Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
- Home
- Professionals
- Kristof Van Quathem
Kristof Van Quathem advises clients on data protection, data security and cybercrime matters in various sectors, and in particular in the pharmaceutical and information technology sector. Mr. Van Quathem has been specializing in this area for over fifteen years and covers the entire spectrum of advising clients on government affairs strategies concerning the lawmaking, to compliance advice on the adopted laws regulations and guidelines, and the representation of clients in non-contentious and contentious matters before data protection authorities.
- Advising various companies on the development and deployment of Binding Corporate Rules and other transfer mechanisms.
- Advising a wide range of pharmaceutical companies on sector-related data protection compliance in complex regulatory settings, such as in clinical trials, registries, biobanks, pharmacovigilance, e-health platforms and health apps.
- Advising large Internet and communication technology companies on compliance with European data protection, interception and cybersecurity laws in advanced ICT architectures, including on big data projects, online television, behavioral advertising and platforms, and other cutting edge technological developments.
- Advising the World Anti-Doping Agency (WADA) with respect to its compliance with European data privacy laws and in connection with its global administration and management of athlete anti-doping procedures.
- Advising global brands on their marketing strategies, compliance infrastructure and security breach response strategies.
- Assisting clients in balancing data protection considerations against competing interest, for example, in the area of e-discovery, employee monitoring, FCPA due diligence and sanctions lists.
- Assisting clients in obtaining licenses for exports of dual-use goods and otherwise restricted exports.
August 8, 2019, Inside Privacy
In a previous post, this blog reported on German guidance on the scope of the right of access under Art. 15 of the GDPR and in particular on the right to receive a copy. The Supervisory Authority of Hesse region stated that the term “copy” in Art 15 GDPR should not be understood literally but...… Continue Reading
July 23, 2019, Inside Privacy
On July 10, 2019, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a joint assessment of the impact of the U.S. Clarifying Overseas Use of Data Act (“CLOUD Act”) on the legal framework for the protection of personal data in the EU. The EDPB is an independent body composed...… Continue Reading
July 17, 2019, Inside Privacy
On July 12, 2019, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a joint opinion on the processing of patient data and the role of the European Commission within the eHealth Digital Service Infrastructure (“eHDSI”). Background The eHDSI system was established in the context of the eHealth Network. The...… ...
July 17, 2019, Covington Alert
On July 9, 2019, the European Court of Justice (“ECJ”) heard oral argument in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The primary question before the ECJ is whether the European Commission’s standard contractual clauses (“SCCs”) are valid for transfers of personal data to the United States.1 Given ...
July 12, 2019, Inside Privacy
Guidance on how to identify data subjects On July 1, 2019, the Bavarian Supervisory Authority for the public sector (“SA”) published guidance on how to verify the identity of data subjects exercising their data protection rights under the GDPR. The guidance is directed at public bodies, but is also helpful for private entities. According to...… Continue Reading
Covington Represents BSA in Landmark Data Protection Case Before Europe's Highest Court
July 9, 2019
BRUSSELS—Today, a team of Covington lawyers argued before the European Court of Justice in a landmark data protection case, Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The case has significant ramifications for any organization that relies on the standard contractual clauses (“SCCs”) to transfer personal ...
June 29, 2019, Inside Privacy
On June 28, 2019, the French Supervisory Authority (CNIL) announced that it will issue new guidelines on the use of cookies for direct marketing purposes. It will issue these guidelines in two phases. First, during July 2019, the CNIL will update its guidance issued in 2013 on cookies. According to the CNIL, the 2013 guidance...… Continue Reading
June 2019, Pharmind
April 15, 2019, Inside Privacy
On April 10, 2019, European Commission Directorate-General for Health and Food Safety issued a revised Q&A analyzing the interplay between the EU Clinical Trials Regulation (“CTR”) and the EU General Data Protection Regulation (“GDPR”). The revised Q&A takes into account the opinion of the European Data Protection Board (“EDPB”) issued on January 23, 2019, ...
April 11, 2019, Inside Privacy
On April 3, 2019, the Association of German Supervisory Authorities (“Datenschutzkonferenz” or “DSK”) issued a paper (available here in German) on the interpretation of “broad consent” for scientific research in Recital 33 of the GDPR and the interplay with the definition of consent and the principle of purpose limitation. According to the DSK, broad ...
April 4, 2019, Inside Privacy
On March 26, 2019, the Polish Supervisory Authority (“SA”) issued a fine of around €220,000 against a company that processed contact data obtained from publicly available sources without informing the individuals concerned (decision in Polish here and English summary here). Article 14 of the GDPR requires data controllers, who do not obtain personal data ...
