Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
- Home
- Professionals
- Kristof Van Quathem
Kristof Van Quathem advises clients on data protection, data security and cybercrime matters in various sectors, and in particular in the pharmaceutical and information technology sector. Mr. Van Quathem has been specializing in this area for over fifteen years and covers the entire spectrum of advising clients on government affairs strategies concerning the lawmaking, to compliance advice on the adopted laws regulations and guidelines, and the representation of clients in non-contentious and contentious matters before data protection authorities.
- Advising various companies on the development and deployment of Binding Corporate Rules and other transfer mechanisms.
- Advising a wide range of pharmaceutical companies on sector-related data protection compliance in complex regulatory settings, such as in clinical trials, registries, biobanks, pharmacovigilance, e-health platforms and health apps.
- Advising large Internet and communication technology companies on compliance with European data protection, interception and cybersecurity laws in advanced ICT architectures, including on big data projects, online television, behavioral advertising and platforms, and other cutting edge technological developments.
- Advising the World Anti-Doping Agency (WADA) with respect to its compliance with European data privacy laws and in connection with its global administration and management of athlete anti-doping procedures.
- Advising global brands on their marketing strategies, compliance infrastructure and security breach response strategies.
- Assisting clients in balancing data protection considerations against competing interest, for example, in the area of e-discovery, employee monitoring, FCPA due diligence and sanctions lists.
- Assisting clients in obtaining licenses for exports of dual-use goods and otherwise restricted exports.
December 23, 2020, Inside Privacy
On December 16, 2020, the European Commission released the EU’s cybersecurity strategy for the next decade (see press release here and report here). The EU’s cybersecurity strategy puts forward concrete proposals for regulatory, investment and policy initiatives in the following three areas: 1. Resilience, technological sovereignty and leadership – the European ...
December 23, 2020, Inside Privacy
On December 22, 2020, the European Union Agency for Cybersecurity (“ENISA”) published a draft scheme for cloud services (see press release here and scheme here). Cloud services that meet the security requirements of the scheme will be able to obtain a certification attesting their level of cybersecurity. The draft scheme is available for public consultation...… ...
November 17, 2020, Inside Privacy
On September 16, 2020, the Spanish Supervisory Authority (“AEPD”) approved a “Code of Conduct for Data Processing in Advertising” (“Code”) (see the decision approving the code here). This is the first GDPR approved Code of Conduct with an accredited monitoring body in the European Union. The Code enters into effect on November 17, 2020, two...… Continue Reading
French Court of Cassation Decides That an Employer Can Use a Facebook Post to Dismiss an Employee
October 21, 2020, Inside Privacy
On September 30, 2020, the French Court of Cassation (“Court”) ruled in favor of an employer that dismissed an employee because of the contents of a Facebook post (the decision is available here, in French). In particular, the employee in this case posted a photograph of a new clothing collection of the employer on a...… Continue Reading
October 21, 2020, Inside Privacy
On October 9, 2020, the French Supervisory Authority (“CNIL”) issued guidance on the use of facial recognition technology for identity checks at airports (available here, in French). The CNIL indicates that it has issued this guidance in response to a request from several operators and service providers of airports in France who are planning to...… Continue ...
October 5, 2020, Inside Privacy
On October 1, 2020, the French Supervisory Authority (“CNIL”) published the final version of its Guidelines on cookies and other tracking technologies (hereafter, “guidelines” – see announcement here, and guidelines here, in French), as well as an adjoining set of best practice recommendations (in French) with examples on how to implement the guidelines. In ...
September 4, 2020, Inside Privacy
On 16 July, 2020, the Court of Justice of the EU (“CJEU”), issued its decision in the Schrems II case. In short, the CJEU invalidated the EU-U.S. Privacy Shield and clarified that the use of standard contractual clauses (“SCCs”) requires data controllers to conduct a case-by-case assessment of the level of data protection that SCCs...… Continue Reading
September 2, 2020
BRUSSELS–Covington has named Dan Cooper to lead its European data protection practice as co-chair of the firm’s global Data Privacy & Cybersecurity Practice, and he has relocated to Brussels to be closer to the institutions and courts that govern the European data privacy landscape. The firm has more than 100 lawyers focused on data privacy and cybersecurity ...
July 24, 2020, Inside Privacy
The Court of Justice of the European Union’s recent decision in the “Schrems II’ case was one of the most highly anticipated decisions in the world of data privacy, striking down the EU-U.S. Privacy Shield, but upholding the validity of standard contractual clauses. Tune in to the first episode of Covington’s Inside Privacy Audiocast, where...… Continue Reading
July 22, 2020, Inside Privacy
On July 17, 2020, the High-Level Expert Group on Artificial Intelligence set up by the European Commission (“AI HLEG”) published The Assessment List for Trustworthy Artificial Intelligence (“Assessment List”). The purpose of the Assessment List is to help companies identify the risks of AI systems they develop, deploy or procure, and implement appropriate ...
Summer 2020
Covington's European privacy team offers insights on the current state of play with respect to the intersection of European data privacy laws, and the transition around Europe and further abroad as government lockdown restrictions are lifted and companies begin to plan their return-to-work programs. In this on-demand briefing, we cover the guidance and positions ...
July 17, 2020, Legaltech News
Kristof Van Quathem is quoted in Legaltech News regarding the continuation of shared data between the EU and the United States after the invalidation of the Privacy Shield. Mr. Van Quathem says companies are exploring encryption and other technical safeguards for EU data transferred to the U.S. He added that more organizations are also considering prohibiting ...
July 16, 2020, Inside Privacy
Today, the Court of Justice of the European Union issued a landmark decision striking down the EU-U.S. Privacy Shield—an agreement between EU and U.S. authorities authorizing transfers of EU personal data to the United States—but upholding the validity of standard contractual clauses (“SCCs”), another mechanism that EU-based organizations use to transfer data ...
July 16, 2020
BRUSSELS-- Today, the European Court of Justice (“CJEU”) issued a landmark decision striking down the EU-U.S. Privacy Shield — an agreement between EU and U.S. authorities authorizing transfers of EU personal data to the United States — but upholding the validity of standard contractual clauses (“SCCs”), another mechanism that EU-based organizations use to ...
December 20, 2019, Covington Alert
On December 19, 2019, Advocate General (“AG”) Henrik Saugmandsgaard Øe handed down his Opinion in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The AG’s Opinion provides non-binding guidance to the Court of Justice of the EU (“CJEU”) on how to decide the case.
November 7, 2019, Inside EU Life Sciences
On November 5, 2019, the European Commission published a report entitled “Strengthening Strategic Value Chains for a future-ready EU Industry”, which was prepared by the Strategic Forum on Important Projects of Common European Interest (“Forum”). The Forum assists the European Commission in identifying key strategic value chains that can contribute to Europe’s ...
EU Cookie Ruling Tightens Leash On Ad Tech Staple
October 9, 2019, Law360
Kristof Van Quathem is quoted in Law360 regarding a European Court of Justice’s decision to increase web cookie consent measures. Mr. Van Quathem says, “It’s unfortunate that the court didn’t address that point because it’s commercially and politically a very sensitive topic, on which there is a lot of uncertainty right now, and it’s a question that could have ...
July 17, 2019, Covington Alert
On July 9, 2019, the European Court of Justice (“ECJ”) heard oral argument in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The primary question before the ECJ is whether the European Commission’s standard contractual clauses (“SCCs”) are valid for transfers of personal data to the United States.1 Given ...
Covington Represents BSA in Landmark Data Protection Case Before Europe's Highest Court
July 9, 2019
BRUSSELS—Today, a team of Covington lawyers argued before the European Court of Justice in a landmark data protection case, Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The case has significant ramifications for any organization that relies on the standard contractual clauses (“SCCs”) to transfer personal ...
