Kuan's publications

My first solo book: Data localization laws and policy - the EU data protection international transfers restriction through a cloud computing lens (Edward Elgar, 2017), with forewords by Rosemary Jay and Christopher Kuner, and including discussion of the EU General Data Protection Regulation and the EU-US Privacy Shield.

(Please scroll down for extracts from reviews, and for my other publications.)

Kuan Hon, Data Localization Laws and Policy

- Main book page on the publisher's website - and also available from Amazon (see right hand sidebar of this webpage).
- Free sample chapter (Chapter 1), with forewords, acknowledgements etc, are downloadable from Elgar Online.
- Free PDF updates (as of May 2017), references (with clickable links) and documents from the European Commission obtained under access to information requests are also downloadable from the Companion Site (under the Resources tab).
- Discount - time-limited 35% discount if buying the hardcover through Elgar using discount code KHON35 - only valid for 1 copy per person, not valid for institutional libraries or booksellers (discount leaflet (PDF)).
- Ebook -
around £20 for the ebook version, e.g. from Google Play (there are other ebook sources e.g. Kobo - please see the right hand sidebar of that page).

‘It should be read by every data protection supervisory authority and law-maker in Europe.’
 – Rosemary Jay, Author, Data Protection Law and Practice

‘Data localization is not just a short-term phenomenon, but reflects a profound unease with increasing globalization, and a lack of certainty as to whether we want national borders carried over onto the online space. This book helps illuminate the choices that we face as a society in deciding where we want those boundaries to be set.’
 – Dr Christopher Kuner, Co-Director, Brussels Privacy Hub, VUB Brussel and Editor-in-chief, International Data Privacy Law

‘Displaying great originality and rigour, this book makes the case that location-based personal data protection should have that “Frankenrule” replaced by regulation based on enforcement of security and encryption standards. With an interdisciplinary focus on law, computer security and industrial organisation (in technological and business value chains of data processing), this approach is to be recommended to legal scholars of the Internet.’
 – Dr Chris Marsden, Professor of Internet Law, University of Sussex, UK


'...Overall this volume represents an accessible, comprehensively researched and thorough in-depth analysis which focuses on what has become an extremely important, but perhaps to date under-studied, aspect of the European data protection framework. It is a title in an area of law that, at the time of writing, is lacking in high-quality legal scholarship, which will be of course be highly pertinent to both students and researchers of data protection law, but is likely also to pique the curiosity of those interested in IT law, international commercial law, computer science and regulation more broadly.'
Henry Pearce, Computer and Telecommunications Law Review, (2017) 23 C.T.L.R., Issue 7, p.185-186

'...To turn such subject-matter into a readable text of almost 500 pages is quite an achievement, but I promise you that Kuan Hon has achieved precisely that. It’s so readable that I actually read (almost all) the book when my aim was to read the minimum number of pages possible in order to write a respectable review...one of the strengths of the book is the balance which is found in dealing with the (old) Data Protection Directive (which is not dead yet and will have a considerable after-life) and the incoming GDPR...' See full review.
- Laurence Eastham, Society for Computers & Law, July 2017

'...This book which is partly a legalistic discussion about terms and concepts is however very useful for companies involved in cloud computing, as it explains the challenges in practical terms and with many examples of real cases. The arguments that the author makes are often not only relevant in the cloud computing context, but also apply more generally for cross-border transfers.' See full review (PDF).
 – Laura Linkomies, Privacy Law & Business International Report, issue 147, June 2017

Selected recent or forthcoming publications (for my blog, please see Kuan0's blog; for books, see the right sidebar; see also my papers on SSRN):

Books I've authored or contributed to

(Please buy via these links if you'd like to treat me to coffee; scroll down for reviews of Cloud Computing Law)

Reviews of the book Cloud Computing Law (where I wrote, and co-authors reviewed, 8 of the 14 chapters, and I commented on 5 of the other chapters), include -
  • Review on Amazon.com by Murray Royce Campbell: '...timely and useful... effectively helps the reader to “take a view” confidently on the issues... US information attorneys in particular will benefit... should be on every technology lawyer’s bookshelf... highly recommended.'
  • Editor of Computers & Law magazine Laurence Eastham: '... it is hard to see what is missing. Indeed, together with the excellent exposition of cloud basics in Part I [of which I was the lead author], the strength of the book for me is that it covers vast areas full of 'challenges' and invariably offers answers to those challenges, not just a series of empty questions. The chapters on 'Which Law(s) Apply to Personal Data in Clouds?' [of which I was the lead author] and 'Consumer Protection in Cloud Environments' exemplify this with highly pertinent comments comments... Practitioners operating in the cloud computing area, and especially those many soon to be swamped by it, will benefit greatly from many chapters here. The material on transactions is especially strong. There is original research which is very fully and cogently summarised and detailed analysis too... And it is worth pointing out that the paperback is priced at just £34.95 [and the Kindle edition £15!] – a snip by the standards of any practitioner book... Another positive is that Cloud Computing Law seems to have neatly side-stepped the reviewer's easy criticism of any book focusing on a fast-developing area, namely that it is not up to date. The numerous cloud computing issues are dealt with in the context of carefully chosen examples that have not been shorn of meaning by time – that is no mean feat when, in the cloud computing world, time is measured in dog years x 10...'
  • Data protection law expert Martin Hoskins: 'If you need to consult a great book on the legal implications of cloud computing, then look no further. This is the one for you... They've given us, in a readily accessible manner, the very latest thinking on an issue that all information governance professionals need to be very familiar with... Ken Ducatel, Head of Unit for Software, Services and Cloud at the European Commission remarked that he was so impressed with the book that he had already bought 2 copies... It’s a book that the serious players will return to again and again. Brilliant value...'
  • Privacy Laws & Business, International Report, Feb 2014 (paywalled): '...very relevant for the DP practitioner... helpful for those without a technical background... essentially a detailed, but easily accessible account about the legal implications of cloud computing... fascinating insight into why cloud computing is different from traditional outsourcing, and an enabler of new business models...'