I work mainly on data protection/privacy and other data and technology-related issues, particularly security and international transfers, including in the context of cloud computing (all flavours). However, I'm fascinated by most of the legal issues thrown up by the Internet, IoT, AI/machine learning, blockchain and other new or emerging technologies, including of course the regulation of technology - so I'm following developments like the EU Digital Services Act package with great interest.
Lawyers and scientists/technologists tend to take very different approaches to technology and technology law, partly because of differences in mindsets/culture, and partly because unanticipated communications gaps may arise from their sometimes using the same words for different concepts, and different words for the same concepts. I would very much like to help to bridge that divide and to encourage a multi-disciplinary, collaborative approach to both technology and law, including law-making. I am also passionate about bridging the divide between theory and practice that can occur too often in law. An impossible task? - it might seem so, but one reviewer noted that my first solo book brought '...an unrivalled level of accessibility to the table, whereby explanations are technical enough to satisfy those in academia and practice, but also, are succinct enough to take it beyond the niche of specialists. It is a text which exerts a key quality often missed in books of this nature and it is refreshing to see that intellectual stimulation and practical accessibility are two compatible concepts which can coexist...' (Daniel Davenport, European Journal of Law & Technology (EJLT), Vol 10, No. 2, 2019).
Please scroll down beyond my contact details for my summary bio.
- Answers to IT leaders' GDPR questions featured on the front page of Computing on Data Protection Day, Jan 2021.
- Invited peer reviewer for the 5th edition of Rosemary Jay's
seminal book Data
Protection Law and Practice, 2020.
- Invited member of the United Nations' Privacy Preserving Techniques
Task Team and Legal Subgroup, 2020-.
- i100 volunteer (part-time) at the UK National Cyber Security Centre, 2019-2020.
- Volunteer (part-time) at the UK
Information Commissioner's Office, 2018-2019.
- Invited presentation to the UK
Cabinet Office on the EU NIS Directive / UK NIS Regulations, Nov
- Contributed to ENISA's
report on Distributed Ledger Technology & Cybersecurity: Improving
information security in the financial sector, Jan 2017.
- Invited by the Cloud Security Alliance to present a keynote at SecureCloud 2016, May 2016.
- Interviewed by BBC World News on the EU-US Privacy Shield, Apr 2016.
- Invited to join the judging panel for the UK Cloud Awards, Apr 2016.
- Invited by the British Computer Society's Information Risk Management & Assurance Group (IRMA) to speak on data protection law issues at its 50th anniversary conference, Nov 2015.
- Selected to participate in the UK Cyber Security Challenge's pen testing camp, Aug 2015 - photographic proof!
- Invited by ENISA to speak on data protection law aspects of cloud security, including the draft General Data Protection Regulation, at its cloud security conference, June 2015.
- Invited by CERN to present on cloud contracts, and also on the UK G-Cloud programme, May 2014.
- Yes, I did manage to take the Large Hadron Collider tour!
- Quoted in Mapping the cloud maturity curve - the fundamental five, a briefing paper for The Economist Intelligence Unit, Dec 2014.
- Invited by DC4420 (Defcon London) to speak on legal issues in cloud security, Oct 2012.
Contact details (or scan the QR code on the right)
Email: send email to my first initial only (not surname) at
Twitter: @kuan0 (though I rarely tweet these days)
- English solicitor and New York attorney.
- Now a technology lawyer focusing mainly on data protection/security/information and tech law (including the General Data Protection Regulation, NIS Directive, P2B Regulation, proposed ePrivacy Regulation, international transfers & data localisation laws, and security/other data protection law breaches); cloud computing legal issues (including GDPR, NIS Directive, cloud contracts/policies, compliance with data protection regulation, etc); and technical security matters.
- Formerly a banking/debt capital markets and corporate insolvency lawyer in the City of London, with both English and US law firms (Sidley Austin, Dentons, CMS and Slaughter and May).
- Invited member, United Nations (UN) Privacy Preserving Techniques
Task Team and Legal Subgroup, since Mar 2020.
- Guest lecturer, Imperial College London (Department of Computing), since Apr 2018.
- Director, Privacy, Security & Information, Fieldfisher, since Jul 2017.
- Editor, Sweet & Maxwell's Encyclopedia of Data Protection and Privacy, since Jan 2017.
