which could impact consumer trust and brand             any sector. In PE investments, where holdings
        reputation. On the positive side, the Act encourages    typically last around five years, data breaches can
        responsible innovation, potentially raising industry    cause significant and lasting reputational and financial
        standards and fostering more sustainable, customer-     damage, affecting not only the target company but
        centric practices. Overall, the fashion sector must stay   also the PE firm and future investment opportunities.
        proactive, aligning AI governance with both regulatory   As such, due diligence must assess whether the
        demands and evolving consumer expectations to           business has experienced data breaches and evaluate
        navigate this new landscape successfully.               the technical and operational controls in place to
                                                                detect and manage such incidents.
        Where do you see the greatest compliance gaps for
        fashion businesses experimenting with AI-driven         Other issues include incomplete or inconsistent
        personalization or design, and what immediate steps     data protection policies and inadequate handling
        can they take to mitigate those gaps?                   of data subject access requests, both of which can
                                                                invite regulatory scrutiny. Additionally, insufficient
        On the IP side, generative AI used in design can raise   safeguards for international data transfers and a
        infringement risks, particularly if models are trained   reliance on third-party vendors with weak data
        on copyrighted content without permission. These        practices may increase legal and commercial risks.
        risks are often difficult to assess due to a lack of    Identifying these patterns early helps investors and
        transparency around training data. The Act seeks to     acquirers assess liabilities, negotiate warranties and
        address this by requiring providers of generative AI    plan for effective remediation.
        to adopt policies that comply with EU copyright law
        and to publish summaries of training data sources.      You were named to the Pro Bono Recognition List
        To mitigate risks, fashion brands should assess         2024 for England and Wales and have completed
        how the AI tools they use are trained, maintain         more than 50 pro bono hours annually. Tell us about
        human oversight in the design process and secure        the social causes you are most passionate about
        appropriate licenses where needed.                      supporting through your pro bono practice.

        Related to privacy, AI-driven personalization           As lawyers, I believe that we have a responsibility
        depends heavily on analyzing customer behavior          to promote access to justice and support social
        and preferences. Common issues include collecting       causes using our skills. I’ve been involved in various
        more personal data than necessary, without clearly      meaningful pro bono projects, including drafting
        establishing a legal basis for processing and failing to   petitions to the United Nations (UN) advocating for
        provide transparent privacy notices. Brands should      the release of prisoners of conscience and addressing
        therefore ensure they are transparent about how AI is   arbitrary detention and related human rights abuses,
        used, collect only the data they need and implement     in collaboration with international organizations.
        adequate retention periods.                             This work tied in with my academic interests,
                                                                including a master’s degree in international relations
        In your transactional work, you have coordinated        and international law that examined the role that
        data-protection due diligence for private equity (PE)   institutions like the UN play in protecting human rights.
        investments and mergers and acquisitions (M&A).
        What are several red flags related to data privacy      I’ve also supported young people and families through
        that frequently surface in such matters?                partnerships with non-governmental organizations
                                                                and local authorities, assisting them in navigating
        While a single issue may not immediately raise          the UK immigration system and preparing necessary
        concerns, multiple data privacy issues together         documentation for citizenship. Beyond this, I have
        can constitute a red flag, often indicating broader     worked with both local and international charitable
        compliance gaps or operational challenges. Common       organizations to help safeguard their IP and develop
        issues include the lack of a clear data breach          policies and procedures to ensure compliance with
        detection and response plan. While businesses may       data protection regulations. These experiences have
        focus their resources elsewhere, data breaches —        allowed me to engage with clients and issues beyond
        whether caused by cyberattacks, human error or          my usual practice, which I have found incredibly
        other factors — are industry agnostic and can impact
                                                                rewarding and motivating.
                                                                                                                      5