I work mainly on data
protection / privacy and other
data-related issues, particularly security and international transfers,
including in the context of cloud
(all flavours). However, I'm fascinated by
most of the legal issues
thrown up by the Internet, IoT, AI / machine learning, blockchain and
other new or
emerging technologies. Lawyers
and scientists/technologists tend to take very different approaches to
technology and technology law, partly because of differences in
mindsets/culture, and partly because unanticipated communications gaps
may arise from their sometimes using the same words for different
concepts, and different words for the same concepts. I would very
much like to help to bridge that divide and to encourage a
multi-disciplinary, collaborative approach to both
technology and law, including law-making. I am also passionate about
bridging the divide between theory and practice that can occur too
often in law.
Please scroll down beyond my contact details for my summary bio.
- i100 volunteer (part-time) at the UK
National Cyber Security Centre, sinc Mar 2019
- Invited presentation to the UK
Cabinet Office on the EU NIS Directive / UK NIS Regulations, Nov
- Contributed to ENISA's
report on Distributed Ledger Technology & Cybersecurity: Improving
information security in the financial sector, Jan 2017
- Invited by the Cloud Security Alliance to present a keynote at SecureCloud 2016, May 2016
- Interviewed by BBC World News on the EU-US Privacy Shield, Apr 2016
- Invited to join the judging panel for the UK Cloud Awards, Apr 2016
- Invited by the British Computer Society's Information Risk Management & Assurance Group (IRMA) to speak on data protection law issues at its 50th anniversary conference, Nov 2015
- Selected to participate in the UK Cyber Security Challenge's pen testing camp, Aug 2015 - photographic proof!
- Invited by ENISA to speak on data protection law aspects of cloud security, including the draft General Data Protection Regulation, at its cloud security conference, June 2015
- Invited by CERN to present on cloud contracts, and also on the UK G-Cloud programme, May 2014
- Yes, I did manage to take the Large Hadron Collider tour!
- Quoted in Mapping the cloud maturity curve - the fundamental five, a briefing paper for The Economist Intelligence Unit, Dec 2014
- Invited by DC4420 (Defcon London) to speak on legal issues in cloud security, Oct 2012
Contact details (or scan the QR code on the right)
- English solicitor and New York attorney.
- Now a technology lawyer focusing mainly on data protection/security law (including the General Data Protection Regulation, NIS Directive, proposed ePrivacy Regulation, international transfers, and security/other data protection law breaches); cloud computing legal issues (including GDPR, NIS Directive, cloud contracts/policies, compliance with data protection regulation, etc); and technical security matters.
- Formerly a banking/debt capital markets and corporate insolvency lawyer in the City of London, with both English and US law firms (Sidley Austin, Dentons, CMS and Slaughter and May).
- Director, Privacy, Security & Information, Fieldfisher, since Jul 2017.
- i100 volunteer (part-time), UK
National Cyber Security Centre, sinc Mar 2019.
- Guest lecturer, Imperial
College London (Department of Computing), since Apr 2018.
- Editor, Sweet & Maxwell's Encyclopedia of Data Protection and Privacy, since Jan 2017.
- Honorary lifetime professional member, Cloud Industry Forum, awarded in Jan 2017.
- Advisory Board member, Society for Computers & Law, since Oct 2012 (formerly Media Board, then Editorial Advisory Board).
- Member, IAPP.
- Invited to join the judging panel for the UK Cloud Excellence Awards 2019.
- Volunteer (part-time), Information Commissioner's Office, 2018-2019.
- Consultant lawyer, Pinsent Masons, 2015-2017.
- Fellow, Open Data Institute, 2017-2018.
- Invited external observer, Code of Conduct Task Force, CISPE (Cloud Infrastructure Providers in Europe), 2017-2018.
- Adjunct research director, European Data Security & Privacy, IDC, 2017: press release, tweet (with photo!).
- Member of Information Privacy Expert Panel (IPEP), British Computer Society, 2015-2017.
- Invited UK Cloud Awards judging panel member, 2016-2017.
- Invited EU PRISMACLOUD User Advisory Board member, 2015-2018.
- Senior researcher (2014-2016), Cloud Legal Project and Microsoft Cloud Computing Research Centre at the Centre for Commercial Law Studies (CCLS), Queen Mary University of London (where I was a research assistant 2010-2011 and research consultant 2011-2014, including research assistant for the A4Cloud Cloud Accountability Project during 2012-2014).
- Joint law and computer science PhD from Queen Mary University of London, entitled "Kill the Frankenrule! – the EU Personal Data Export Restriction and Cloud Computing", supervised by Prof Chris Reed and Assistant Professor Hamed Haddadi, and examined by Prof Chris Marsden and Dr Toktam Mahmoodi; passed without amendments in Oct 2015, certificate awarded in 2016.
- Cyber Scheme Associate, certificate awarded by Information Risk Management Ltd (IRM) and the Cyber Security Challenge UK following a 5-day penetration testing camp in Aug 2015.
- Ran the world's first cloud computing law university course as a module in the distance learning LLM in Computer and Communications Law at Queen Mary University of London, in Q1 2014; have presented on cloud computing and/or data protection law to LLM or MSc students at QMUL and elsewhere (see selected presentations).
- Participated in the UK G-Cloud programme's Commercial Workstream, in summer/autumn 2011.
- MSc in Computing Science from Imperial College London. My MSc dissertation was on "Digital privacy, and illustrating permission & attribute matching for preserving privacy using Drools & Java" (supervisor Prof John Darlington, then Director of the Imperial College Internet Centre - now London e-Science Centre).
- LLMs from University of Pennsylvania, USA, and (in Computer & Communications Law) Queen Mary University of London.
- Undergraduate law degree from Trinity College, Cambridge University, UK.
Some very nice things that kind people have said about me or my work. See also the Presentations page for comments on some of my talks.
I'm a high mezzo, and sing second soprano with choral and opera groups such as the BBC Symphony Chorus and London Symphony Chorus. My zenith being Annina in Verdi's La Traviata with Hampstead Garden Opera, and most of the Woman 1 numbers in Sondheim's Side by Side with All Star Productions. Two left feet and an inability to pick up choreographed dancing as quickly as it's demonstrated mean that I no longer attempt any musicals! Some of my pop/rock songs are on iTunes. I am hoping to return to my pop/rock roots on vocals/guitar/keyboards someday.
According to family lore, and my surname in Chinese 韓, and a copy of a handwritten book that my grandfather took with him when he left China about 100 years ago, I'm directly descended from Han Dynasty general Han Xin - a great military strategist who was even a king for a year. I'm not sure how that's possible, as according to the public histories his entire family was executed when he was. But if anyone has a copy of a similar book (sadly my father lost my grandfather's copy), or knows of any great escapes that weren't recorded in the public histories, I'd love to hear all about it!