June 2019, Pharmind
February 18, 2019, Inside EU Life Sciences
As with anything personalized, be it advertising, medicines or training schedules, also personalized nutrition — using information on individual characteristics to develop targeted nutritional advice, products, or services — risks being affected by the feared GDPR. Kristof Van Quathem discusses the topic in Vitafoods’ Insights magazine of January 2019, ...
February 12, 2019, Inside EU Life Sciences
The European Data Protection Board (“Board”) released an opinion on January 23, 2019, on the intersection between the EU General Data Protection Regulation (“GDPR”) and the Clinical Trials Regulation (“CTR”). The opinion considers a Q&A on this topic prepared by the European Commission’s Directorate General for Health. The Directorate General decided to create ...
January 22, 2019, Covington Alert
On January 21, 2019, the French Supervisory Authority for data protection (“CNIL”) issued a fine of €50 million against Google for violations of the General Data Protection Regulation (“GDPR”) (the decision was published in French here).
October 22, 2018, Inside EU Life Sciences
On October 22, 2018, the European Federation of Pharmaceutical Industries in cooperation with the Future of Privacy Forum and the Center for Information Policy Leadership organized a workshop entitled “Can GDPR Work for Health Research.” In the first session, the workshop discussed the implications of the General Data Protection Regulation (“GDPR”) on clinical ...
How Can We Make Best Use of Health Data?
June 14, 2018, Financial Times
Kristof Van Quathem participated in a Financial Times podcast to discuss the impact of the General Data Protection Regulation on medical research and health technology companies. According to Van Quathem, "One of the main concerns I think that we see in the research circle is the uncertainty that is being created by the GDPR, and in particular, when it comes to ...
April 18, 2018, Thomson Reuters Regulatory Intelligence
January 22, 2018
WASHINGTON—Covington advised Bacardi Limited in its definitive agreement to acquire Patrón Spirits International AG and its PATRÓN® brand, the world’s top-selling ultra-premium tequila, from John Paul DeJoria, a founder of Patrón. The transaction reflects an enterprise value for Patrón of $5.1 billion. The transaction follows the successful relationship the ...
5 Cybersecurity And Privacy Policies To Watch In 2018
January 1, 2018, Law360
Kristof Van Quathem and Yan Luo are quoted in a Law360 article regarding cybersecurity and privacy policies to watch in 2018. Commenting on the General Data Protection Regulation (GDPR), Van Quathem says that although one of the legislation's aims is to harmonize a splintered set of national data privacy laws within Europe, it may end up causing companies aiming ...
Privacy, Cybersecurity, and Policy: Issues associated with collecting vast amounts of data and developing AI platforms
November 28, 2017, IoT Data & AI Summit
April 26, 2017, Inside EU Life Sciences
The EU pharmaceutical industry landscape is in significant flux. There are many pressures to provide new therapies and to make them available more early and for as many qualifying patients as possible. In that context, the industry model and the role of exclusivity rights as a tool to stimulate innovation are being discussed. At the...… Continue Reading
December 21, 2015, Covington Alert
On December 15, the EU institutions finally agreed the text of the new EU data protection law, the General Data Protection Regulation (“GDPR”), completing a process that began in January 2012. The LIBE committee has published the consolidated version of the GDPR text. The GDPR heralds a new era of data protection. It replaces the existing data protection ...
October 6, 2015, InsidePrivacy Blog
April 24, 2014, Inside EU Life Sciences
This post was originally published on our sister blog Inside Privacy On April 10, 2014, the Article 29 Working Party adopted an Opinion on anonymization techniques. The Working Party accepts that anonymization techniques can help individuals and society reap the benefits of “open data” initiatives – initiatives intended to make various types of data more freely ...
2006, World Data Protection Report
Etude sur les projets culturels éligibles aux fonds structurels de l’union européenne
1998, European Parliament

Covington Represents BSA in Landmark Data Protection Case Before Europe's Highest Court
The case has significant ramifications for any organization that relies on the standard contractual clauses (“SCCs”) to transfer personal data from the EU to countries around the world.