Kuan's publications

My first solo book: Data localization laws and policy - the EU data protection international transfers restriction through a cloud computing lens (Edward Elgar, 2017), with forewords by Rosemary Jay and Christopher Kuner, and including discussion of the EU General Data Protection Regulation and the EU-US Privacy Shield.

For my other publications, please scroll down.

Kuan Hon, Data Localization Laws and Policy

‘It should be read by every data protection supervisory authority and law-maker in Europe.’
 – Rosemary Jay, Author, Data Protection Law and Practice

‘Data localization is not just a short-term phenomenon, but reflects a profound unease with increasing globalization, and a lack of certainty as to whether we want national borders carried over onto the online space. This book helps illuminate the choices that we face as a society in deciding where we want those boundaries to be set.’
 – Dr Christopher Kuner, Co-Director, Brussels Privacy Hub, VUB Brussel and Editor-in-chief, International Data Privacy Law

‘Displaying great originality and rigour, this book makes the case that location-based personal data protection should have that “Frankenrule” replaced by regulation based on enforcement of security and encryption standards. With an interdisciplinary focus on law, computer security and industrial organisation (in technological and business value chains of data processing), this approach is to be recommended to legal scholars of the Internet.’
 – Dr Chris Marsden, Professor of Internet Law, University of Sussex, UK


'...she has weaved together an informative narrative that takes the reader on a journey from the legislative history behind data protection through to mechanisms and derogations, and compliance and enforcement. But it is not a heavy-going read and the advice is practical and realistic, rather than legalistically prescriptive... It's not just CIOs and the burgeoning army of data protection officers who ought to have a copy of this book displayed prominently on their shelves, but also that equally burgeoning army of lawyers working in the field... we'd advise every CIO not just to get their hands on a copy, but to make sure they get the hardback version...'
- Graeme Burton, Computing, 28 Feb 2018

'...provides a thorough analysis of the law and highlights the absurdity of rules which use physical location as a shorthand for data security, while ignoring the impact of encryption, remote access, and cloud computing... Punchy, timely and opinionated.'
 – (2017) Top must-reads: the editorial team choices, Journal of Cyber Policy, 2:3, 405-407, DOI: 10.1080/23738871.2017.1406185 (published Nov 2017, open access until the end of 2017)

'...Overall this volume represents an accessible, comprehensively researched and thorough in-depth analysis which focuses on what has become an extremely important, but perhaps to date under-studied, aspect of the European data protection framework. It is a title in an area of law that, at the time of writing, is lacking in high-quality legal scholarship, which will be of course be highly pertinent to both students and researchers of data protection law, but is likely also to pique the curiosity of those interested in IT law, international commercial law, computer science and regulation more broadly.'
 – Henry Pearce, Computer and Telecommunications Law Review, (2017) 23 C.T.L.R., Issue 7, p.185-186

'...To turn such subject-matter into a readable text of almost 500 pages is quite an achievement, but I promise you that Kuan Hon has achieved precisely that. It’s so readable that I actually read (almost all) the book when my aim was to read the minimum number of pages possible in order to write a respectable review...one of the strengths of the book is the balance which is found in dealing with the (old) Data Protection Directive (which is not dead yet and will have a considerable after-life) and the incoming GDPR...' See full review.
Laurence Eastham, Society for Computers & Law, July 2017

'...This book which is partly a legalistic discussion about terms and concepts is however very useful for companies involved in cloud computing, as it explains the challenges in practical terms and with many examples of real cases. The arguments that the author makes are often not only relevant in the cloud computing context, but also apply more generally for cross-border transfers.' See full review (PDF).
 – Laura Linkomies, Privacy Law & Business International Report, issue 147, June 2017

Selected recent or forthcoming publications (for my blog, please see Kuan0's blog; for books, see the right sidebar; see also my papers on SSRN):

Books I've authored or contributed to

(Please buy via these links if you'd like to treat me to coffee; scroll down for reviews of Cloud Computing Law)

Reviews of the book Cloud Computing Law (where I wrote, and co-authors reviewed, 8 of the 14 chapters, and I commented on 5 of the other chapters), include -
  • Review on Amazon.com by Murray Royce Campbell: '...timely and useful... effectively helps the reader to “take a view” confidently on the issues... US information attorneys in particular will benefit... should be on every technology lawyer’s bookshelf... highly recommended.'
  • Editor of Computers & Law magazine Laurence Eastham: '... it is hard to see what is missing. Indeed, together with the excellent exposition of cloud basics in Part I [of which I was the lead author], the strength of the book for me is that it covers vast areas full of 'challenges' and invariably offers answers to those challenges, not just a series of empty questions. The chapters on 'Which Law(s) Apply to Personal Data in Clouds?' [of which I was the lead author] and 'Consumer Protection in Cloud Environments' exemplify this with highly pertinent comments comments... Practitioners operating in the cloud computing area, and especially those many soon to be swamped by it, will benefit greatly from many chapters here. The material on transactions is especially strong. There is original research which is very fully and cogently summarised and detailed analysis too... And it is worth pointing out that the paperback is priced at just £34.95 [and the Kindle edition £15!] – a snip by the standards of any practitioner book... Another positive is that Cloud Computing Law seems to have neatly side-stepped the reviewer's easy criticism of any book focusing on a fast-developing area, namely that it is not up to date. The numerous cloud computing issues are dealt with in the context of carefully chosen examples that have not been shorn of meaning by time – that is no mean feat when, in the cloud computing world, time is measured in dog years x 10...'
  • Data protection law expert Martin Hoskins: 'If you need to consult a great book on the legal implications of cloud computing, then look no further. This is the one for you... They've given us, in a readily accessible manner, the very latest thinking on an issue that all information governance professionals need to be very familiar with... Ken Ducatel, Head of Unit for Software, Services and Cloud at the European Commission remarked that he was so impressed with the book that he had already bought 2 copies... It’s a book that the serious players will return to again and again. Brilliant value...'
  • Privacy Laws & Business, International Report, Feb 2014 (paywalled): '...very relevant for the DP practitioner... helpful for those without a technical background... essentially a detailed, but easily accessible account about the legal implications of cloud computing... fascinating insight into why cloud computing is different from traditional outsourcing, and an enabler of new business models...'