Photo of Kristof Van Quathem

Kristof Van Quathem

Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.

Kristof has been specializing in this area for over twenty years and developed particular experience in the life science and information technology sectors. He counsels clients on government affairs strategies concerning EU lawmaking and their compliance with applicable regulatory frameworks, and has represented clients in non-contentious and contentious matters before data protection authorities, national courts and the Court of the Justice of the EU.

Kristof is admitted to practice in Belgium.

Contact:Read more about Kristof Van QuathemEmail

On September 17, 2025, the German Supervisory Authorities (Konferenz der unabhängigen Datenschutzaufsichtsbehörden des Bundes und der Länder, DSK) published new guidelines and recommendations addressing the complex requirements for transferring personal data, particularly health data (including health data contained in biomaterials), to countries outside of the European Economic

Continue Reading New German Guidelines on GDPR Requirements for International Transfers of Health Data in Medical Research

On April 30, 2024, the UK Medicines and Healthcare products Regulatory Agency (“MHRA”) outlined its strategic approach (“Approach”) to artificial intelligence (“AI”).  The Approach is a response to the UK Government’s white paper: a pro-innovation approach to AI regulation and subsequent Secretary of State letter of 1 February 2024, and is the culmination of 12 months’ work by the MHRA to ensure the risks of AI are appropriately balanced with the potential transformative impact of AI in healthcare.

AI in Healthcare

AI has the potential to revolutionize the healthcare sector and improve health outcomes at every stage of healthcare provision – from preventative care through to diagnosis and treatment.  AI can help in research and development by strengthening outcomes of clinical trials, as well as being used to improve the clinical care of patients by personalizing care, improving diagnosis and treatment, enhancing the delivery of care and health system efficiency, and supplementing healthcare professionals’ knowledge, skills and competencies. Continue Reading MHRA Outlines New Strategic Approach to Artificial Intelligence

On April 26, 2023, the European Commission proposed the long awaited reform of the EU’s pharmaceutical regulations (see here to view our previous blogs on the subject).  This blog post discusses the data protection aspects of the proposals, which relate to the data processing activities of the European Medicines Agency

Continue Reading EU Pharma Legislation Review Series: Data Protection Aspects

On November 5, 2019, the European Commission published a report entitled “Strengthening Strategic Value Chains for a future-ready EU Industry”, which was prepared by the Strategic Forum on Important Projects of Common European Interest (“Forum”). The Forum assists the European Commission in identifying key strategic value chains that
Continue Reading European Commission publishes Strategic Forum’s recommendations on Smart Health

As with anything personalized, be it advertising, medicines or training schedules, also personalized nutrition — using information on individual characteristics to develop targeted nutritional advice, products, or services — risks being affected by the feared GDPR.  Kristof Van Quathem discusses the topic in Vitafoods’ Insights magazine of January 2019,
Continue Reading Reconciling Personalized Nutrition with the GDPR

The European Data Protection Board (“Board”) released an opinion on January 23, 2019, on the intersection between the EU General Data Protection Regulation (“GDPR”) and the Clinical Trials Regulation (“CTR”).  The opinion considers a Q&A on this topic prepared by the European Commission’s Directorate General for Health.  The Directorate General decided to create this Q&A because of perceived contradictions between the GDPR and the CTR, in particular in relation to the legal basis (e.g., the use of consent) and the further use of clinical trial data. (See also here).
Continue Reading European Data Protection Board releases Guidance on Intersection of the GDPR and the Clinical Trials Regulation

On October 22, 2018, the European Federation of Pharmaceutical Industries in cooperation with the Future of Privacy Forum and the Center for Information Policy Leadership organized a workshop entitled “Can GDPR Work for Health Research.”  In the first session, the workshop discussed the implications of the General Data Protection Regulation
Continue Reading The Implications of the GDPR on Clinical Trials in Europe

The EU pharmaceutical industry landscape is in significant flux. There are many pressures to provide new therapies and to make them available more early and for as many qualifying patients as possible. In that context, the industry model and the role of exclusivity rights as a tool to stimulate innovation are being discussed. At the same time, discovering and developing new products is more complex and requires a collaborative effort. This happens against the background of new rules on medical devices and the protection of personal data, which are, for instance, relevant in assessing clinical effectiveness and relying on real world evidence.

Three members of the Covington European Life Sciences team will be speaking on these topics at the EU Pharmaceutical Law Forum being held in Brussels on 16-18th May.
Continue Reading Exploring the EU Horizon for Pharma

This post was originally published on our sister blog Inside Privacy

On April 10, 2014, the Article 29 Working Party adopted an Opinion on anonymization techniques.  The Working Party accepts that anonymization techniques can help individuals and society reap the benefits of “open data” initiatives – initiatives intended to make various types of data more freely available – while mitigating the privacy risks of such initiatives.  Yet, the standard for anonymization proposed by the Working Party is not an easy one to meet, and the Working Party reiterates its belief that data will remain regulated personal data in the event a party – not necessarily the recipient of the data – is capable of associating it with a living individual.

The Working Party starts by pointing out that rendering personal data anonymous is a data processing operation in itself.  As a result, data controllers can only engage in such activity if the raw data concerned has been collected in compliance with applicable data protection laws.  In addition, based on existing data minimization obligations, data controllers should treat the application of anonymization techniques to data as a form of “further use”, compatible with the original use only if the anonymization technique is reliable.
Continue Reading European Regulators Set Out Data Anonymization Standards