- Advisory Board member (formerly Media Board, then Editorial Advisory Board), Society for Computers & Law, since Oct 2012.
honorary lifetime professional
Industry Forum, awarded in Jan 2017 for my contributions to cloud
computing law; member, IAPP (International Association of
- i100 volunteer (part-time) with SC security clearance, UK National Cyber Security Centre, 2019-2020.
- Visiting Scholar, Centre for Commercial Law Studies, Queen Mary University of London, 2019-2020.
- Invited to join the judging
panel for the UK
Cloud Excellence Awards, 2019.
- Volunteer (part-time), Information Commissioner's Office, 2018-2019.
- Fellow, Open Data Institute, 2017-2018.
- Invited external observer, Code of Conduct Task Force, CISPE (Cloud Infrastructure Providers in Europe), 2017-2018.
- Adjunct research director, European Data Security & Privacy, IDC, 2017: press release, tweet (with photo!).
- Invited UK Cloud Awards judging panel member, 2016-2017.
- Consultant lawyer, Pinsent Masons, 2015-2017.
- Member of Information Privacy Expert Panel (IPEP), British Computer Society, 2015-2017.
- Invited EU PRISMACLOUD User Advisory Board member, 2015-2018.
- Senior researcher (2014-2016), Cloud Legal Project and Microsoft Cloud Computing Research Centre at the Centre for Commercial Law Studies (CCLS), Queen Mary University of London (where I was a research assistant 2010-2011 and research consultant 2011-2014, including research assistant for the A4Cloud Cloud Accountability Project during 2012-2014).
- Joint law and computer science PhD from Queen Mary University of London, entitled "Kill the Frankenrule! – the EU Personal Data Export Restriction and Cloud Computing", supervised by Prof Chris Reed and Assistant Professor Hamed Haddadi, and examined by Prof Chris Marsden and Dr Toktam Mahmoodi; passed without amendments in Oct 2015, certificate awarded in 2016.
- Cyber Scheme Associate, certificate awarded by Information Risk Management Ltd (IRM) and the Cyber Security Challenge UK following a 5-day penetration testing camp in Aug 2015.
- Ran the world's first cloud computing law university course as a module in the distance learning LLM in Computer and Communications Law at Queen Mary University of London, in Q1 2014; have presented on cloud computing and/or data protection law to LLM or MSc students at QMUL and elsewhere (see selected presentations).
- Participated in the UK G-Cloud programme's Commercial Workstream, in summer/autumn 2011.
- MSc in Computing Science from Imperial College London. My MSc dissertation was on "Digital privacy, and illustrating permission & attribute matching for preserving privacy using Drools & Java" (supervisor Prof John Darlington, then Director of the Imperial College Internet Centre - now London e-Science Centre).
- LLMs from University of Pennsylvania, USA, and (in Computer & Communications Law) Queen Mary University of London.
- Undergraduate law degree from Trinity College, Cambridge University, UK.
Some very nice things that kind people have said about me or my work. See also the Presentations page for comments on some of my presentations.
I'm a high mezzo, and sing second soprano with choral and opera groups such as the BBC Symphony Chorus and London Symphony Chorus (see "Never to Forget", Howard Goodall's moving tribute to the first 122 UK health and care workers who lost their lives to Covid-10, and the beautifully assembled video of Mozart's Ave Verum Corpus involving LSC and other choirs - both works recorded by choir members and instrumentalists individually at home during lockdown). My zenith being Annina in Verdi's La Traviata with Hampstead Garden Opera, and most of the Woman 1 numbers in Sondheim's Side by Side with All Star Productions. Two left feet and an inability to pick up choreographed dancing as quickly as it's demonstrated mean that I no longer attempt any musicals!
According to family lore, my surname in Chinese 韓, and a copy of a handwritten book that my grandfather took with him when he left China about a century ago, we're directly descended from Han Dynasty general Han Xin - a great military strategist, who was even a king for a year. I'm not sure how that's possible because, according to the public histories, when the empress ordered his execution his entire family was also executed - which unfortunately was not uncommon in those days. But if anyone has a copy of a similar book (sadly my father lost my grandfather's copy), or knows of any great escapes that weren't recorded in the public histories, I'd love to hear all about it! Despite all that, English is my first, and effectively only, language. I could speak Mandarin, Cantonese and Hokkien from age 1 but sadly, since starting kindergarten at age 4, where everyone spoke just English, I gradually lost all my Chinese-speaking abilities. I remember very clearly waking up one day, when I was about 6 to 8 years old, and thinking: "Oh, I'm dreaming in English!". Re-learning Mandarin someday is on my bucket list.