Kuan's publications

Hon: Technology and Security for Lawyers and Other Professionals - the Basics and Beyond

My second solo book is due out in June 2024: Technology and Security for Lawyers and Other Professionals - The Basics and Beyond.


‘Kuan’s encyclopedic knowledge of all things legal and technological never failed to impress me. I would challenge anyone to find a lawyer as conversant in technology and data privacy as Kuan. . . . If technology leaves you baffled, then don’t worry – that’s what this book is for. And if, like me, you have a greater understanding of technology, I can promise you this book will prove an invaluable reference.’
 – Phil Lee, Managing Director, Digiphile, UK

‘Once in a while, I come across a book I choose to keep as a reference. Such is the case with Dr. Hon’s book. Her aim to provide non-IT experts a grounding in IT/ICT concepts is overwhelmingly met with an exceptional breadth and depth of information that guides us through the complex world of information technology.’
 – Chantal Bernier (Wikipedia), Co-Lead, Dentons Global Privacy and Cybersecurity Group, Co-directrice, Groupe mondial sur la vie privée et la cybersécurité and former Commissioner at the Office of the Privacy Commissioner of Canada

‘Dr Kuan Hon has achieved a unique goal: she has managed to explain complicated technical notions in simple language, accessible to legal scholars at all levels, from lawyers to judges and law students. A must read for everyone interested in law and technology!’
 – Eleni Kosta, Professor of Technology Law and Human Rights, Tilburg University, the Netherlands

‘Dr W. Kuan Hon has a knack for distilling technical knowledge into simple and concise information. She has done it again in this comprehensive and accessible book on fundamental IT/ICT concepts, which even includes chapters on artificial intelligence and machine learning. This book is a valuable resource for lawyers and laypersons, as well as IT experts learning how to explain technical concepts in easily understandable language.’
 – Darren Grayson Chng, Regional Data Protection Director, APAC & MEA, Electrolux and Asia Advisory Board Member, International Association of Privacy Professionals

For my other publications, please scroll down.

Kuan Hon, Data Localization Laws and Policy

My first solo book: Data localization laws and policy - the EU data protection international transfers restriction through a cloud computing lens (Edward Elgar, 2017), with forewords by Rosemary Jay and Christopher Kuner, and including discussion of the EU General Data Protection Regulation and the EU-US Privacy Shield. Available as an ebook via e.g. Google Play (around £20), and in hardcover format (see the publisher's page for details of both).


‘It should be read by every data protection supervisory authority and law-maker in Europe.’
 – Rosemary Jay, Author, Data Protection Law and Practice

‘Data localization is not just a short-term phenomenon, but reflects a profound unease with increasing globalization, and a lack of certainty as to whether we want national borders carried over onto the online space. This book helps illuminate the choices that we face as a society in deciding where we want those boundaries to be set.’
 – Dr Christopher Kuner, Co-Director, Brussels Privacy Hub, VUB Brussel and Editor-in-chief, International Data Privacy Law

‘Displaying great originality and rigour, this book makes the case that location-based personal data protection should have that “Frankenrule” replaced by regulation based on enforcement of security and encryption standards. With an interdisciplinary focus on law, computer security and industrial organisation (in technological and business value chains of data processing), this approach is to be recommended to legal scholars of the Internet.’
 – Dr Chris Marsden, Professor of Internet Law, University of Sussex, UK


Not a review as such, but I understand Roger Bickerstaff kindly mentioned my book in his SCL Annual Conference 2020 talk on data localization - thank you Roger!

'...W Kuan Hon’s Data Localization Laws and Policy represents an excellent example of how an academic title – which often goes at length on a serious topic – may maintain the balance between a remarkable degree of engagement and an objective, accurate, structural, and sometimes technical narrative... Data Localization Laws and Policy represents a significantly well-researched and highly accessible monograph that provides important and timely observations on the EU’s data localisation law and policy. Researchers, policymakers, data protection authorities and officers, and indeed anyone interested in the legal issues surrounding cross-border data flows will find the comprehensive coverage and in-depth analyses of the book significantly helpful in deciphering the complex legal and political picture.'
- Jiahong Chen, Script-ed Volume 17, Issue 1, January 2020

'...an essential guide... a fundamental resource... The author smoothly guides the reader through intellectually challenging problem areas in a way that is comprehensive without sacrificing nuance, whilst at the same time incorporating academic, business, and political issues in a manner that consistently incorporates them throughout in the context of how personal data is transferred and processed on a transnational basis... can be considered a practical accomplishment that helps to create a vital interlinkage between the legal and academic world that is not always obvious, but also, she has done it in a way that provides vision in the often foggy landscape occupied by substantive legal and technical issues that are at the forefront of the constrained debate that is data localization ...an unrivalled level of accessibility to the table, whereby explanations are technical enough to satisfy those in academia and practice, but also, are succinct enough to take it beyond the niche of specialists. It is a text which exerts a key quality often missed in books of this nature and it is refreshing to see that intellectual stimulation and practical accessibility are two compatible concepts which can coexist... It brings the most important matters to the forefront and encourages users to think beyond the present and towards the future implications of legal barriers to the free interchange of personal data globally. This book should for essential reading to anyone interested in data localization laws and policy generally, but also, those who wish to explore the technical rules and regulations on how to protect personal data that is transferred and processed on the global Internet...'
- Daniel Davenport, European Journal of Law & Technology (EJLT), Vol 10, No. 2, 2019

'...As Dr. W. Kuan Hon convincingly argues in her book Data Localization Law and Policy, the “location fixation” is fundamentally at odds with the complex web of relationships involved in cloud computing technology... The author thus aptly calls the Restriction a “Frankenrule”, evoking the idea of a monster that has taken life on its own and may serve policy purposes going beyond that for which it had been conceived (e.g., trade protectionism)... The author should be given credit for starting a very important discussion on the responsibilities of mere infrastructure providers, though the solution offered – that those providers be qualified as neither controllers nor processors- appears less convincing from an exegetical perspective... this book provides food for thought with a valuable and comprehensive picture of data protection law and policy issues in relation to cross border data transfers.'
- Nicolo Zingales, Computer Law & Security Review, Volume 34, Issue 5, October 2018, Pages 1175-1176

First review in a French journal!:
'On signalera cet ouvrage de dimension essentiellement pratique qui couvre de très nombreux aspects de la circulation des données considérées au sens large (pas seulement les données à caractère personnel mais également l'ensemble des données protégées, y compris pour des motifs purement publics, de type «sécurité»)... L'intérêt principal de l'ouvrage est sa capacité à rendre compte des différentes facettes du phénomène selon un plan analytique...'
 – Jean-Sylvestre BERGÉ, Journal du Droit International (Clunet), Avril-Mai-Juin 2018 no 2/2018

'...she has weaved together an informative narrative that takes the reader on a journey from the legislative history behind data protection through to mechanisms and derogations, and compliance and enforcement. But it is not a heavy-going read and the advice is practical and realistic, rather than legalistically prescriptive... It's not just CIOs and the burgeoning army of data protection officers who ought to have a copy of this book displayed prominently on their shelves, but also that equally burgeoning army of lawyers working in the field... we'd advise every CIO not just to get their hands on a copy, but to make sure they get the hardback version...'
Graeme Burton, Computing, 28 Feb 2018

'...provides a thorough analysis of the law and highlights the absurdity of rules which use physical location as a shorthand for data security, while ignoring the impact of encryption, remote access, and cloud computing... Punchy, timely and opinionated.'
 – (2017) Top must-reads: the editorial team choices, Journal of Cyber Policy, 2:3, 405-407, DOI: 10.1080/23738871.2017.1406185 (published Nov 2017, open access until the end of 2017)

'...Overall this volume represents an accessible, comprehensively researched and thorough in-depth analysis which focuses on what has become an extremely important, but perhaps to date under-studied, aspect of the European data protection framework. It is a title in an area of law that, at the time of writing, is lacking in high-quality legal scholarship, which will be of course be highly pertinent to both students and researchers of data protection law, but is likely also to pique the curiosity of those interested in IT law, international commercial law, computer science and regulation more broadly.'
 – Henry Pearce, Computer and Telecommunications Law Review, (2017) 23 C.T.L.R., Issue 7, p.185-186

'...To turn such subject-matter into a readable text of almost 500 pages is quite an achievement, but I promise you that Kuan Hon has achieved precisely that. It’s so readable that I actually read (almost all) the book when my aim was to read the minimum number of pages possible in order to write a respectable review...one of the strengths of the book is the balance which is found in dealing with the (old) Data Protection Directive (which is not dead yet and will have a considerable after-life) and the incoming GDPR...' See full review.
Laurence Eastham, Society for Computers & Law, July 2017

'...This book which is partly a legalistic discussion about terms and concepts is however very useful for companies involved in cloud computing, as it explains the challenges in practical terms and with many examples of real cases. The arguments that the author makes are often not only relevant in the cloud computing context, but also apply more generally for cross-border transfers.' See full review (PDF).
 – Laura Linkomies, Privacy Law & Business International Report, issue 147, June 2017

See: my list of GDPR transfers enforcement and other transfers-related links.

Also see my blogs/articles on LinkedIn and my papers on SSRN. For my blog, please see Kuan0's blog for books, see the right sidebar.

Selected recent or forthcoming publications are listed below: