About me
I work mainly on data protection/privacy and other data and technology-related issues, particularly security and international transfers, including in the context of cloud computing (all flavours). However, I'm fascinated by most of the legal issues thrown up by the Internet, IoT, AI/machine learning, blockchain/DLT and other new or emerging technologies, including of course the regulation of technology - so I'm following developments like the EU Digital Services Act package, proposed AI Act and the UK post-Brexit proposals on data and tech with great interest.
Lawyers and scientists/technologists tend to take very different approaches to technology and technology law, partly because of differences in mindsets/culture, and partly because unanticipated communications gaps may arise from their sometimes using the same words for different concepts, and different words for the same concepts. I would very much like to help to bridge that divide and to encourage a multi-disciplinary, collaborative approach to both technology and law, including law-making. I am also passionate about bridging the divide between theory and practice that can occur too often in law. An impossible task? - it might seem so, but one reviewer noted that my first solo book brought '...an unrivalled level of accessibility to the table, whereby explanations are technical enough to satisfy those in academia and practice, but also, are succinct enough to take it beyond the niche of specialists. It is a text which exerts a key quality often missed in books of this nature and it is refreshing to see that intellectual stimulation and practical accessibility are two compatible concepts which can coexist...' (Daniel Davenport, European Journal of Law & Technology (EJLT), Vol 10, No. 2, 2019).
Please scroll down beyond my contact details for my summary
bio.
- Invited to give oral evidence to the UK's Intelligence and Security Committee of Parliament (ISC) for its inquiry into cloud technologies, Feb 2022.
- Appointed to the UK government's first International Data Transfer Expert Council, Jan 2022.
- Reached rank no. 7 in OWASP London's Capture the Flag (CTF) Nov 2021 event (ethical hacking challenge) - screenshot, with uncommon names or handles redacted!
- Letter: Amazon’s spy agency deal should leave no clues in the cloud, published in the Financial Times, Nov 2021
- Mentioned in Legal 500's 2021 rankings for data protection, privacy and cybersecurity practice area in London, Sept 2021, as a key lawyer at Fieldfisher. Client testimonials:
- 'Kuan Hon is an outstanding lawyer, with a PhD-level of technical knowledge of the products and services that our company develops and sells'.
- 'Kuan Hon has provided a seasoned and subject-matter
expert level of legal guidance'.
- Other client comments while working at Fieldfisher:
- 'Kuan is an extremely knowledgeable privacy lawyer. The advice she has provided to us has been very helpful and we have a great working relationship. We consider ourselves very fortunate to have a counsel like Kuan.' Large AsiaPac-headquartered technology group with global operations.
- 'Kuan Hon is extremely knowledgeable and always very
helpful. In working with Kuan, we highly appreciate her responsiveness
and pragmatic advice. Kuan always offers clear guidance, which is well
explained and supported. It is a great pleasure to work with Kuan, who
is our trusted and very reliable counsel for all GDPR matters.' Large North
American-headquartered industrial equipment group with global operations.
- Invited member, United Nations' (UN) Privacy Preserving Techniques Task Team and Legal Subgroup, 2020-2021.
- Answers to IT leaders' GDPR questions featured on the front page of Computing on Data Protection Day, Jan 2021.
- Invited peer reviewer for the 5th edition of Rosemary Jay's
seminal book Data
Protection Law and Practice, 2020.
- i100 volunteer (part-time) at the UK National Cyber Security Centre, 2019-2020.
- Volunteer (part-time) at the UK Information Commissioner's
Office, 2018-2019.
- Invited presentation to the UK
Cabinet Office on the EU NIS Directive / UK NIS Regulations,
Nov 2018.
- Contributed to ENISA's
report on Distributed Ledger Technology & Cybersecurity:
Improving information security in the financial sector, Jan
2017.
- Invited by the Cloud Security Alliance to present a keynote at SecureCloud 2016, May 2016.
- Interviewed by BBC World News on the EU-US Privacy Shield, Apr 2016.
