Nora Santalu

I'm an associate in the privacy and data protection team in London. I advise on the GDPR, the EU AI Act as well as ePrivacy rules with a particular focus on the regulation of biometrics and fraud prevention.

Whilst I advise on all areas of the GDPR and ePrivacy rules, specifically, I have many years of experience and expertise in advising on: various types of biometric tools (identifying and non-identifying) used in different contexts and their regulation under both the GDPR and more recently under the EU AI Act, automated decision making tools, fraud prevention, and data brokering arrangements.

I was invited by the European Parliament as a speaker in May 2024 to discuss the regulation of biometrics in the EU. I have been cited by Harvard Cyberlaw Clinic's Memorandum to the Representative Stephanie Jerome
(of State of Vermont) on their recommendations for the regulation of biometrics in the state of Vermont. I have also been quoted in the International Journal of Applied Engineering & Technology.

Before joining Bird & Bird, I spent three years working in the financial services industry, where I developed my knowledge on the functioning of various established and new payment products. After joining Bird & Bird I have been on four different secondments lasting in total two years at a financial services institution, where I learned about various fraud prevention tools, data brokering arrangements, the payment ecosystem and open banking.