Nora Santalu

I'm a senior associate in the privacy and data protection team in London. I advise on the GDPR, and the EU AI Act with a particular focus on the regulation of biometrics and fraud prevention tools.

I have many years of experience and expertise in advising on: various types of biometric tools (including identification, verification, age estimation, emotion recognition and biometric categorisation) used in different contexts and their regulation under both the GDPR and more recently under the EU AI Act, automated decision making tools, fraud prevention, and data brokering arrangements. I also have a keen interest in neuroscience and neurotechnologies.

I was invited by the European Parliament as a speaker in May 2024 to discuss the regulation of biometrics in the EU. I have spoken at industry events such as the IAPP AIGG Europe 2025 and have been cited by Harvard Cyberlaw Clinic's Memorandum to the Representative Stephanie Jerome
(of State of Vermont) on their recommendations for the regulation of biometrics in the state of Vermont. I have also been quoted in the International Journal of Applied Engineering & Technology.

Since joining Bird & Bird I have been on six different secondments lasting in total four years at a financial services institution, where I learned about various fraud prevention tools, data brokering arrangements, the payment ecosystem and open banking.