- Invited to join the judging panel for the UK Cloud Awards, Apr 2016.
- Invited by the British Computer Society's Information Risk Management & Assurance Group (IRMA) to speak on data protection law issues at its 50th anniversary conference, Nov 2015.
- Selected to participate in the UK Cyber Security Challenge's pen testing camp, Aug 2015 - photographic proof!
- Invited by ENISA to speak on data protection law aspects of cloud security, including the draft General Data Protection Regulation, at its cloud security conference, June 2015.
- Invited by CERN to present on cloud contracts, and also on the UK G-Cloud programme, May 2014.
- Yes, I did manage to take the Large Hadron Collider tour!
- Quoted in Mapping the cloud maturity curve - the fundamental five, a briefing paper for The Economist Intelligence Unit, Dec 2014.
- Invited by DC4420 (Defcon London) to speak on legal issues in cloud security, Oct 2012.
Email: send email to my first initial only (not surname) at
this domain name
Blog: https://blog.kuan0.com
LinkedIn: https://www.linkedin.com/in/wkhon
Twitter: @kuan0
(though I rarely tweet these days)
Mastodon: @[email protected]
Summary bio
- English solicitor and New York attorney. Now a technology lawyer focusing mainly on data protection/security/information and tech law (including the General Data Protection Regulation, NIS Directive, proposed ePrivacy Regulation, international transfers & data localisation laws, and security/other data protection law breaches); cloud computing legal issues (including cloud contracts/policies, compliance with data protection regulation, etc) and broader tech law matters such as the P2B Regulation and proposed tech platforms/digital services and AI/machine learning laws; and technical security matters.
- Formerly a banking/debt capital markets and corporate insolvency lawyer in the City of London, with both English and US law firms (Sidley Austin, Dentons, CMS and Slaughter and May).
- Of Counsel, Privacy & Cybersecurity team, Dent ons in London, UK, since Jan 2022.
- Member, UK government's first International Data Transfer Expert Council, since Jan 2022.
- Guest lecturer, Imperial College London (Department of Computing), since Apr 2018.
- Editor, Sweet & Maxwell's Encyclopedia of Data Protection and Privacy, since Jan 2017.
- Advisory Board member (formerly Media Board, then Editorial Advisory Board), Society for Computers & Law, since Oct 2012.
- Other
memberships: IAPP
(International Association of Privacy Professionals); Cloud
Industry Forum, honorary lifetime professional
membership awarded in Jan 2017 for my contributions to cloud
computing law; OWASP
(Open Web
Application Security Project); SASIG
(Security Awareness Special Interest Group); Internet Society.
Previous roles
- Director,
Privacy, Security & Information Law, Fieldfisher,
2017-2021.
- Invited member, United Nations' (UN) Privacy Preserving Techniques Task Team and Legal Subgroup, 2020-2021.
- i100 volunteer (part-time) with SC security clearance, UK National Cyber Security Centre, 2019-2020.
- Visiting Scholar, Centre for Commercial Law Studies, Queen Mary University of London, 2019-2021.
- Invited to join the judging
panel for the UK
Cloud Excellence Awards, 2019.
- Volunteer (part-time), Information Commissioner's Office, 2018-2019.
- Fellow, Open Data Institute, 2017-2018.
- Invited external observer, Code of Conduct Task Force, CISPE (Cloud Infrastructure Providers in Europe), 2017-2018. CISPE's draft code was approved by the EDPB in May 2021, formally approved by CNIL in June 2021, and the first adhering IaaS providers (including Aruba, AWS (Amazon Web Services), Elogic, Leaseweb, Outscale and OVHCloud) announced in Feb 2022, with CNIL having accredited monitoring bodies EY Certifypoint B.V. in July 2021 and LNE and Bureau Veritas Italia Spa in Oct 2021.
- Comment: "It was really great to collaborate with you at a time where the European Commission was unable to understand what a #cloud infrastructure really is (and is not) to ensure proper data pretction through #GDPR. Your help was key to the success of the Cispe Data Protection Code of Conduct !"
- Adjunct research director, European Data Security & Privacy, IDC, 2017: press release, tweet (with photo!).
- Invited UK Cloud Awards judging panel member, 2016-2017.
- Consultant lawyer, Pinsent Masons, 2015-2017.
- Member of Information Privacy Expert Panel (IPEP), British Computer Society, 2015-2017.
- Invited EU PRISMACLOUD User Advisory Board member, 2015-2018.
- Senior researcher (2014-2016), Cloud Legal Project and Microsoft Cloud Computing Research Centre at the Centre for Commercial Law Studies (CCLS), Queen Mary University of London (where I was a research assistant 2010-2011 and research consultant 2011-2014, including research assistant for the A4Cloud Cloud Accountability Project during 2012-2014).
- Joint law and computer science PhD from Queen Mary University of London, entitled "Kill the Frankenrule! – the EU Personal Data Export Restriction and Cloud Computing", supervised by Prof Chris Reed and Assistant Professor Hamed Haddadi, and examined by Prof Chris Marsden and Dr Toktam Mahmoodi; passed without amendments in Oct 2015, certificate awarded in 2016.
- Cyber Scheme Associate, certificate awarded by Information Risk Management Ltd (IRM) and the Cyber Security Challenge UK following a 5-day penetration testing camp in Aug 2015.
- Ran the world's first cloud computing law university course as a module in the distance learning LLM in Computer and Communications Law at Queen Mary University of London, in Q1 2014; have presented on cloud computing and/or data protection law to LLM or MSc students at QMUL and elsewhere (see selected presentations).
- Participated in the UK G-Cloud programme's Commercial Workstream, in summer/autumn 2011.
- MSc in Computing Science from Imperial College London. My MSc dissertation was on "Digital privacy, and illustrating permission & attribute matching for preserving privacy using Drools & Java" (supervisor Prof John Darlington, then Director of the Imperial College Internet Centre - now London e-Science Centre).
- LLMs from University of Pennsylvania, USA, and (in Computer & Communications Law) Queen Mary University of London.
- Undergraduate law degree from Trinity College, Cambridge University, UK.
Tidbits
Some very nice things that kind people have said about me or my work. See also the Presentations page for comments on some of my presentations.
I'm a high mezzo, and sing second soprano with choral and opera groups such as the BBC Symphony Chorus and London Symphony Chorus (see "Never to Forget", Howard Goodall's moving tribute to the first 122 UK health and care workers who lost their lives to Covid-10, and the beautifully assembled video of Mozart's Ave Verum Corpus involving LSC and other choirs - both works recorded by choir members and instrumentalists individually at home during lockdown). My zenith being Annina in Verdi's La Traviata with Hampstead Garden Opera, and most of the Woman 1 numbers in Sondheim's Side by Side with All Star Productions. Two left feet and an inability to pick up choreographed dancing as quickly as it's demonstrated mean that I no longer attempt any musicals!
According to family lore, my surname in Chinese 韓, and a copy of a handwritten book that my grandfather took with him when he left China about a century ago, we're directly descended from Han Dynasty general Han Xin - a great military strategist, who was even a king for a year. I'm not sure how that's possible because, according to the public histories, when the empress ordered his execution his entire family was also executed - which unfortunately was not uncommon in those days. But if anyone has a copy of a similar book (sadly my father lost my grandfather's copy), or knows of any great escapes that weren't recorded in the public histories, I'd love to hear all about it! Despite all that, English is my first, and effectively only, language. I could speak Mandarin, Cantonese and Hokkien from age 1, but since starting kindergarten at age 4, where everyone spoke just English, I gradually lost all my Chinese-speaking abilities. I remember very clearly waking up one day, when I was about 6 to 8 years old, and thinking: "Oh, I'm now dreaming in English!". Re-learning Mandarin someday is on my bucket list.
This site is hosted via Google App Engine (just static files generally, deployed via the Google App Engine SDK for Python 2.7, which Google is continuing to support on App Engine), using CloudFlare's CDN.