Shona O'Donovan

Shóna O’Donovan is an associate in the technology regulatory group in the London office. She advises clients, particularly in the technology industry, on a range of data protection, e-privacy, intermediary liability and online content issues under EU, UK, and Irish law.

Shóna provides strategic advice to companies on complying with data protection, e-privacy and online content laws, as well as defending organizations in cross-border, contentious investigations and regulatory enforcement before EU and UK regulators. In this context, she has represented clients in responding to regulatory requests relating to their compliance with the GDPR, the ePrivacy Directive, the Digital Services Act, the Audiovisual Media Services Directive and the Online Safety Act 2023. She also regularly advises clients on how these laws intersect with one another.

In her current role, Shóna gained experience on secondment to the data protection team of a global technology company. In a previous role, she spent seven months on secondment to the European data protection team of a global social media company.

Shóna co-leads Covington’s pro bono work with the Schools Consent Project, and regularly delivers workshops on sexual consent in schools across London. She also regularly provides pro bono advice to non-profits on complying with data protection laws.

Contact:

European Commission Makes New Announcements on the Protection of Minors Under the Digital Services Act

By Dan Cooper, Shona O'Donovan, Madelaine Harrington & Laura Somaini on July 24, 2025

Posted in Cybersecurity, Data Protection, EU Law and Regulatory, Privacy

On 14 July 2025, the European Commission published its final guidelines on the protection of minors under the Digital Services Act (“DSA”) (the “Guidelines”). The Guidelines are intended to provide guidance to providers of online platforms that are “accessible to minors” on meeting their obligations to “put in place appropriate and proportionate measures to ensure a high level of privacy, safety, and security of minors, on their service” (DSA, Art. 28(1)).

The European Commission published a draft version of the guidelines for consultation on 13 May 2025 (“Draft Guidelines”) (see our blog post here). The final Guidelines include some amendments to the Draft Guidelines on the basis of the feedback received during consultation, clarifying and building out further the recommended measures.

Although the Guidelines are non-binding, the Commission has made clear that it intends to use the Guidelines as a “significant and meaningful” benchmark when assessing in-scope providers’ compliance with Article 28(1) DSA.Continue Reading European Commission Makes New Announcements on the Protection of Minors Under the Digital Services Act

ICO announces its online tracking strategy for 2025

By Mark Young, Paul Maynard & Shona O'Donovan on February 13, 2025

Posted in Data Protection, Privacy, United Kingdom

The UK Information Commissioner’s Office (“ICO”) recently announced a new online tracking strategy, which aims to ensure a “fair and transparent online world where people are given meaningful control over how they are tracked online.”

Online advertising is one of the ICO’s current areas of strategic focus…

UK Online Safety Bill Receives Royal Assent

By Shona O'Donovan, Marty Hansen & Will Capstick on October 30, 2023

Posted in Policy and Legislation, Regulatory, United Kingdom

On 26 October 2023, the UK’s Online Safety Bill received Royal Assent, becoming the Online Safety Act (“OSA”). The OSA imposes various obligations on tech companies to prevent the uploading of, and rapidly remove, illegal user content—such as terrorist content, revenge pornography, and child sexual exploitation material—from their services, and…

Online Safety Bill to Proceed Through Parliament

By Lisa Peets, Marty Hansen, Shona O'Donovan & Tomos Griffiths on May 17, 2022

Posted in Data Protection, United Kingdom

On May 10, 2022, Prince Charles announced in the Queen’s Speech that the UK Government’s proposed Online Safety Bill (the “OSB”) will proceed through Parliament. The OSB is currently at committee stage in the House of Commons. Since it was first announced in December 2020, the OSB has been the subject of intense debate and scrutiny on the balance it seeks to strike between online safety and protecting children on the one hand, and freedom of expression and privacy on the other.

To what services does the OSB apply?

The OSB applies to “user-to-user” (“U2U”) services—essentially, services through which users can share content online, such as social media and online messaging services—and “search” services. The OSB specifically excludes email services, SMS, “internal business services,” and services where the communications functionality is limited (e.g., to posting comments relating to content produced by the provider of the service). The OSB also excludes “one-to-one live aural communications”—suggesting that one-to-one over-the-top (“OTT”) calls are excluded, but that one-to-many OTT calls, or video calls, may fall within scope.Continue Reading Online Safety Bill to Proceed Through Parliament