Kristof Van Quathem

Kristof Van Quathem

Subscribe to all posts by Kristof Van Quathem

National Cybersecurity Awareness Month Q&A with Kristof Van Quathem

Kristof Van Quathem, special counsel in Covington’s Brussels office, advises clients on data protection, data security, and cybercrime matters. He has been specializing in this area for over fifteen years and covers the entire spectrum of advising clients on government affairs strategies, ranging from compliance advice on the adopted laws, regulations, and guidelines, to the … Continue Reading

Switzerland and US Announce New Commercial Data Transfer Framework

On January 12, 2017, the U.S. Federal Trade Commission announced the adoption of a Swiss-U.S. Privacy Shield, to replace the existing Swiss-U.S. Safe Harbor Agreement.  Companies have a three month grace period to switch from the old to the new regime. The Swiss version of the Privacy Shield had to be negotiated following the invalidation … Continue Reading

EDPS Issues Opinion on Big Data and Enforcement

As announced last week, the European Data Protection Supervisor (“EDPS”) released on September 23, 2016 an opinion on “coherent enforcement of fundamental rights in the age of big data.”  This opinion follows an earlier Preliminary Opinion on privacy and competitiveness in the age of big data, published in 2004 (see our previous blog post here). … Continue Reading

Report: EDPS to Recommend Clearing House to Increase Coordination Among EU Regulators

On September 19, 2016, PaRR reported that the European Data Protection Supervisor (“EDPS”) is working on guidelines to increase coordination on the interface between data protection and competition law.  The guidelines would be released later this month. According to the report, the EDPS will recommend the creation of a “digital clearing house” in which regulators … Continue Reading

The CNIL and EDPS Launch Public Consultations

On June 16, 2016, the French data protection authority (“CNIL”) launched a public consultation on the General Data Protection Regulation (“GDPR).   The consultation focuses on four priority themes set out in the Article 29 Working Party’s 2016 Action plan: the data protection officer; the right to data portability; data protection impact assessments; and certification.… Continue Reading

Digital Single Market – New Initiatives for Cloud Computing and Internet of Things

By Vera Coughlan, Monika Kuschewsky and Kristof Van Quathem Yesterday, the European Commission launched its “Digitising European Industry” package, a series of industry related initiatives aimed at “updating Europe’s digital infrastructure”, see press release here, Q&A here and homepage here.  The package includes reports and proposals addressing cloud computing, ICT standardization, eGovernment, Internet of Things … Continue Reading

EU DPA Enforcement Guidance Post-Schrems

Industry eagerly awaits further guidance from data protection authorities (“DPAs”) relating to the EU-U.S. Privacy Shield as well as on the validity (or otherwise) of other mechanisms for transfers to the U.S. such as standard contractual clauses (“SCCs”) and binding corporate rules (“BCRs”).  As we explained in recent posts (here and here), publication of an … Continue Reading

EU’s Highest Court Invalidates Safe Harbor with Immediate Effect

Today, the Court of Justice of the European Union (the “CJEU”) invalidated the European Commission’s Decision on the EU-U.S. Safe Harbor arrangement (Commission Decision 2000/520 – see here). The Court responded to pre-judicial questions put forward by the Irish High Court in the so-called Schrems case. More specifically, the High Court had enquired, in particular, … Continue Reading

EU’s Highest Court Rules on Applicable Law and Territorial Powers of the National Data Protection Authorities

On October 1st, 2015, the Court of Justice of the EU rendered its judgment in the Weltimmo case (C-230/14).  The case addressed two important aspects of EU data protection law, namely applicable law and the scope of the territorial powers of data protection authorities. The case arose out of a dispute between Weltimmo, a company registered … Continue Reading

Article 29 Working Party Updates BCR Guidance

On June 2, 2015, the Article 29 Working Party updated its published guidance on the topic of Processor BCRs.  In their latest guidance document, the Working Party focus specifically on the sensitive topic of disclosures to  law enforcement agencies (LEAs). By means of Processor BCRs, data processors are able to share EU-originating personal data within … Continue Reading

Belgian Government Calls for EU Data Protection Authority

On Wednesday, January 28, 2015, better known as “Data Protection Day,” the Belgian Under-Secretary for Data Protection Bart Tommelein called for the creation of an EU Data Protection Authority.  He intends to present this position of the Belgian Government to the informal meeting of Ministers of Justice and of the Interior in Riga (Latvia).  The … Continue Reading

Trans-Atlantic Business Dialogue Holds Briefing Session on EU-U.S. Safe Harbor Agreement

On October 23, the Trans-Atlantic Business Dialogue held a briefing session on the EU-U.S. Safe Harbor Agreement.  Ted Dean, Deputy Assistant Secretary at the U.S. Department of Commerce, gave an update on the negotiations with the European Commission.  Following the Snowden revelations and a resolution of the European Parliament, the European Commission on November 17, … Continue Reading

Draft report on the proposed EU Data Protection Regulation released

by Monika Kuschewsky and Kristof Van Quathem On January 8, 2013, MEP Jan Philipp Albrecht released his draft report on the proposed EU Data Protection Regulation.  Albrecht, of the European Green Party, is rapporteur for the Civil Liberties, Justice and Home Affairs (LIBE) Committee of the European Parliament, the lead Committee for the proposal.  His … Continue Reading

European Court Rejects Internet Filtering by ISPs

On 24 November 2011, the EU Court of Justice decided that ISPs cannot be forced to filter Internet traffic to fight intellectual property violations.   In 2007, the Brussels Court of First Instance obliged the ISP Scarlet to filter all internet traffic and to block traffic involving violations of intellectual property rights, in particular in … Continue Reading

The Article 29 Working Party and Breach Notification in the EU

The Article 29 Working Party recently released an opinion on data breach notification in the EU. The opinion addresses two main issues: Experience to date with the existing breach notification rules in the ePrivacy Directive. The breach notification obligation imposed by article 4.3-5 of the ePrivacy Directive (2002/58/EC) only applies to providers of electronic communications … Continue Reading
LexBlog