March 27, 2019, Inside Privacy
On March 12, 2019, the European Data Protection Board (“EDPB”) issued an opinion in response to a series of questions about the competences, tasks and powers of European supervisory authorities for data protection (“SAs”), when the processing of personal data triggers the material scope of both the ePrivacy Directive and the General Data Protection ...
March 22, 2019, Inside Privacy
On March 21, 2019, Advocate General Szpunar released his opinion in the Planet49 case, currently pending before the Court of Justice of the European Union (CJEU). The case centers on the use of consent for the processing of personal data and consent for the use of cookies. Planet49 GmbH offered an online lottery service for...… Continue Reading
February 18, 2019, Inside EU Life Sciences
As with anything personalized, be it advertising, medicines or training schedules, also personalized nutrition — using information on individual characteristics to develop targeted nutritional advice, products, or services — risks being affected by the feared GDPR. Kristof Van Quathem discusses the topic in Vitafoods’ Insights magazine of January 2019, ...
February 12, 2019, Inside EU Life Sciences
The European Data Protection Board (“Board”) released an opinion on January 23, 2019, on the intersection between the EU General Data Protection Regulation (“GDPR”) and the Clinical Trials Regulation (“CTR”). The opinion considers a Q&A on this topic prepared by the European Commission’s Directorate General for Health. The Directorate General decided to create ...
January 22, 2019, Covington Alert
On January 21, 2019, the French Supervisory Authority for data protection (“CNIL”) issued a fine of €50 million against Google for violations of the General Data Protection Regulation (“GDPR”) (the decision was published in French here).
October 22, 2018, Inside EU Life Sciences
On October 22, 2018, the European Federation of Pharmaceutical Industries in cooperation with the Future of Privacy Forum and the Center for Information Policy Leadership organized a workshop entitled “Can GDPR Work for Health Research.” In the first session, the workshop discussed the implications of the General Data Protection Regulation (“GDPR”) on clinical ...
How Can We Make Best Use of Health Data?
June 14, 2018, Financial Times
Kristof Van Quathem participated in a Financial Times podcast to discuss the impact of the General Data Protection Regulation on medical research and health technology companies. According to Van Quathem, "One of the main concerns I think that we see in the research circle is the uncertainty that is being created by the GDPR, and in particular, when it comes to ...
April 18, 2018, Thomson Reuters Regulatory Intelligence
January 22, 2018
WASHINGTON—Covington advised Bacardi Limited in its definitive agreement to acquire Patrón Spirits International AG and its PATRÓN® brand, the world’s top-selling ultra-premium tequila, from John Paul DeJoria, a founder of Patrón. The transaction reflects an enterprise value for Patrón of $5.1 billion. The transaction follows the successful relationship the ...
5 Cybersecurity And Privacy Policies To Watch In 2018
January 1, 2018, Law360
Kristof Van Quathem and Yan Luo are quoted in a Law360 article regarding cybersecurity and privacy policies to watch in 2018. Commenting on the General Data Protection Regulation (GDPR), Van Quathem says that although one of the legislation's aims is to harmonize a splintered set of national data privacy laws within Europe, it may end up causing companies aiming ...
Privacy, Cybersecurity, and Policy: Issues associated with collecting vast amounts of data and developing AI platforms
November 28, 2017, IoT Data & AI Summit
April 26, 2017, Inside EU Life Sciences
The EU pharmaceutical industry landscape is in significant flux. There are many pressures to provide new therapies and to make them available more early and for as many qualifying patients as possible. In that context, the industry model and the role of exclusivity rights as a tool to stimulate innovation are being discussed. At the...… Continue Reading
December 21, 2015, Covington Alert
On December 15, the EU institutions finally agreed the text of the new EU data protection law, the General Data Protection Regulation (“GDPR”), completing a process that began in January 2012. The LIBE committee has published the consolidated version of the GDPR text. The GDPR heralds a new era of data protection. It replaces the existing data protection ...
October 6, 2015, InsidePrivacy Blog
April 24, 2014, Inside EU Life Sciences
This post was originally published on our sister blog Inside Privacy On April 10, 2014, the Article 29 Working Party adopted an Opinion on anonymization techniques. The Working Party accepts that anonymization techniques can help individuals and society reap the benefits of “open data” initiatives – initiatives intended to make various types of data more freely ...
2006, World Data Protection Report
Etude sur les projets culturels éligibles aux fonds structurels de l’union européenne
1998, European Parliament
Covington Represents BSA in Landmark Data Protection Case Before Europe's Highest Court
The case has significant ramifications for any organization that relies on the standard contractual clauses (“SCCs”) to transfer personal data from the EU to countries around the world.