Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
- Home
- Professionals
- Kristof Van Quathem
Kristof Van Quathem advises clients on data protection, data security and cybercrime matters in various sectors, and in particular in the pharmaceutical and information technology sector. Mr. Van Quathem has been specializing in this area for over fifteen years and covers the entire spectrum of advising clients on government affairs strategies concerning the lawmaking, to compliance advice on the adopted laws regulations and guidelines, and the representation of clients in non-contentious and contentious matters before data protection authorities.
- Advising various companies on the development and deployment of Binding Corporate Rules and other transfer mechanisms.
- Advising a wide range of pharmaceutical companies on sector-related data protection compliance in complex regulatory settings, such as in clinical trials, registries, biobanks, pharmacovigilance, e-health platforms and health apps.
- Advising large Internet and communication technology companies on compliance with European data protection, interception and cybersecurity laws in advanced ICT architectures, including on big data projects, online television, behavioral advertising and platforms, and other cutting edge technological developments.
- Advising the World Anti-Doping Agency (WADA) with respect to its compliance with European data privacy laws and in connection with its global administration and management of athlete anti-doping procedures.
- Advising global brands on their marketing strategies, compliance infrastructure and security breach response strategies.
- Assisting clients in balancing data protection considerations against competing interest, for example, in the area of e-discovery, employee monitoring, FCPA due diligence and sanctions lists.
- Assisting clients in obtaining licenses for exports of dual-use goods and otherwise restricted exports.
October 14, 2019, Inside Privacy
The Council of EU Member States – one of the two main EU lawmaking bodies – recently released a new draft version of the ePrivacy Regulation (“EPR”). Negotiations on the regulation have been deadlocked for a while, but seem to be gathering new momentum under the Finnish Presidency. Below we highlight some selected topics that...… Continue Reading
EU Cookie Ruling Tightens Leash On Ad Tech Staple
October 9, 2019, Law360
Kristof Van Quathem is quoted in Law360 regarding a European Court of Justice’s decision to increase web cookie consent measures. Mr. Van Quathem says, “It’s unfortunate that the court didn’t address that point because it’s commercially and politically a very sensitive topic, on which there is a lot of uncertainty right now, and it’s a question that could have ...
October 1, 2019, Inside Privacy
On September 10, 2019, the Court of Justice of the European Union (“CJEU“) issued its decision in the Planet 49 case. The case centers on the consent requirements for the use of cookies. Planet49 GmbH offered an online lottery service for which interested users had to register. The registration form asked users to tick a...… Continue Reading
September 25, 2019, Inside Privacy
On September 24, 2019, the Court of Justice of the European Union (“CJEU”) adopted a decision on the geographical scope of the right to erasure under the GDPR (decision available here). The court decided, in line with the opinion of Advocate General Szpunar, that a US-based search engine does not have to remove (de-reference) search...… Continue Reading
September 24, 2019, Inside Privacy
On September 12, 2019, the Italian Supervisory Authority (“Garante”) approved a code of conduct for consumer credit agencies (the “Code”), pursuant to Art. 40 GDPR (see here in Italian). The Code already existed prior to the GDPR, but it had to be amended to meet the requirements of the GDPR and be approved by the...… Continue Reading
September 4, 2019, Inside Privacy
On June 27, 2019, the High Court of Frankfurt decided that a consent for data processing tied to a consent for receiving advertising can be considered as freely given under the GDPR. The case concerned an electricity company that relied on consent obtained by another company to advertise its products and services to the claimant....… Continue Reading
August 8, 2019, Inside Privacy
In a previous post, this blog reported on German guidance on the scope of the right of access under Art. 15 of the GDPR and in particular on the right to receive a copy. The Supervisory Authority of Hesse region stated that the term “copy” in Art 15 GDPR should not be understood literally but...… Continue Reading
July 23, 2019, Inside Privacy
On July 10, 2019, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a joint assessment of the impact of the U.S. Clarifying Overseas Use of Data Act (“CLOUD Act”) on the legal framework for the protection of personal data in the EU. The EDPB is an independent body composed...… Continue Reading
July 17, 2019, Inside Privacy
On July 12, 2019, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a joint opinion on the processing of patient data and the role of the European Commission within the eHealth Digital Service Infrastructure (“eHDSI”). Background The eHDSI system was established in the context of the eHealth Network. The...… ...
July 17, 2019, Covington Alert
On July 9, 2019, the European Court of Justice (“ECJ”) heard oral argument in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The primary question before the ECJ is whether the European Commission’s standard contractual clauses (“SCCs”) are valid for transfers of personal data to the United States.1 Given ...
