Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
Our specialist team in Brussels and London has been advising multinational companies on national and regional data privacy laws in the EU since the current EU Directive 95/46/EC was enacted nearly 20 years ago. We provide practical advice that is informed by deep knowledge of various local requirements and experience of dealing with regulators across Europe. Our multi-lingual team, which consists of experts in national Member State laws—including the UK, Belgium, France, Germany, the Netherlands and Spain—provides a “one-stop shop” solution.
We also maintain an established network of local counsel that we can use to advise on privacy and data security issues in a multitude of international markets, if needed.
We have particular expertise in advising companies in the software, technology, pharmaceutical, manufacturing and publishing sectors, and regularly advise in the following areas:
Advising numerous clients on the possible implications of the proposed General Data Protection Regulation.
Advising a large social network on compliance with U.S., EU and international data privacy laws in relation to its launch of new services and functionality, including geotargeting, facial recognition and targeted advertising.
Designed a compact worldwide privacy compliance program for a U.S. multinational company.
Advising Microsoft on a broad range of privacy and data security issues impacting its services in Europe and at a global level.
Worked directly with, and appeared before national and regional privacy authorities, such as the European Commission, the EU Article 29 Working Party, and the Council of Europe, both to address emerging policy issues in the data privacy field, such as data retention, radio frequency identification (RFID), Big Data, facial recognition, security breach legislation and biometrics, and to defend individual clients.
Advising Abbott Laboratories in relation to all privacy aspects of its global de-merger, involving the division of the company into a research-based business, AbbVie.
Managing a privacy audit of a U.S.-based multinational in the oil and gas industry in preparation for its BCR approval with the Dutch data protection authority as the lead authority, including reviewing and providing advice on the BCRs and the implementation strategy and assisting this client in the preparation and roll-out of various compliance tools in the framework of the BCRs.
Advising numerous companies on Binding Corporate Rules (BCRs), including Processor Rules. We help develop the BCR corpus and manage the entire approval process before the lead data protection authorities in several EU Member States including Belgium, Germany, Luxembourg and the UK.
Representing Merck in one of the first “test” cases involving interoperability between BCRs and APEC’s Cross-border Privacy Rules (CBPR). The case will establish a precedent for cross-border transfers of personal data for both the EU and Asia-Pacific Region.
Assisting a multinational manufacturer of machinery in the developing of BCRs.
Assisting a multinational manufacturer of heavy equipment in the adoption of BCRs.
Assisting a multinational manufacturer of products for the aerospace and building industries in developing BCRs.
Assisting a global e-commerce company in preparing and filing BCRs with the Luxembourg data protection authority.
Advising a multinational chemicals company on international data transfers.
Conducted a pan-European and selective U.S. survey of laws and regulations affecting an employer’s right to monitor employee’s Internet use and review electronic communications. We have also advised numerous clients on the law governing call recording and access to (and disclosure of) employee e-mail, including in connection with several personal crises and actions.
Advice on European geo-location data issues for major international service provider.
Conducted a detailed review of the human resources operations of a large pharmaceutical company to assess compliance with data protection and privacy laws and regulations in both the U.S. and EU, in anticipation of possible certification under the U.S.-EU Safe Harbor regime. Our extensive written report described potential compliance issues and recommended specific remedial actions.
On behalf of one of the world’s leading consumer electronics and technology companies, we completed a comprehensive global privacy audit under the laws of the United States, the European Union, and China, including an assessment of the data
collection, use, and sharing practices of numerous business units (including HR data), cross-border data transfers, and adopting a going-forward privacy governance and risk-management approach and corresponding policies and procedures.
Advised pharmaceutical companies in the United States and Europe on data privacy issues, including questions relating to genetic testing programs and the development of genomics databases, the sourcing and handling of human tissue and biological samples for research purposes, patient outreach, and marketing activities.
Serving as global privacy and data security counsel to a global e-commerce business, including advising on financial services privacy and information security-related aspects of certain mobile payments and mobile wallet services and international data transfers
Assisted pharmaceutical companies in developing global comprehensive privacy policies aligned with federal (HIPAA, Food & Drug Administration, and National Institutes of Health) regulations, state and European law, and best practices.
Represent an ad hoc consortium of U.S. and European pharmaceutical and medical device companies concerned about data privacy issues in Europe, including the Eastern European Member States such as Hungary, Poland, and the Czech Republic.
Advising numerous companies on data subjects’ right of access and right to be forgotten.
Conducted privacy “health checks” for clients to assess their compliance with privacy and data security laws, particularly those in the 28 Member States of the European Community; where appropriate, we have designed remediation programs that include, for example, filing notifications to local privacy regulators, fulfilling obligations to furnish notice, and ensuring compliance with local data security regulations.
Advised a European telecommunications client on data retention matters, and on strategy and compliance relating to new services using customer data.
Advised a global pharmaceutical company on the data breach notification requirements in more than 80 countries, following a security breach affecting employees in Europe, Asia and the Americas.
March 15, 2017, Inside Privacy
The UK Information Commissioner’s Office (ICO), which enforces data protection legislation in the UK, has fined a company £20,000 (approximately 24,000 USD / 23,000 EUR) for not exercising sufficient due diligence when buying and using marketing databases. The ICO found that over 580,000 individuals’ contact details had been obtained by The Data Supply Company ...
March 13, 2017, Inside Privacy
By Luca Tosoni and Dan Cooper On 2 February 2017, the Italian DPA (“Garante”) imposed a record fine of 5,880,000 Euros on a UK company operating in Italy for its violation of the data privacy consent rules contained in Italian law. This is the largest data privacy fine ever issued by a European data protection … Continue Reading
March 10, 2017, Inside Privacy
On March 9, 2017, the Court of Justice of the EU (“CJEU”) handed down a ruling limiting the reach of its prior “right to be forgotten” jurisprudence, by holding that the right does not prevail over society’s interest in access to official public records of company details required by law. In its famous Costeja/Google Spain ruling, … Continue Reading
March 8, 2017, Inside Privacy
By Dan Cooper and Rosie Klement On March 2, 2017, the Information Commissioner’s Office (“ICO”) released draft guidance for UK organizations on how the notion of consent will be interpreted and applied when the General Data Protection Regulation (“GDPR”) comes into force in May 2018. The ICO is currently engaging in a public consultation on … Continue Reading
February 15, 2017, Webinar
February 10, 2017, Inside Privacy
On February 9, 2017, six Democratic senators wrote to DHS Secretary John Kelly about their concerns over a Trump executive order that would remove Privacy Act protections for non-U.S. citizens and lawful permanent residents. Senators Ed Markey (MA), Ron Wyden (OR), Jeff Merkley (OR), Al Franken (MN), Chris Coons (DE), and Mazie Hirono (HI) wrote … Continue ...
January 27, 2017, Inside Privacy
On January 25, 2017, President Trump signed a new Executive Order on Enhancing Public Safety in the Interior of the U.S. Among other elements, the Executive Order directs U.S. government agencies to “ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy … Continue ...
January 24, 2017, Law360
Mark Young, Jennifer Martin, and Ian Hargreaves are quoted in a Law360 article regarding the high level of cyberattacks on the financial services industry and the resulting regulatory pressures. According to Young, “The GDPR [General Data Protection Regulation] is a massive text with groundbreaking change in the data privacy area, in terms of compliance ...
January 18, 2017, Inside Privacy
On January 12, 2017, the U.S. Federal Trade Commission announced the adoption of a Swiss-U.S. Privacy Shield, to replace the existing Swiss-U.S. Safe Harbor Agreement. Companies have a three month grace period to switch from the old to the new regime. The Swiss version of the Privacy Shield had to be negotiated following the invalidation … Continue Reading
January 12, 2017, Inside Privacy
In an interview with Politico (link requires a subscription), EU Justice Commissioner Věra Jourová, one of the principal architects of the EU-U.S. Privacy Shield, indicated that she plans to visit the U.S. once the Trump Administration is in place to assess the state of the new administration’s commitment to the Privacy Shield. In the interview, … Continue ...
January 11, 2017, Inside Privacy
On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future. These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) (see our post here); A Communication on “Building a European Data Economy” (see our post ...
On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future. These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) (see our post here); A Communication on “Building a European Data Economy”; and A ...
October 6, 2016, Inside Privacy
On October 5, 2016, the UK Information Commissioner’s Office (“ICO”) fined telecoms company TalkTalk a record £400,000 for failing to put in place appropriate data security measures and allowing a cyber-attacker to access TalkTalk customer data “with ease.” The ICO highlighted several technical and organizational deficiencies as justification for issuing its ...
By Phil Bradley-Schmieg and Gemma Nash On August 30, 2016, a major UK telecoms company (TalkTalk) lost its appeal against a fine imposed on it for failing to report a personal data breach to the UK national data protection authority (the Information Commissioner) within 24 hours of its receipt of a customer’s complaint. Commission Regulation … Continue Reading
August 11, 2016, Inside Privacy
A new post on the Covington eHealth blog reports that the UK government is running a consultation around NHS patient data security standards and a new legal framework for secondary uses (e.g. research) of patient data. To find out more about the proposals and the consultation, please click here.… Continue Reading
April 12, 2016, Law360
March 11, 2016, Inside Privacy
On March 3, 2016, the UK’s Information Commissioner’s Office (“ICO”) released new guidance on encryption. The guidance aims to provide advice to organizations on protecting personal data (such as customer and employee data) through the use of encryption. There is no legally-binding requirement under UK data protection law to encrypt data, either when static or ...
March 1, 2016, Inside Privacy
The UK’s data protection regulator, the Information Commissioner’s Office (“ICO”), has imposed a fine of £350,000 on Prodial Ltd (“Prodial”) for making over 46 million unsolicited automated telephone calls to generate leads in relation to payment protection insurance refunds. This is the highest fine issued by the ICO to date. The ICO investigated the marketing ...
March 2016, eHealth Law & Policy
February 1, 2016, The Guardian
Henriette Tielemans is quoted by The Guardian in an article discussing the missed Safe Harbor deadline. According to Tielemans, companies faced “enormous uncertainty” about what European regulators would deem adequate privacy protection.
January 27, 2016, Covington Alert
December 8, 2015, Law360
Mark Young is quoted in a Law360 article discussing the EU Network and Information Security Directive, which sets a cybersecurity and breach reporting baseline for both critical infrastructure operators, as well as digital service providers. This directive, which is the first of its kind, comes after two years of negotiations. According to Young, “There’s going ...
November 24, 2015, The Register
Dan Cooper is quoted by The Register in an article discussing the uncertainty and complications continuing to surround the Schrems decision that derailed Safe Harbour. Cooper stated that his business clients were both “surprise[d] and shock[ed]” by the European Court’s decision. “Businesses felt like the rug had been pulled out from under them,” said Cooper. ...
October 13, 2015, Bloomberg BNA
Henriette Tielemans is quoted in this BNA article that explores the idea of finding alternative means for the transfer of data with the elimination of Safe Harbor. Countries that require national data protection authority approval may find even more issues arise when trying to formulate new ways to navigate data transfer laws. Tielemans notes that the process ...
October 6, 2015, Fortune
Brussels-based partner Henriette Tielemans is quoted in this Fortune article that discusses the effects of the highest E.U. court eliminating the U.S.-E.U. data transfer agreement known as the Safe Harbor Act. “Hindsight is a beautiful thing,” said Tielemans. “We must all remember that in 2015 things are different than they were in 2000.”
October 6, 2015, Covington Alert
October 2, 2015, Inside Privacy
The UK Information Commissioner’s Officer (“ICO”) has issued its largest fine to date in connection with using an automated calling system to make direct marketing calls. The ICO found that Home Energy & Lifestyle Management Ltd (“HELM”), a green energy company that made millions of automated marketing calls in relation to “free” solar panels, recklessly … ...
September 17, 2015, Inside Privacy
The UK government has announced a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system. The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a full go-live in January 2016. Acording to recent press releases, CareCERT will: “Provide ...
September 8, 2015, Inside Privacy
By Megan L. Rodgers What information is being collected by mobile apps and websites directed at kids? With whom is that information shared? What notice is provided to parents? Regulators in the U.S. and abroad continue to focus on these issues. The FTC recently released a follow-up report on privacy notices in mobile apps directed … Continue Reading
August 2015, Data Protection Law & Policy
August 2015, Privacy Laws & Business International Report
July 10, 2015, Covington Alert
April 2015, Covington Newsletter
November 27, 2013, Covington E-Alert
October 24, 2013, Covington E-Alert
April 2013, World Data Protection Report
January 2012, Covington E-Alert
May 2010, Privacy Law & Business
March 29, 2010, Covington Advisory
March 1, 2010, Covington Advisory
January/February 2010, The Privacy Advisor
January 2010, World Data Protection Report
October 26, 2009, Covington Advisory
September 2009, Privacy & Data Protection Journal
December 10, 2004, Covington E-Alert
November 1, 2004, Covington E-Alert
October 14, 2004, Covington E-Alert
August 13, 2004, Covington E-Alert
July 23, 2004, Covington E-Alert
July 15, 2004, Covington E-Alert
May 21, 2004, Covington E-Alert
December 8, 2003, Covington E-Alert