Data Privacy and Cybersecurity

January 2021

Recapture of Excess COVID-19 Payroll Tax Credits Addressed in New Regs As the legal, regulatory, and commercial implications of coronavirus COVID-19 continue to evolve, our lawyers and advisors are helping clients navigate the complex considerations that companies around the world are facing and develop plans and strategies in response. Reach out to our ...

January 2021, Covington Guide

The EU-UK Trade and Cooperation Agreement (EUTCA) reached on December 24th is a wide-ranging and complex agreement. Our Brexit Task Force offers these "bite-sized" recordings to give a snapshot of what you need to know in each area. Though the EUTCA provides the overall architecture of the future relationship in a number of areas, much of the detail must still ...

September 14, 2020, Covington Alert

The English High Court has recently awarded damages in a data privacy case, with two features of particular interest1. First, the nature of the claim is more reminiscent of a claim in defamation than for data privacy breaches, which is a development in the use of data protection legislation. Secondly, the damages awarded (perhaps influenced by the nature of the ...

September 2, 2020

BRUSSELS–Covington has named Dan Cooper to lead its European data protection practice as co-chair of the firm’s global Data Privacy & Cybersecurity Practice, and he has relocated to Brussels to be closer to the institutions and courts that govern the European data privacy landscape. The firm has more than 100 lawyers focused on data privacy and cybersecurity ...

August 2020, Privacy Laws & Business

Summer 2020

Covington's European privacy team offers insights on the current state of play with respect to the intersection of European data privacy laws, and the transition around Europe and further abroad as government lockdown restrictions are lifted and companies begin to plan their return-to-work programs. In this on-demand briefing, we cover the guidance and positions ...

July 16, 2020

BRUSSELS-- Today, the European Court of Justice (“CJEU”) issued a landmark decision striking down the EU-U.S. Privacy Shield — an agreement between EU and U.S. authorities authorizing transfers of EU personal data to the United States — but upholding the validity of standard contractual clauses (“SCCs”), another mechanism that EU-based organizations use to ...

July 16, 2020, The Guardian

Lisa Peets spoke with The Guardian about the European Court of Justice’s decision to invalidate the EU-U.S. Privacy Shield, in which social media companies could be prevented from sending data to the United States from Europe. Ms. Peets says the ruling is not a total halt on data transfers between the EU and U.S. The court upheld the use of “standard contractual ...

July 16, 2020, Global Data Review

Lisa Peets is quoted in Global Data Review regarding the European Court of Justice’s decision to invalidate the EU-US Privacy Shield. Ms. Peets, who represented software trade body BSA as an intervening party, says companies are unlikely to immediately stop their SCCs – saying that “halting existing transfers would be all but impossible from a practical ...

July 16, 2020, Law360

Lisa Peets spoke with Law360 about European Court of Justice’s invalidation of the EU-U.S. Privacy Shield. Ms. Peets, who represented the Software Alliance, says the decision to reject the Privacy Shield without holding arguments on the merits of the tool — an issue that wasn't directly before the high court in this dispute — was “disappointing to many.” She ...

July 3, 2020, Computer Weekly

Yan Luo is quoted in Computer Weekly regarding China’s new draft data security law. Ms. Luo says, “China is considering allowing the law to have an extra-territorial effect that we have not seen before. They want to counteract the extra-territorial effect of U.S. law.” She adds that the law may require a technical audit of a company’s cyber security and to ...

June 27, 2020

WASHINGTON—Covington represented Piramal Enterprises Limited (PEL) in the sale of a 20% stake in Piramal Pharma Limited (Piramal Pharma), a wholly owned subsidiary of PEL that will contain its pharmaceutical businesses, to CA Clover Intermediate II Investments, an affiliated entity of CAP V Mauritius Limited, an investment fund managed and advised by affiliated ...

June 15, 2020, Computer Weekly

June 2020, Privacy Laws & Business

Spring 2020, Covington Guide

As businesses across Europe prepare to reopen following the COVID-19 lockdown, Covington is providing practical resources and guidance on the broad array of issues companies face as employees return to the workplace, including employment, privacy, competition, policy, environmental and regulatory considerations at the EU level, with a focus on Germany and the ...

May 19, 2020, Bloomberg

Daniel Cooper spoke with Bloomberg about new wearable technology devices that alert users when they are within close proximity of someone with COVID-19. Mr. Cooper notes that businesses are walking a fine line between keeping people safe and protecting their privacy. The absence of clear guidance from European regulators is forcing companies -- who could also be ...

April 2, 2020, Law360

Mark Young spoke with Law360 about a UK Supreme Court case involving the intentional breach of customer data information by an employee at Morrisons. The court ruled Morrisons will no longer  have to pay a fine. Mr. Young says this is the “dual-edged result” of the Supreme Court judgment. Although a company is off the hook if an employee “goes off the deep end” ...

April 1, 2020, Global Data Review

Daniel Cooper spoke with Global Data Review about a UK high court case involving the deliberate breach of personal information by a supermarket employee from Morrisons. The court ruled that the supermarket was not liable for the actions of the employee. Mr. Cooper described the decision as “dual-edged” and said that “when coupled with the Lloyd Court of Appeal ...

April 2020, Privacy Laws & Business

January 31, 2020, Covington Alert

This evening, at 11:00 p.m. GMT, the UK will leave the European Union. Brexit day marks a beginning, not an end. The UK today embarks on a complex process of negotiating new arrangements for trade and cooperation with the EU and partners around the world. Regulatory divergence seems inevitable, given that the UK will want to make its own decisions on existing ...

January 31, 2020, Covington Alert

At 11 p.m. tonight, the UK will officially leave the EU. Although this is a significant milestone in the development of the UK’s data protection framework, the UK will remain very closely linked to the EU in the short term at least, and for many the change may be imperceptible.

January 10, 2020, Global Data Review

Daniel Cooper is quoted in Global Data Review regarding the UK ICO’s decision to fine DSG Retail £500,000 under pre-GDPR data protection law. The fine stems from the company being compromised by a cyberattack affecting at least 14 million people.   Mr. Cooper says, “the ICO's imposition of a maximum fine appears due, in part, to the fact that it felt DSG should ...

January 9, 2020, Global Data Review

Daniel Cooper spoke with Global Data Review about the European Commission’s recommended changes to artificial intelligence liability rules. Mr. Cooper says the commission is keen to stress that the conclusions drawn from the report remain those of the expert group only. “One has to assume that the commission wants to be careful to test the waters first and gauge ...

December 20, 2019, Covington Alert

On December 19, 2019, Advocate General (“AG”) Henrik Saugmandsgaard Øe handed down his Opinion in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The AG’s Opinion provides non-binding guidance to the Court of Justice of the EU (“CJEU”) on how to decide the case.

November 27, 2019, Law360

Atli Stannard is quoted in Law360 regarding the U.S. Department of the Treasury’s claims of European Union banks violating privacy and anti-discrimination laws when they share customer information with the IRS. EU countries may negotiate with the Treasury Department, but only if they receive larger cross-border effort against tax avoidance. Mr. Stannard says, ...

October 22, 2019, Legaltech News

Trisha Anderson spoke with Legaltech News about a bilateral data access agreement, a new mechanism of the CLOUD Act and its effect on law firms. A year after the CLOUD Act, the first data-sharing agreement is most relevant to U.K. law enforcement agencies having access to the vast data held by U.S.-based tech companies, says Ms. Anderson. She adds, “The most ...

October 10, 2019, Covington Alert

On October 2, 2019, the English Court of Appeal handed down a landmark judgment in Lloyd v Google LLC [2019] EWCA Civ 1599 (“Lloyd”) concerning Google’s alleged misuse of the personal data of over 4 million iPhone users via cookies placed on the Safari browser.

October 9, 2019, Law360

Kristof Van Quathem is quoted in Law360 regarding a European Court of Justice’s decision to increase web cookie consent measures. Mr. Van Quathem says, “It’s unfortunate that the court didn’t address that point because it’s commercially and politically a very sensitive topic, on which there is a lot of uncertainty right now, and it’s a question that could have ...

September 30, 2019, Global Data Review

August 27, 2019

FRANKFURT—WirtschaftsWoche, Germany’s leading business weekly news magazine, has named Covington as the top law firm for IT law and Dr. Lars Lensdorf, a partner in Covington’s Frankfurt office, to its list of top IT lawyers in Germany. Dr. Lensdorf focuses his practice on IT law, outsourcing, digitalization and industry 4.0, IT related bank regulatory matters, ...

August 15, 2019, Computer Law Review International

July 17, 2019, Covington Alert

On July 9, 2019, the European Court of Justice (“ECJ”) heard oral argument in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The primary question before the ECJ is whether the European Commission’s standard contractual clauses (“SCCs”) are valid for transfers of personal data to the United States.1 Given ...

July 9, 2019

BRUSSELS—Today, a team of Covington lawyers argued before the European Court of Justice in a landmark data protection case, Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The case has significant ramifications for any organization that relies on the standard contractual clauses (“SCCs”) to transfer personal ...

July 2, 2019, Thomson Reuters Regulatory Intelligence

June 4, 2019, Thomson Reuters

Mark Young participated in a Q&A with Thomson Reuters about the EU Cybersecurity Act and its new cybersecurity certification schemes for information and communication technology products, services, and processes, especially internet of things devices. The interview also discusses how the Act supports the EU Directive on the Security of Network and Information ...

June 2019, Pharmind

February 2019, Privacy Laws & Business International Report

January 22, 2019, Covington Alert

On January 21, 2019, the French Supervisory Authority for data protection (“CNIL”) issued a fine of €50 million against Google for violations of the General Data Protection Regulation (“GDPR”) (the decision was published in French here).

January 2, 2019, Covington Alert

The past year was a particularly significant one for the development of Chinese privacy law. During 2018, the Chinese government systematically established the country’s regulatory requirements for cybersecurity and data privacy and continued to implement the Cybersecurity Law, which took effect on June 1, 2017.

January 2019, GCR Insight - E-Commerce Competition Enforcement Guide

October 23, 2018, The Law Society Gazette

Daniel Cooper spoke with The Law Society Gazette regarding a UK Court of Appeal decision that could make employers vicariously liable for employees’ actions even if they had taken preventative steps and bore no criminal responsibility.   Mr. Cooper said the employer should bear the enterprise risk and assume liability for the actions of its employees, as long as ...

September 13, 2018, Legal Business

Louise Freeman spoke with Legal Business regarding the latest trends in disputes. She highlights the growing potential for litigation from the rise in cyberattacks impacting major companies. Ms. Freeman observed ‘The UK courts are increasingly adapting to deal with this kind of litigation,’ and points to the Clarkson v Person or Persons Unknown High Court case ...

August 17, 2018

LONDON—Covington has advised Sensyne Health on medical device regulatory and data protection matters in connection with its £60 million IPO on London’s AIM market. The firm also represented Sensyne Health in negotiating strategic research and data processing agreements with the Chelsea and Westminster Hospital NHS Foundation Trust, the Oxford University ...

August 17, 2018

WASHINGTON— Law360 named Covington lawyers Alexander Berengaut, Michael Nonaka, and Ursula Owczarkowski to its list of “2018 Rising Stars.” This annual recognition honors top attorneys under 40 “whose legal accomplishments transcend their age.” Alex Berengaut represents clients in civil litigation, international arbitrations, and government enforcement ...

August 2018, Radar

July 30, 2018

SILICON VALLEY—Covington advised GlaxoSmithKline on its multi-year collaboration with and $300 million equity investment in 23andMe. GSK will become 23andMe’s exclusive collaborator for drug target discovery programs. The collaboration will focus on research and development of innovative new medicines and potential cures using human genetics as the basis for ...

June 14, 2018, Financial Times

Kristof Van Quathem participated in a Financial Times podcast to discuss the impact of the General Data Protection Regulation on medical research and health technology companies. According to Van Quathem, "One of the main concerns I think that we see in the research circle is the uncertainty that is being created by the GDPR, and in particular, when it comes to ...

May 24, 2018, The Wall Street Journal

Henriette Tielemans is quoted by The Wall Street Journal in an article regarding the upcoming deadline for companies to comply with the General Data Protection Regulation. “Companies are struggling with the concrete deliverables—the record of processing activities, the transfer agreements, the notices, the website—because of the sheer volume,” says Tielemans. ...

April 18, 2018, Thomson Reuters Regulatory Intelligence

April 3, 2018, IAPP

Henriette Tielemans participated in a session at the Global Privacy Summit and is quoted in an IAPP article regarding what happens once GDPR goes into effect. "For a lead regulator for the one-stop shop, you need a mean establishment. You lose a lot of the benefits of the GDPR if you're unable to come up with what your main establishment is," Tielemans said.

March 29, 2018, Law360

Henriette Tielemans spoke at an IAPP event and is quoted in a Law360 article regarding the Irish privacy authority's focus once GDPR takes effect. According to Tielemans, while “the GDPR has 150 articles, and businesses are worried about all 150 of them,” companies are most concerned about the regulators’ ability to issue massive fines of up to 4 percent of ...

March 28, 2018

LONDON—Covington will open an office in Frankfurt, Germany on April 3 led by eight partners. Frankfurt will be the firm’s third European office and will work closely with the firm’s five offices in the United States, its three offices in Asia, and its offices in the Middle East and Africa. “Covington will offer German companies a unique capability to help them ...

March 27, 2018

BRUSSELS—Henriette Tielemans, co-chair of Covington’s global Data Privacy and Cybersecurity practice, has today received the IAPP Privacy Vanguard Award, the industry's top honor, for her lifelong services to the data privacy community. The International Association of Privacy Professionals (IAPP) is the world’s largest and most comprehensive global information ...

March 27, 2018, IAPP

Henriette Tielemans was the recipient of the 2018 IAPP Privacy Vanguard Award, a recognition reserved for individuals who display “exceptional leadership, knowledge, and creativity in the field of privacy and data protection.”

March 27, 2018, Covington Alert

On March 23, 2018, Congress passed, and President Trump signed into law, the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which creates a new framework for government access to data held by technology companies worldwide.

March 23, 2018, MLex

Lindsey Tonsager recently spoke at the BCLT Privacy Law Forum in Silicon Valley is quoted in an mLex article discussing whether GDPR will automatically become a global privacy standard. Tonsager said that working with companies that depend on AI technology to become compliant with the GDPR “is incredibly, incredibly challenging." Commenting on modifications to ...

March 2, 2018, Chartered Management Institute

Daniel Cooper is quoted in a Chartered Management Institute article regarding wearable technology. Providing the legal perspective, Cooper says, "Any employer processing personal information is subject to a range of obligations–this includes making sure they’re very transparent about what they collect, ensuring they have a legal basis for processing that data. ...

January 22, 2018

WASHINGTON—Covington advised Bacardi Limited in its definitive agreement to acquire Patrón Spirits International AG and its PATRÓN® brand, the world’s top-selling ultra-premium tequila, from John Paul DeJoria, a founder of Patrón. The transaction reflects an enterprise value for Patrón of $5.1 billion. The transaction follows the successful relationship the ...

January 1, 2018, Law360

Kristof Van Quathem and Yan Luo are quoted in a Law360 article regarding cybersecurity and privacy policies to watch in 2018. Commenting on the General Data Protection Regulation (GDPR), Van Quathem says that although one of the legislation's aims is to harmonize a splintered set of national data privacy laws within Europe, it may end up causing companies aiming ...

January 1, 2018, Law360

Kurt Wimmer and John Buchanan are quoted in a Law360 article providing cybersecurity and privacy predictions for 2018. Wimmer says, once Europe's General Data Protection Regulation (GDPR) is in force, non-EU countries around the world will begin looking at privacy regimes based on the 1995 Directive [which the GDPR will replace] and think about whether they ...

December 26, 2017

SILICON VALLEY—The Financial Times has recognized Covington among the most innovative firms in 2017 in the category of "Enabling Business Growth," for advising "Tencent in its acquisition of a $8.6bn majority stake in Supercell, the Finnish gaming company, while maintaining Supercell’s creative culture and retaining its employees by introducing incentive ...

October 18, 2017, Covington Alert

The European Commission published its Report today on the first-annual review of the EU-U.S. Privacy Shield (the Report is accompanied with a Staff Working Document, Infographic, and Q&A).

September 18, 2017, Covington Alert

Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead. In terms of ranking those priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against climate change, ...

September 5, 2017, Bloomberg

Helena Milner-Smith is quoted in a Bloomberg article regarding the European Court of Human Rights ruling on employee privacy in a case brought by Bogdan Mihai Barbulescu. According to Milner-Smith, the ruling should remind employers not to "go beyond what is necessary for a legitimate purpose." She adds, "However, the Grand Chamber’s ruling will have very little ...

September 5, 2017, The Law Society Gazette

Helena Milner-Smith is quoted by The Law Society Gazette in an article regarding the European Court of Human Rights ruling on employee privacy in a case brought by Bogdan Mihai Barbulescu. According to Milner-Smith, "The decision serves as a reminder for employers who monitor workplace communications to ensure their monitoring practices do not go beyond what is ...

September 5, 2017, Law360

Helena Milner-Smith is quoted in a Law360 article regarding the European Court of Human Rights ruling on employee privacy in a case brought by Bogdan Mihai Barbulescu. "The decision serves as a reminder for employers who monitor workplace communications to ensure their monitoring practices do not go beyond what is necessary for a legitimate purpose, that ...

August 31, 2017, Covington Alert

On August 31, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released an updated draft of the Information Security Technology - Guidelines for Data Cross-Border ...

August 10, 2017, The Wall Street Journal

Mark Young is quoted in The Wall Street Journal's "Morning Risk Report" in an article regarding the Network and Information Systems directive. According to Young, “This is another data-related compliance requirement and it carries heavy penalties for failure to have in place appropriate network security measures."

August 8, 2017, Financial Times

Lisa Peets is quoted in a Financial Times article regarding the EU's new General Data Protection Regulation which will be introduced into UK law later this year. "Under the regulations, the definition of 'personal data' will be extraordinarily broad—any information that is related to a person," says Peets. "Companies are finding out that they are processing a ...

May 24, 2017, Covington Alert

On May 25, 2018, employers located or with staff in the European Union (“EU”) will have to comply with a new data protection law—Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data—commonly referred to as the General Data Protection Regulation (“GDPR”). This will ...

May 19, 2017, Covington Alert

On May 19, 2017, the Cyberspace Administration of China (“CAC”) invited international stakeholders to attend a seminar to discuss an updated version of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Measures”). Given that the Measures have an intended effective date of June 1, 2017, it is likely ...

April 12, 2017, Covington Alert

On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).

March 30, 2017, Business Forums International Ltd.

Spring 2017, Communications Lawyer (American Bar Association)

February 15, 2017, Webinar

February 3, 2017, Global Investigations Review

Ian Hargreaves and David Lorello are quoted in a Global Investigations Review article regarding Hargreaves’ recent arrival to Covington. According to Hargreaves, the firm’s “pre-eminence in dispute resolution, and its immense strength and global recognition as a market-leader in white-collar crime matters and investigations” fueled his decision. Lorello says, ...

January 31, 2017

LONDON—Ian Hargreaves has joined Covington as a partner in the firm’s European Dispute Resolution practice resident in London. Mr. Hargreaves’ arrival follows that of litigation partners Craig Pollack, Greg Lascelles, Elaine Whiteford, and Louise Freeman over the past six months. Mr. Hargreaves advises on major European white collar and related civil and ...

January 24, 2017, Law360

Mark Young and Ian Hargreaves are quoted in a Law360 article regarding the high level of cyberattacks on the financial services industry and the resulting regulatory pressures. According to Young, “The GDPR [General Data Protection Regulation] is a massive text with groundbreaking change in the data privacy area, in terms of compliance requirements and the new ...

December 15, 2016, CCT News

Daniel Cooper is quoted by CCT News in an article regarding the use of wearable technology in the workplace. According to Cooper, the use of wearable devices is a good way, especially for insurers.  However, the wearers’ privacy must be taken care of as well as their legitimate treatment concerns.

November 21, 2016, Financial Times

Daniel Cooper is quoted in a Financial Times article regarding wearable technology in the workplace. According to Cooper, not everyone will welcome sharing intimate personal information with the boss, however. “Wearable devices could be a good way for insurers to get the data . . . but it’s essential to address wearers’ privacy and fair treatment concerns and ...

September 20, 2016

WASHINGTON—Global Investigations Review has named the Microsoft warrant access case as the winner of the “Most Important Court Case of the Year.” Covington served as co-counsel to Microsoft and helped secure a landmark win in the U.S. Court of Appeals for the Second Circuit. GIR also ranked Covington among the top 15 investigations practices in the world in its ...

July 18, 2016

WASHINGTON—Covington has formed an enhanced team of lawyers and advisors to provide cybersecurity incident response services to clients, highlighted by Stephen Surdu, who formerly led the professional services group of Mandiant, joining the team as a Senior Cybersecurity Advisor.  Through the formation of the Cybersecurity Incident Response Team with members on ...

July 14, 2016, Covington Alert

At a joint press conference on July 12, 2016 in Brussels, EU Commissioner for Justice, Consumers and Gender Equality, Věra Jourová and the U.S. Secretary of Commerce, Penny Pritzker, presented the Privacy Shield (see Press Release here, Adequacy Decision text here, Annexes here, Communication here, and Q&A factsheet here). The press conference followed the ...

July 2016, BNA’s World Data Protection Report

June 21, 2016

SILICON VALLEY—Covington advised Tencent Holdings Limited, a leading provider of internet service in China, in connection with its acquisition of a majority stake in Supercell from SoftBank. A consortium established by Tencent will acquire up to 84% of Supercell for $8.6 billion in a transaction valuing Supercell at approximately $10.2 billion. Supercell is a ...

June 21, 2016, Webinar

April 12, 2016, Law360

March 24, 2016, The Wall Street Journal

Daniel Cooper is quoted in The Wall Street Journal’s “Morning Risk Report” discussing how companies should best comply with global data protection regulations. Commenting on the binding corporate rule process, Cooper said,“The one thing we know about binding corporate rules is [they tend] to have more appeal to European regulators.” He continues, “For a lot of ...

March 2016, eHealth Law & Policy

February 19, 2016, Law360

Mark Young and Libbie Canter are quoted in this Law360 article offering tips on how deal makers can mitigate cybersecurity risks.  According to Young, any discovered incidents can give buyers pause on how  — and if — they want to move forward. “We’ve dealt with at least a couple examples where deals were at least delayed if not reconsidered because of ...

February 18, 2016, Covington Alert

February 5, 2016, LexisNexis

February 1, 2016, The Guardian

Henriette Tielemans is quoted by The Guardian in an article discussing the missed Safe Harbor deadline. According to Tielemans, companies faced “enormous uncertainty” about what European regulators would deem adequate privacy protection.

January 27, 2016, Covington Alert

January 25, 2016, The Lawyer

David Fagan is quoted by The Lawyer in an article discussing the continued vulnerability of companies to data breaches and targeted cyber attacks. Fagan, commenting on cyber-related litigation, states, “Up until now, in the US, there has been little cyber-related litigation because it is very difficult to quantify the level of damage done – I can imagine the ...

January 15, 2016, Law360

Henriette Tielemans is quoted in a Law360 article discussing the recent European Court of Human Rights’ decision allowing employers in the EU to monitor their employees’ online activities for business purposes. “This decision is important,” according to Tielemans. “It will bring much needed legal certainty in an area that many companies are struggling with.”

December 21, 2015, Covington Alert

On December 15, the EU institutions finally agreed the text of the new EU data protection law, the General Data Protection Regulation (“GDPR”), completing a process that began in January 2012. The LIBE committee has published the consolidated version of the GDPR text. The GDPR heralds a new era of data protection. It replaces the existing data protection ...

December 8, 2015, Law360

Mark Young is quoted in a Law360 article discussing the EU Network and Information Security Directive, which sets a cybersecurity and breach reporting baseline for both critical infrastructure operators, as well as digital service providers. This directive, which is the first of its kind, comes after two years of negotiations. According to Young, “There’s going ...

November 24, 2015, The Register

Dan Cooper is quoted by The Register in an article discussing the uncertainty and complications continuing to surround the Schrems decision that derailed Safe Harbour. Cooper stated that his business clients were both “surprise[d] and shock[ed]” by the European Court’s decision. “Businesses felt like the rug had been pulled out from under them,” said Cooper. ...

October 13, 2015, Bloomberg BNA

Henriette Tielemans is quoted in this BNA article that explores the idea of finding alternative means for the transfer of data with the elimination of Safe Harbor. Countries that require national data protection authority approval may find even more issues arise when trying to formulate new ways to navigate data transfer laws. Tielemans notes that the process ...

October 6, 2015, Fortune

Brussels-based partner Henriette Tielemans is quoted in this Fortune article that discusses the effects of the highest E.U. court eliminating the U.S.-E.U. data transfer agreement known as the Safe Harbor Act. “Hindsight is a beautiful thing,” said Tielemans. “We must all remember that in 2015 things are different than they were in 2000.”

October 6, 2015, Covington Alert

September 23, 2015, InsidePrivacy Blog

August 2015, Privacy Laws & Business

Article written by Covington's Lisa Peets.    

June 8, 2015, Financial Times

Covington's Daniel Cooper is quoted regarding the legal implications of wearables in the workplace: “Historically European regulators in the data protection area have been very sceptical you can ever get a valid employee consent — they feel that for existing employees, [the relationship] is almost inherently coercive.”