July 12, 2019, Inside Privacy
Guidance on how to identify data subjects On July 1, 2019, the Bavarian Supervisory Authority for the public sector (“SA”) published guidance on how to verify the identity of data subjects exercising their data protection rights under the GDPR. The guidance is directed at public bodies, but is also helpful for private entities. According to...… Continue Reading
Covington Represents BSA in Landmark Data Protection Case Before Europe's Highest Court
July 9, 2019
BRUSSELS—Today, a team of Covington lawyers argued before the European Court of Justice in a landmark data protection case, Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The case has significant ramifications for any organization that relies on the standard contractual clauses (“SCCs”) to transfer personal ...
June 29, 2019, Inside Privacy
On June 28, 2019, the French Supervisory Authority (CNIL) announced that it will issue new guidelines on the use of cookies for direct marketing purposes. It will issue these guidelines in two phases. First, during July 2019, the CNIL will update its guidance issued in 2013 on cookies. According to the CNIL, the 2013 guidance...… Continue Reading
June 2019, Pharmind
February 18, 2019, Inside EU Life Sciences
As with anything personalized, be it advertising, medicines or training schedules, also personalized nutrition — using information on individual characteristics to develop targeted nutritional advice, products, or services — risks being affected by the feared GDPR. Kristof Van Quathem discusses the topic in Vitafoods’ Insights magazine of January 2019, ...
February 12, 2019, Inside EU Life Sciences
The European Data Protection Board (“Board”) released an opinion on January 23, 2019, on the intersection between the EU General Data Protection Regulation (“GDPR”) and the Clinical Trials Regulation (“CTR”). The opinion considers a Q&A on this topic prepared by the European Commission’s Directorate General for Health. The Directorate General decided to create ...
January 22, 2019, Covington Alert
On January 21, 2019, the French Supervisory Authority for data protection (“CNIL”) issued a fine of €50 million against Google for violations of the General Data Protection Regulation (“GDPR”) (the decision was published in French here).
October 22, 2018, Inside EU Life Sciences
On October 22, 2018, the European Federation of Pharmaceutical Industries in cooperation with the Future of Privacy Forum and the Center for Information Policy Leadership organized a workshop entitled “Can GDPR Work for Health Research.” In the first session, the workshop discussed the implications of the General Data Protection Regulation (“GDPR”) on clinical ...
How Can We Make Best Use of Health Data?
June 14, 2018, Financial Times
Kristof Van Quathem participated in a Financial Times podcast to discuss the impact of the General Data Protection Regulation on medical research and health technology companies. According to Van Quathem, "One of the main concerns I think that we see in the research circle is the uncertainty that is being created by the GDPR, and in particular, when it comes to ...
April 18, 2018, Thomson Reuters Regulatory Intelligence
January 22, 2018
WASHINGTON—Covington advised Bacardi Limited in its definitive agreement to acquire Patrón Spirits International AG and its PATRÓN® brand, the world’s top-selling ultra-premium tequila, from John Paul DeJoria, a founder of Patrón. The transaction reflects an enterprise value for Patrón of $5.1 billion. The transaction follows the successful relationship the ...
5 Cybersecurity And Privacy Policies To Watch In 2018
January 1, 2018, Law360
Kristof Van Quathem and Yan Luo are quoted in a Law360 article regarding cybersecurity and privacy policies to watch in 2018. Commenting on the General Data Protection Regulation (GDPR), Van Quathem says that although one of the legislation's aims is to harmonize a splintered set of national data privacy laws within Europe, it may end up causing companies aiming ...
Privacy, Cybersecurity, and Policy: Issues associated with collecting vast amounts of data and developing AI platforms
November 28, 2017, IoT Data & AI Summit
April 26, 2017, Inside EU Life Sciences
The EU pharmaceutical industry landscape is in significant flux. There are many pressures to provide new therapies and to make them available more early and for as many qualifying patients as possible. In that context, the industry model and the role of exclusivity rights as a tool to stimulate innovation are being discussed. At the...… Continue Reading
December 21, 2015, Covington Alert
On December 15, the EU institutions finally agreed the text of the new EU data protection law, the General Data Protection Regulation (“GDPR”), completing a process that began in January 2012. The LIBE committee has published the consolidated version of the GDPR text. The GDPR heralds a new era of data protection. It replaces the existing data protection ...
October 6, 2015, InsidePrivacy Blog
April 24, 2014, Inside EU Life Sciences
This post was originally published on our sister blog Inside Privacy On April 10, 2014, the Article 29 Working Party adopted an Opinion on anonymization techniques. The Working Party accepts that anonymization techniques can help individuals and society reap the benefits of “open data” initiatives – initiatives intended to make various types of data more freely ...
2006, World Data Protection Report
Etude sur les projets culturels éligibles aux fonds structurels de l’union européenne
1998, European Parliament
Covington Represents BSA in Landmark Data Protection Case Before Europe's Highest Court
The case has significant ramifications for any organization that relies on the standard contractual clauses (“SCCs”) to transfer personal data from the EU to countries around the world.