Photo of Kristof Van Quathem

Kristof Van Quathem

Kristof Van Quathem advises clients on data protection, data security and cybercrime matters in various sectors, and in particular in the pharmaceutical and information technology sector. Kristof has been specializing in this area for over fifteen years and covers the entire spectrum of advising clients on government affairs strategies concerning the lawmaking, to compliance advice on the adopted laws regulations and guidelines, and the representation of clients in non-contentious and contentious matters before data protection authorities.

On April 26, 2023, the European Commission proposed the long awaited reform of the EU’s pharmaceutical regulations (see here to view our previous blogs on the subject).  This blog post discusses the data protection aspects of the proposals, which relate to the data processing activities of the European Medicines Agency (“EMA”). 

Legal basis – The

On November 5, 2019, the European Commission published a report entitled “Strengthening Strategic Value Chains for a future-ready EU Industry”, which was prepared by the Strategic Forum on Important Projects of Common European Interest (“Forum”). The Forum assists the European Commission in identifying key strategic value chains that can contribute to Europe’s industrial

As with anything personalized, be it advertising, medicines or training schedules, also personalized nutrition — using information on individual characteristics to develop targeted nutritional advice, products, or services — risks being affected by the feared GDPR.  Kristof Van Quathem discusses the topic in Vitafoods’ Insights magazine of January 2019, available here.

The European Data Protection Board (“Board”) released an opinion on January 23, 2019, on the intersection between the EU General Data Protection Regulation (“GDPR”) and the Clinical Trials Regulation (“CTR”).  The opinion considers a Q&A on this topic prepared by the European Commission’s Directorate General for Health.  The Directorate General decided to create this Q&A because of perceived contradictions between the GDPR and the CTR, in particular in relation to the legal basis (e.g., the use of consent) and the further use of clinical trial data. (See also here).
Continue Reading European Data Protection Board releases Guidance on Intersection of the GDPR and the Clinical Trials Regulation

On October 22, 2018, the European Federation of Pharmaceutical Industries in cooperation with the Future of Privacy Forum and the Center for Information Policy Leadership organized a workshop entitled “Can GDPR Work for Health Research.”  In the first session, the workshop discussed the implications of the General Data Protection Regulation (“GDPR”) on clinical trials in

The EU pharmaceutical industry landscape is in significant flux. There are many pressures to provide new therapies and to make them available more early and for as many qualifying patients as possible. In that context, the industry model and the role of exclusivity rights as a tool to stimulate innovation are being discussed. At the same time, discovering and developing new products is more complex and requires a collaborative effort. This happens against the background of new rules on medical devices and the protection of personal data, which are, for instance, relevant in assessing clinical effectiveness and relying on real world evidence.

Three members of the Covington European Life Sciences team will be speaking on these topics at the EU Pharmaceutical Law Forum being held in Brussels on 16-18th May.
Continue Reading Exploring the EU Horizon for Pharma

This post was originally published on our sister blog Inside Privacy

On April 10, 2014, the Article 29 Working Party adopted an Opinion on anonymization techniques.  The Working Party accepts that anonymization techniques can help individuals and society reap the benefits of “open data” initiatives – initiatives intended to make various types of data more freely available – while mitigating the privacy risks of such initiatives.  Yet, the standard for anonymization proposed by the Working Party is not an easy one to meet, and the Working Party reiterates its belief that data will remain regulated personal data in the event a party – not necessarily the recipient of the data – is capable of associating it with a living individual.

The Working Party starts by pointing out that rendering personal data anonymous is a data processing operation in itself.  As a result, data controllers can only engage in such activity if the raw data concerned has been collected in compliance with applicable data protection laws.  In addition, based on existing data minimization obligations, data controllers should treat the application of anonymization techniques to data as a form of “further use”, compatible with the original use only if the anonymization technique is reliable.
Continue Reading European Regulators Set Out Data Anonymization Standards