Sara Moon

Solicitor

Experience

I am a solicitor in the Data & Privacy team advising clients on all aspects of data protection laws, including GDPR compliance, e-privacy laws and evolving laws around emerging technologies. As a former legal counsel at a London-based tech company, I provide pragmatic advice tailored to client needs.

Highlights

Drafted multiple international data transfer agreements and conducted transfer risk assessments on data transfers involving jurisdictions such as the UK, EU, US, India, and Kenya.
Drafted AI policy documentations and conducted risk assessments on various AI tools, including AI chatbots and ID verification tools.
Submitted written evidence to the Joint Committee on Human Rights on how data protection and privacy rights can be protected in the context of AI technologies.
Identified and mitigated data protection risks in M&A transactions.
Provided strategic advice on handling sensitive Data Subject Access Requests (DSARs) arising in contentious contexts.
Drafted and advised on implementing various data protection policies, including data retention and deletion policy, data breach handling policy and supplier due diligence policy.
Advised on PECR compliance of various marketing campaigns.

Areas of Expertise

ICO publishes guidance on use of the ‘charity soft opt-in’

The Information Commissioner’s Office (ICO) has now updated its ‘Direct marketing and privacy and electronic communications’ guidance in light of the changes made to the Privacy and Electronic Communications Regulations 2003 (‘PECR’) by the Data (Use and Access) Act 2025. Crucially, this includes the long-awaited final guidance on the use of the ‘charitable purposes soft …

The new charitable ‘soft opt-in’ now in force as of 5 February 2026

Changes to how charities can contact supporters It is not often that new data protection law actually makes it easier to do things. But that is the case with the Data (Use and Access) Act (‘the DUAA’). The legislation makes it easier for charities to contact existing supporters by e-mail and text message by extending …

Data breach claims boosted

The Court of Appeal judgment in Farley and Others v Paymaster (1836) Limited (trading as Equiniti) [2025] has given life to low level data breach claims – bad news for those organisations careless or unfortunate enough to suffer a data breach (and their insurers, and the county courts), good news for claimants (and lawyers). The …

Practical tips for deploying AI

With AI integration becoming increasingly common, it is vital that businesses deploy AI systems in a way that complies with data protection law and ensures that outcomes are legal and ethical. Here are our top tips for responsible, lawful implementation:

Data Protection and Digital Information Bill

Summary Ministers have set out a vision for the UK’s technology strategy. The UK is to become a “tech superpower” by 2030. This will be achieved by creating “world-leading pro-innovation regulation” and influencing global technical standards.[1] However, the former Information Commissioner has pointed out that this kind of “digital growth” will only be possible if …

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others