Edward Machin is an associate in the data, privacy and cybersecurity group, based in London. He provides clear and business-focused advice on a wide range of legal and regulatory issues in the rapidly evolving areas of privacy, data protection and security, e-commerce and marketing, and information law. Secondments at data-rich businesses in the life sciences and market research sectors have given Edward a deep understanding of what clients want – and these experiences inform his approach to providing practical legal and commercial solutions to organisations across Europe, the U.S. and Asia.
Edward’s practice encompasses regulatory compliance, advisory and transactional work for founders, start-ups, corporates, venture capitalists and asset managers across the technology, life sciences and healthcare, financial and professional services, food and beverage, consumer goods, entertainment and media sectors. He regularly advises on the development and operationalisation of global compliance programmes, new products and services, complex international data transfer issues, and emerging technologies and regulatory trends (such as the use of alternative data and COVID-19-related compliance).
In addition, Edward has particular expertise in crisis and incident management. He helps clients respond to requests from law enforcement agencies and data protection authorities, and frequently advises on personal data breaches, security events and contentious subject rights requests. He also works closely with colleagues across the firm on the data protection aspects of internal investigations and litigation matters.
Edward writes widely on privacy, data protection and security issues, and has been quoted in the Financial Times, the Wall Street Journal, the Daily Telegraph, the Irish Times and various industry publications. Before his legal career, Edward worked for six years as an award-winning financial journalist.
- Providing day-to-day counsel to a leading electronic cigarette manufacturer, a multinational digital printing company and one of the world’s largest investment management firms on a wide range of data protection, cybersecurity and information law issues
- Designing and implementing GDPR compliance programmes for private investment houses, asset managers and hedge funds in the US, UK, Europe and Asia
- Advising a US technology company in its response to a data breach, one of the largest global security incidents in 2018, which affected more than 400 million individuals
- Advising a major financial institution in relation to global law enforcement demands
- Conducting data protection risk assessments into multiple private equity-backed investee companies
Notable transactions in which Edward has been involved prior to joining the firm include:
- Provided day-to-day counsel to a multinational car rental company on the GDPR and ePrivacy Directive
- Advised a UK restaurant chain on its collection and use of CCTV footage
- Assisted multiple e-commerce platforms in reporting their data breach incidents to national regulators
- Advised a technology trade alliance on its outreach strategies relating to UK data protection legislation and litigation before the European Court of Justice
- Represented a prominent media organisation in threatened litigation under the Data Protection Act 1998
- Co-author, “Cyber Trends and Investigations in Europe: A Practitioner’s Perspective,” The Guide to Cyber Investigations, second edition (2021)
- Co-author, “EU aims to rein in AI with proposed law,” IFLR (May 7, 2021)
- Quoted, “Irish data regulator under fire over dated software,” Financial Times (February 9, 2021)
- Quoted, “GDPR Fines Rise 40% Last Year, Research Shows,” Digital Privacy News (February 5, 2021)
- Quoted, “Sue Ireland over poor GDPR enforcement, MEPs say,” Global Data Review (February 4, 2021)
- Quoted, “First hint of UK-EU data divergence appears,” Global Data Review (January 22, 2021)
- Quoted, “European Consumer Groups Begin Suing Over Data Breaches,” Wall Street Journal (November 6, 2020)
- Quoted, “Post-Brexit Digital Economy at Risk After EU Court Ruling,” InfoSecurity Magazine (October 7, 2020)
- Quoted, “EU's top court blocks states from gathering user data for surveillance,” Financial Times (October 6, 2020)
- Quoted, “Class action filed against Marriott in High Court of England and Wales,” Privacy Laws & Business (August 19, 2020)
- Quoted, “British Airways and Marriott Expect Drastically Reduced Fines From U.K. Privacy Regulator,” Wall Street Journal (August 12, 2020)
- Quoted, “BA expects to pay just £20m for data breach,” The Telegraph (August 2, 2020)
- Co-author, “Schrems II: the data protection community reacts,” Global Data Review (July 17, 2020)
- Quoted, “Court Ruling Leaves Companies Scrambling for New Ways to Move Data From Europe to the U.S.,” Wall Street Journal (July 17, 2020)
- Co-author, “Cyber Trends and Investigations in the European Union: A Practitioner’s Perspective,” The Guide to Cyber Investigations, first edition (2019)
- Quoted, “Warnings over GDPR effect on compliance investigations,” Ignites Europe (May 13, 2019)
- Quoted, “GPEN Report Highlights Key Areas for Data Privacy Improvement,” The Cybersecurity Law Report (April 17, 2019)
- Co-author, “5 UK Privacy And Data Protection Predictions For 2019,” Law360 (February 25, 2019)
DisclaimerRopes & Gray International LLP is a limited liability partnership registered in Delaware, United States of America and is a recognised body regulated by the Solicitors Regulation Authority (with registered number 521000).
- LLB (Law), First Class, University of Liverpool, 2008
- LLM (Law), Merit, London School of Economics and Political Science, 2014
- LPC, Distinction, BPP University, London, 2015
Admissions / Qualifications
- England and Wales, Solicitor, 2017