Photo of Shannon Owens

Shannon Owens

Subscribe to Shannon Owens's Posts

Shannon is a solicitor in ALG’s Technology Group and holds an honours degree in Law and Political Science (LL.B. Pol. Sc.) from Trinity College Dublin.

Since joining the team, she has assisted in advising domestic and international clients on a wide range of matters including data breach response, privacy, data protection and information technology matters.

Shannon has over a year's experience on secondment with the Data Protection team of a leading, multinational technology company, where she specialised in data/cyber incident response, international data transfers, and data processing compliance.

 

On 24 June 2025, Ireland’s National Cyber Security Centre (NCSC) published a set of proposed Risk Management Measures (RMMs) and launched Cyber Fundamentals, a framework designed to assist organisations to comply with the EU’s Directive (EU) 2022/2555 (the NIS2 Directive). The NIS2 Directive sets out high level measures for cybersecurity for in-scope entities across the EU and is to be transposed in Ireland by the upcoming National Cybersecurity Bill. 

RMMs

Who do they apply to?

The RMMs are intended to apply to essential and important entities within scope of the NIS2 Directive and which are

Continue Reading Risk Management Measures and Cyber Fundamentals: the NCSC’s roadmap towards NIS2 compliance

Recent technological advances in generative AI have transformed the way in which we listen to and create music. Many artists and industry players have readily adopted generative AI, viewing it as a creative force to be harnessed, while others remain wary. 

The use of increasingly sophisticated AI tools to generate musical works poses a number of challenges from a legal perspective, particularly in relation to how they may impact intellectual property rights. 

In this blogpost we explore some of these legal considerations in further detail.

Input Considerations – Training AI Models

Generative or algorithmic art is not particularly new; the

Continue Reading AI-Generated Music: How Will the Existing Copyright Framework Cope? 

The Irish Data Protection Commission (DPC) released its 148-page annual report on 29 May 2024 (the Annual Report), highlighting the scope of work and enforcement activities undertaken by the DPC throughout 2023. A full copy of the report is available here.

In this series of articles we decode the report – providing an insight into the key points of focus, emerging themes and potential areas of future regulatory developments. 

This Article will aim to provide an overview of what we have learned in respect of data breach notifications from this year’s Annual Report, and what future

Continue Reading Decoding the Data Protection Commission’s 2023 Annual Report – Part 1: Data Breaches