Keily Blair

Partner

London


Read full biography at www.orrick.com
Keily heads up the Cyber & Data Privacy Enforcement & Litigation Practice in London. Keily works with her clients to navigate crises, and to achieve better regulatory and judicial outcomes in all aspects of international data privacy enforcement and litigation. Keily is ranked as a key practitioner in data protection, privacy and cyber security in Legal 500.

As a litigator, Keily has a different perspective on cyber and data privacy issues.

Keily has led the response to investigations by the UK’s Information Commissioner’s Office, the Irish Data Protection Commission, the FCA, the SFO, the US Department of Justice, the FBI, the SEC and Parliamentary Select Committees. She has also acted as external legal counsel for regulators.

In the civil arena, Keily has led on a number of high-profile contentious matters, including multi-jurisdictional investigations into post-GDPR data breaches, judicial reviews and associated civil litigation.

Keily has represented the private sector at the United Nations and the European Criminal Bar Association. She is committed to improving diversity and social mobility in the legal sector.    

Keily sits on the Law360's 2020 Editorial Advisory Board on Cybersecurity & Privacy and also leads the IAPP Cyber & Privacy Investigations, Enforcement & Litigation Affinity Group.

Prior to joining Orrick, Keily led the Contentious Data Privacy, Law & Strategy practice at PwC having been a litigator at two international law firms before this.

Posts by: Keily Blair

Privacy Shield Sunk – SCCs Treading Water: What Can Companies Do to Keep Their Head Above Water

Today the European Court of Justice (CJEU) published its highly anticipated judgement in the case of Data Protection Commissioner Ireland v Facebook Ireland Limited, Maximillian Schrems, colloquially known as “Schrems 2.0”. There were three key elements to the decision: READ MORE

Schrems 2.0 – The Next Big Blow for EU-US Data Flows? – What to Expect on Thursday, July 16th

Whatever the outcome of Schrems 2.0, the key takeaway is, don’t panic.

Tomorrow, July 16, 2020, the European Court of Justice (CJEU) is expected to rule in the case of Data Protection Commissioner Ireland v Facebook Ireland Limited, Maximillian Schrems, colloquially known as “Schrems 2.0”.

The main ingredients haven’t changed much for this long-awaited sequel to the decision that invalidated the Safe Harbor regime in 2015: Austrian data protection activist Max Schrems, Facebook Ireland, Ltd, and another commonly used international personal data transfer mechanism on the chopping block for invalidation.

This time around the court is considering the validity of the Standard Contractual Clauses (SCC) adopted by the European Commission, which goes beyond EU-U.S. transfers and could affect most agreements governing data sharing between the EU and the rest of the world. Regardless of the outcome, tomorrow’s decision is going to have a profound impact on the way international data transfers are treated for years to come – but the key takeaway is not to panic. In this blog post, we have set out the three potential rulings open to the CJEU and what steps you can take to following such a ruling. READ MORE

Employers as Contact Tracers: the Employment and Privacy Implications of Returning to Work

Of the many new terms that we have learned as part of the current pandemic, ‘contact tracing’ is one that seems to offer some light at the end of the tunnel. READ MORE