Paul is the head of the firm’s Technology and Innovation Group and advises on a wide range of information technology, data protection, intellectual property, confidentiality and freedom of information issues. He advises on the supply and implementation of new IT systems, the licensing of software and the ownership, exploitation and licensing of intellectual property rights.

Paul drafts and negotiates cutting-edge technology supply and implementation agreements and IT outsourcing agreements with a key focus on mobilisation, business transformation and key performance elements as well as exit management.

Paul is a leading  expert on data protection and advises a large number of private sector entities and public bodies on their data protection obligations under existing and prospective  data protection law, including advising on subject access requests, data security incidents, marketing obligations and consents, record retention matters, data protection notices, policies and privacy statements, data controller and data processor registrations as well as solutions to facilitate the transfer of data outside the EEA.

Paul is heavily involved in advising a number of private sector and public sector clients on their obligations under the EU General Data Protection Regulation (GDPR),  including carrying out data protection assessments and audits and completing data inventories in order to advise clients on what changes to processing activities, data protection notices and agreements etc to ensure compliance with GDPR.

He also regularly advises on the legal implications of transacting on-line and related consumer protection issues. Paul also advises a number of international clients on their distribution, franchise and sales agency arrangements.

In the area of freedom of information, Paul regularly acts for public bodies and private entities. He advises public bodies in respect of their compliance obligations in connection with the Freedom of Information Acts in dealing with access requests, advising on applicable exemptions and dealing with appeals to the Information Commissioner. Paul also advises public bodies and private entities on the application and scope of the Access to Information on the Environment Regulations.

As a leading expert on the law of confidentiality, Paul regularly advises clients on confidentiality obligations and the drafting of appropriate confidentiality agreements and secrecy protocols.

Paul is the author of Commercial Secrets: The Action for Breach of Confidence in Ireland (Round Hall/ Sweet & Maxwell, 1996), the first and only Irish work on the topic. The book has been quoted in judgments in the Irish Supreme Court.

Key highlights include advising:

  • A variety of clients on data protection compliance, data protection audits, data protection policies and data security matters including: Hostelworld, Alkermes, CarTrawler, Grant Thornton, Transport Infrastructure Ireland and the Road Safety Authority.
  • Champion Products on franchise agreements, distribution agreements and sponsorship deals.
  • Ervia and Irish Water on Information Technology and outsourcing agreements, including a contract for the procurement of an insurance management system, pre-payment metering, mobile survey apps and data centre hosting agreements.
  • Maynooth University and its Innovation Value Institute (“IVI”) on the protection, exploitation and licensing of intellectual property generated at the IVI including the commercialisation of intellectual property.
  • SMBC Aviation Capital on a large scale technology project involving the replacement of SMBCAC's IT infrastructure with an entirely new IT infrastructure solution.
  • Transport Infrastructure Ireland on significant technology related outsourcing contracts in connection with open road tolling on the M50.
  • Transport Infrastructure Ireland, the Road Safety Authority, Maynooth University and Irish Water on Freedom of Information Act requests.
  • US Department of Justice in its participation as an amicus curiae in landmark data protection proceedings brought in the Irish Commercial Court by the Irish Data Protection Commissioner with a view to having questions regarding the validity of the ‘Standard Contractual Clauses’ decisions of the European Commission referred to the Court of Justice of the European Union.