain on its collection and use of CCTV footage
Assisted multiple e-commerce platforms in reporting their data breach incidents to national regulators
Advised a technology trade alliance on its outreach strategies relating to UK data protection legislation and litigation before the European Court of Justice
Represented a prominent media organisation in threatened litigation under the Data Protection Act 1998

Publications

Quoted, “Irish data regulator under fire over dated software,” Financial Times (February 9, 2021)
Quoted, “GDPR Fines Rise 40% Last Year, Research Shows,” Digital Privacy News (February 5, 2021)
Quoted, “Sue Ireland over poor GDPR enforcement, MEPs say,” Global Data Review (February 4, 2021)
Quoted, “First hint of UK-EU data divergence appears,” Global Data Review (January 22, 2021)
Quoted, “European Consumer Groups Begin Suing Over Data Breaches,” Wall Street Journal (November 6, 2020)
Quoted, “Post-Brexit Digital Economy at Risk After EU Court Ruling,” InfoSecurity Magazine (October 7, 2020)
Quoted, “EU's top court blocks states from gathering user data for surveillance,” Financial Times (October 6, 2020)
Quoted, “Class action filed against Marriott in High Court of England and Wales,” Privacy Laws & Business (August 19, 2020)
Quoted, “British Airways and Marriott Expect Drastically Reduced Fines From U.K. Privacy Regulator,” Wall Street Journal (August 12, 2020)
Quoted, “BA expects to pay just £20m for data breach,” The Telegraph (August 2, 2020)
Co-author, “Schrems II: the data protection community reacts,” Global Data Review (July 17, 2020)
Quoted, “Court Ruling Leaves Companies Scrambling for New Ways to Move Data From Europe to the U.S.,” Wall Street Journal (July 17, 2020)
Co-author, “Cyber Trends and Investigations in the European Union: A Practitioner’s Perspective,” The Guide to Cyber Investigations, first edition (2019)
Quoted, “Warnings over GDPR effect on compliance investigations,” Ignites Europe (May 13, 2019)
Quoted, “GPEN Report Highlights Key Areas for Data Privacy Improvement,” The Cybersecurity Law Report (April 17, 2019)
Co-author, “5 UK Privacy And Data Protection Predictions For 2019,” Law360 (February 25, 2019)

Disclaimer

Ropes & Gray International LLP is a limited liability partnership registered in Delaware, United States of America and is a recognised body regulated by the Solicitors Regulation Authority (with registered number 521000).

Education

LLB (Law), First Class, University of Liverpool, 2008
LLM (Law), Merit, London School of Economics and Political Science, 2014
LPC, Distinction, BPP University, London, 2015

Admissions / Qualifications

Qualifications

England and Wales, Solicitor, 2017

Practices

News

Ropes & Gray Contributes to First Editions of GIR’s “The Guide to Monitorships” and “The Guide to Cyber Investigations”

Cross-office teams of attorneys in Ropes & Gray’s litigation & enforcement and data practices have co-authored one chapter in Global Investigations Review’s “The Guide to Monitorships” and two chapters in ...

View all

Alerts

UK Information Commissioner’s Office seeks further criminal powers

View all