Ash Costello

About Ash Ash Advises Experience Highlights Memberships Publications

Partner

Privacy & Blockchain

+1 646 401 0092 +1 646 480 0736

About Ash

Ash is qualified in both New York and the UK, specialising in Data Protection and Privacy, Blockchain, Digital Commerce and Technology.

Her time working in-house as Global General Counsel for a multinational financial services organization with over USD450billion assets under management, and as external General Counsel for a start-up, have given her unique insights into the operational requirements and risk appetites of different industries and businesses. She listens to her clients, and identifies the  optimum strategy to meet their needs and priorities.  Whether advising on data privacy, technology or digital commerce, Ash’s advice is pragmatic and solutions focussed.

Her privacy practice often involves an international flavour as she can advise on the laws from both regions, leveraging jurisdictional comparisons and similarities to generate sensible solutions. Where possible, she leverages existing compliance frameworks.

Ash Advises

Ash specialises in advising on the following:

  • Data protection and privacy
  • Blockchain and encryption
  • Digital commerce and online platforms
  • Technology, cloud services and cyber security

Experience Highlights

  • Managing and implementing a global data -protection compliance roll-out for a multinational financial services organisations covering (among others) GDPR and the privacy regimes of the US, Canada, Singapore, Australia, Japan, Bermuda, and the Cayman Islands affecting both the organization and its clients;
  • Advising a multinational pharmaceutical organization on the applicability and interaction of GPDR and the data protection requirements of pharmaceutical law;
  • As external-DPO for a multinational defence contractor, advising on GDPR compliance matters such as Data Protection Impact Assessments, Legitimate Interest Assessments, Cross Border Transfer Risk Assessments and Transfer Impact Assessments, Vendor assessments and sub-processor management data-mapping and role designations for independent and joint controllers;
  • Data-mapping and implementing GDPR compliance to one of the largest DAOs;
  • Conducting an in-depth gap analysis between the requirements of HIPAA and HITECH (the Health Insurance Portability and Accountability Act) and GDPR, and implementing a HIPAA compliant rollout to UK entity commencing US operations and drafting the HIPAA required agreements, notices and communications to individuals;
  • Conducting in-depth gap analyses between GDPR and the US privacy requirements of numerous State ‘GDPR-lite’ laws such as the California Consumer Protection Act (CCPA) and the Federal Trade Commission’s guides for businesses, on behalf of businesses operating within and into the USA who are already GDPR-compliant;
  • Assisting businesses on breach management of GDPR and the Privacy and Electronic Communications (EC Directive) Regulations, and failing to have proper cookie notices on their websites;
  • Advising individuals on their GDPR rights with respect to Credit Reference Agencies;
  • Lawfirm compliance with GDPR and SRA requirements, including data-mapping and vendor and sub-processor management.
  • Advising governments on digital assets and smartcontracts;
  • Assisting a blockchain platform launch a Layer 0 protocol and related tokens, utilising secure multi-party computation encryption;
  • Advising on the privacy and encryption aspects of blockchain-based supply-chains, utilising zero knowledge proof gnarks;
  • Advising on the privacy aspects of various DLTs, cryptocurrencies and platforms, including entities conducting staking;
  • Advising a top-10 global bank on DORA and the UK’S Critical Infrastructure Regime;
  • Advising a start-up blockchain-based agricultural supply-chain on complying with the UK’s regulations on online platforms, digital commerce and data protection.
  • Advising a blockchain-based B2C and B2B platform on compliance with the relevant platform, digital markets and e-commerce regulations.
  • Assisting web-developers launch Apps and games, providing the necessary terms and conditions and advising on the B2C regulatory requirements and the extra data protection requirements for selling to children.

Memberships

  • Member of the Editorial Board of Citywealth’s Crypto Report. (https://www.citywealthmag.com/publication/crypto-report/)
  • Appointed to the Expert Panel of the European Blockchain Observatory and Forum (a European Commission initiative to accelerate blockchain innovation and the development of the blockchain ecosystem within the EU and so help cement Europe’s position as a global leader in this transformative new technology.) https://www.eublockchainforum.eu/  She regularly contributes to their workshops and reports including on matters such as NFTs (non-fungible tokens), DAOs (decentralized autonomous organizations), the Blockchain Ecosystem within the EU, and Smart Contracts.
  • Co-Chair of the Privacy Working Group of the International Association of Trusted Blockchain Applications (https://inatba.org/), (2022-2023) where she explored developments regarding privacy in and for blockchain including (among others) ZKPs (zero knowledge proofs), and SMPC (secure multi-party computations).

Publications

Co-Author of reports conducted by EUBOF including:

About Ash

Back to top

Ash is qualified in both New York and the UK, specialising in Data Protection and Privacy, Blockchain, Digital Commerce and Technology.

Her time working in-house as Global General Counsel for a multinational financial services organization with over USD450billion assets under management, and as external General Counsel for a start-up, have given her unique insights into the operational requirements and risk appetites of different industries and businesses. She listens to her clients, and identifies the  optimum strategy to meet their needs and priorities.  Whether advising on data privacy, technology or digital commerce, Ash’s advice is pragmatic and solutions focussed.

Her privacy practice often involves an international flavour as she can advise on the laws from both regions, leveraging jurisdictional comparisons and similarities to generate sensible solutions. Where possible, she leverages existing compliance frameworks.

Ash Advises

Back to top

Ash specialises in advising on the following:

  • Data protection and privacy
  • Blockchain and encryption
  • Digital commerce and online platforms
  • Technology, cloud services and cyber security

Experience Highlights

Back to top
  • Managing and implementing a global data -protection compliance roll-out for a multinational financial services organisations covering (among others) GDPR and the privacy regimes of the US, Canada, Singapore, Australia, Japan, Bermuda, and the Cayman Islands affecting both the organization and its clients;
  • Advising a multinational pharmaceutical organization on the applicability and interaction of GPDR and the data protection requirements of pharmaceutical law;
  • As external-DPO for a multinational defence contractor, advising on GDPR compliance matters such as Data Protection Impact Assessments, Legitimate Interest Assessments, Cross Border Transfer Risk Assessments and Transfer Impact Assessments, Vendor assessments and sub-processor management data-mapping and role designations for independent and joint controllers;
  • Data-mapping and implementing GDPR compliance to one of the largest DAOs;
  • Conducting an in-depth gap analysis between the requirements of HIPAA and HITECH (the Health Insurance Portability and Accountability Act) and GDPR, and implementing a HIPAA compliant rollout to UK entity commencing US operations and drafting the HIPAA required agreements, notices and communications to individuals;
  • Conducting in-depth gap analyses between GDPR and the US privacy requirements of numerous State ‘GDPR-lite’ laws such as the California Consumer Protection Act (CCPA) and the Federal Trade Commission’s guides for businesses, on behalf of businesses operating within and into the USA who are already GDPR-compliant;
  • Assisting businesses on breach management of GDPR and the Privacy and Electronic Communications (EC Directive) Regulations, and failing to have proper cookie notices on their websites;
  • Advising individuals on their GDPR rights with respect to Credit Reference Agencies;
  • Lawfirm compliance with GDPR and SRA requirements, including data-mapping and vendor and sub-processor management.
  • Advising governments on digital assets and smartcontracts;
  • Assisting a blockchain platform launch a Layer 0 protocol and related tokens, utilising secure multi-party computation encryption;
  • Advising on the privacy and encryption aspects of blockchain-based supply-chains, utilising zero knowledge proof gnarks;
  • Advising on the privacy aspects of various DLTs, cryptocurrencies and platforms, including entities conducting staking;
  • Advising a top-10 global bank on DORA and the UK’S Critical Infrastructure Regime;
  • Advising a start-up blockchain-based agricultural supply-chain on complying with the UK’s regulations on online platforms, digital commerce and data protection.
  • Advising a blockchain-based B2C and B2B platform on compliance with the relevant platform, digital markets and e-commerce regulations.
  • Assisting web-developers launch Apps and games, providing the necessary terms and conditions and advising on the B2C regulatory requirements and the extra data protection requirements for selling to children.

Memberships

Back to top
  • Member of the Editorial Board of Citywealth’s Crypto Report. (https://www.citywealthmag.com/publication/crypto-report/)
  • Appointed to the Expert Panel of the European Blockchain Observatory and Forum (a European Commission initiative to accelerate blockchain innovation and the development of the blockchain ecosystem within the EU and so help cement Europe’s position as a global leader in this transformative new technology.) https://www.eublockchainforum.eu/  She regularly contributes to their workshops and reports including on matters such as NFTs (non-fungible tokens), DAOs (decentralized autonomous organizations), the Blockchain Ecosystem within the EU, and Smart Contracts.
  • Co-Chair of the Privacy Working Group of the International Association of Trusted Blockchain Applications (https://inatba.org/), (2022-2023) where she explored developments regarding privacy in and for blockchain including (among others) ZKPs (zero knowledge proofs), and SMPC (secure multi-party computations).

Publications

Back to top

Co-Author of reports conducted by EUBOF including: