Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.

Daniel Cooper advises clients on information technology regulatory issues, particularly data protection, e-commerce and data security matters.
According to the latest edition of Chambers UK (2018), his "level of expertise is second to none, but it's also equally paired with a keen understanding of our business and direction." In 2017, it was noted that "he is very good at calibrating and helping to gauge risk."
Mr. Cooper also regularly assists leading technology companies, including social networking sites, online content and entertainment providers, and e-shopping sites, on their European and global compliance strategies. He also has deep experience with the regulation of mobile and e-health technologies. Mr. Cooper is also known for his ability to guide clients through the issues arising from data breach incidents, and has advised a number of high-profile clients in this area. Mr. Cooper co-authored the data protection standard that governs organized sport.
Mr. Cooper is qualified to practice law in the United States, the United Kingdom, and Ireland. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as Privacy International and the European security agency, ENISA.
- Advising Facebook, the online social network, on its compliance with European data protection laws.
- Advising Expedia, and its sister company, TripAdvisor, on compliance with data protection and security rules in Europe and Asia.
- Advising Wikimedia Foundation, responsible for the Wikipedia publication, with respect to European laws regulating charitable organizations and cross-border transfers of data.
- Advising Microsoft on its various online services and data protection compliance.
- Advising the World Anti-Doping Agency (WADA) with respect to its compliance with European data privacy laws in connection with its global administration and management of athlete doping procedures.
- Advising UK Anti-Doping (UKAD) on UK privacy regulations as applied to athlete drug testing.
- Advising Procter & Gamble on its online behavioral advertising practices and related collaborations with ad networks.
- Advising Pfizer, GlaxoSmithKline (GSK), Novartis, Abbott, Gilead, Alcon, Genzyme, Johnson & Johnson, MSD and UCB on their compliance with European data protection rules relating to clinical trials, e-health platforms, genetic testing and in other contexts.
- Advising CBS Interactive on its online privacy policies and data processing practices in Europe and Asia.
- Advising Viacom, the global mass media company, in connection with UK data protection law matters.
- Advising Deutsche Bank on various data protection issues in the UK and Germany.
- Advising American Express in connection with its fraud detection program and initiatives involving “Big Data”.
- Assisting UnitedHealth Group (UHG) with cross-border transfers of personal data and compliance with European registration rules.
- Advising Privacy International, the privacy-rights NGO, with respect to emerging EU and other privacy and data retention laws
- Assisted several manufacturing companies with devising privacy audit tools and practical compliance tools and template documents.
- Advised on the national laws relating to employee monitoring and surveillance in several EU Member States.
- Assisted a multi-national client on compliance with pan-European notification requirements.
- Provided large US-based pharmaceutical company with information on privacy laws in 10 key markets, including countries in Europe, Central, North and South America, and Asia.
- Assisted large pharmaceutical company in dealing with privacy issues resulting from the migration of patient data from a clinical study to a web-based platform.
- Advised on the processing of sensitive health data (under clinical trials and pharmacompliance), exports to third countries such as the US, communication to third parties such as regulatory authorities and identification of the “controller” of data.
- Assisted several clients on the latest privacy developments in the areas of RFID and biometrics.
- Assisted several worldwide privacy audits of US-based multinationals, including a detailed safety assessment, and recommendations to address certain issues, drafting of SOPS, notices, checking notifications to data protection authorities, and preparing appropriate privacy policies.
Pro Bono
- Advising consortium of privacy-rights organizations in connection with the human rights implications of EU laws on data retention and amassing information from electronic communications services providers.
Memberships and Affiliations
- European Privacy Association (EPA) Scientific Committee, Member (2015-2017)
- DataGuidance Pharma Panel of Experts, Member
- European Privacy Association, Member
- Computer Law and Security Review, Member of the Professional Board
- U.K. Law Society's ad hoc group on data protection, Member
- Privacy International, Board of Trustees
- CASRO, General Counsel and Privacy Officer's Forum
- British Institute of International and Comparative Law, Data Protection Research and Policy Committee, Member
- European Privacy Officers Network (EPON), Member
- MI5, Advisor on data privacy issues
February 15, 2019, Inside Privacy
On February 12, 2019, the European Data Protection Board (“EDPB”) published two information notes to highlight the impact of a so-called “No-deal Brexit” on data transfers under the EU General Data Protection Regulation (“GDPR”), as well as the impact on organizations that have selected the UK Information Commissioner (“ICO”) as their “lead supervisory ...
December 20, 2018, Inside Privacy
On December 13, 2018, the Information Commissioner’s Office (“ICO”) in the United Kingdom issued guidance on the state of UK data protection law should the country leave the European Union (“EU”) without having reached an agreement on the terms of its withdrawal. Much of this latest guidance is consistent with the ICO’s earlier guidance on...… Continue Reading
November 14, 2018, Inside Privacy
On November 6, 2018, the French data protection authority (the “CNIL”) published a report that discusses some of the questions raised by the use of blockchain technology and perceived tensions between it and foundational principles found in the General Data Protection Regulation (the “GDPR”). As we noted in an earlier blog post on this topic,...… Continue ...
October 17, 2018, The Law Society Gazette
Daniel Cooper spoke with The Law Society Gazette regarding a UK Court of Appeal decision that could make employers vicariously liable for employees’ actions even if they had taken preventative steps and bore no criminal responsibility. Mr. Cooper said the employer should bear the enterprise risk and assume liability for the actions of its employees, as long as ...
July 24, 2018, Inside Privacy
Blockchain technology has the potential to revolutionise many industries; it has been said that “blockchain will do to the financial system what the internet did to media”. Its most famous use is its role as the architecture of the cryptocurrency Bitcoin, however it has many other potential uses in the financial sector, for instance in...… Continue Reading
May 25, 2018, Inside Privacy
The much discussed and long-awaited General Data Protection Regulation (“GDPR”) applies from today, May 25, 2018. It will update and harmonize data protection laws across the EU, and sets out comprehensive rules in relation to personal data handling, as well as the rights of individuals over their personal data. It is unclear how aggressively the...… Continue ...
May 25, 2018, Inside Privacy
Having received Royal Assent on May 23, 2018, the UK Data Protection Bill is now an Act of Parliament. The Data Protection Act 2018 (the “Act”) implements the General Data Protection Regulation (“GDPR”) and replaces the UK Data Protection Act 1998. Notable provisions that make use of the ability of Member States to implement different...… Continue Reading
The five-minute management idea: wearable tech
March 2, 2018, Chartered Management Institute
Daniel Cooper is quoted in a Chartered Management Institute article regarding wearable technology. Providing the legal perspective, Cooper says, "Any employer processing personal information is subject to a range of obligations–this includes making sure they’re very transparent about what they collect, ensuring they have a legal basis for processing that data. ...
January 30, 2018, Inside Privacy
By Dan Cooper, Joseph Jones, and Ruth Scoles Mitchell On January 25, 2018, the Court of Justice of the European Union (“CJEU”) handed down a ruling permitting consumer privacy actions to be brought in the consumer’s home jurisdiction — as opposed to the jurisdiction in which the defendant data controller has its main establishment —...… Continue Reading
The EU Gets Serious About Cyber: The EU Cybersecurity Act and Other Elements of the "Cyber Package"
September 18, 2017, Covington Alert
Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead. In terms of ranking those priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against climate change, ...
China Seeks Comments on Updated Draft of Cross-Border Data Transfer Security Assessment Standard
August 31, 2017, Covington Alert
On August 31, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released an updated draft of the Information Security Technology - Guidelines for Data Cross-Border ...
July 4, 2017, Inside Privacy
By Dan Cooper and Rosie Klement The EU’s Article 29 Working Party (“WP29”) has issued new guidance on data processing in the employment context. Adopted on June 8, 2017, the guidance primarily takes account of the existing data protection framework under the EU Data Protection Directive (Directive 95/46/EC), but also considers the developments coming into ...
May 24, 2017, Covington Alert
On May 25, 2018, employers located or with staff in the European Union (“EU”) will have to comply with a new data protection law—Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data—commonly referred to as the General Data Protection Regulation (“GDPR”). This will ...
May 19, 2017, Covington Alert
On May 19, 2017, the Cyberspace Administration of China (“CAC”) invited international stakeholders to attend a seminar to discuss an updated version of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Measures”). Given that the Measures have an intended effective date of June 1, 2017, it is likely ...
April 12, 2017, Covington Alert
On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).
GDPR Planning and Preparation Conference for Employers
March 30, 2017, Business Forums International Ltd.
March 10, 2017, Inside Privacy
On March 9, 2017, the Court of Justice of the EU (“CJEU”) handed down a ruling limiting the reach of its prior “right to be forgotten” jurisprudence, by holding that the right does not prevail over society’s interest in access to official public records of company details required by law. In its famous Costeja/Google Spain ruling,...… Continue Reading
March 8, 2017, Inside Privacy
By Dan Cooper and Rosie Klement On March 2, 2017, the Information Commissioner’s Office (“ICO”) released draft guidance for UK organizations on how the notion of consent will be interpreted and applied when the General Data Protection Regulation (“GDPR”) comes into force in May 2018. The ICO is currently engaging in a public consultation on...… Continue Reading
December 15, 2016, CCT News
Daniel Cooper is quoted by CCT News in an article regarding the use of wearable technology in the workplace. According to Cooper, the use of wearable devices is a good way, especially for insurers. However, the wearers’ privacy must be taken care of as well as their legitimate treatment concerns.
Wearable technology: gathering data from tooth to toe
November 21, 2016, Financial Times
Daniel Cooper is quoted in a Financial Times article regarding wearable technology in the workplace. According to Cooper, not everyone will welcome sharing intimate personal information with the boss, however. “Wearable devices could be a good way for insurers to get the data . . . but it’s essential to address wearers’ privacy and fair treatment concerns and ...
July 14, 2016, Covington Alert
At a joint press conference on July 12, 2016 in Brussels, EU Commissioner for Justice, Consumers and Gender Equality, Věra Jourová and the U.S. Secretary of Commerce, Penny Pritzker, presented the Privacy Shield (see Press Release here, Adequacy Decision text here, Annexes here, Communication here, and Q&A factsheet here). The press conference followed the ...
July 2016, BNA’s World Data Protection Report
Data Transfer Hurdles Have Companies Hedging Bets
March 24, 2016, The Wall Street Journal
Daniel Cooper is quoted in The Wall Street Journal’s “Morning Risk Report” discussing how companies should best comply with global data protection regulations. Commenting on the binding corporate rule process, Cooper said,“The one thing we know about binding corporate rules is [they tend] to have more appeal to European regulators.” He continues, “For a lot of ...
December 21, 2015, Covington Alert
On December 15, the EU institutions finally agreed the text of the new EU data protection law, the General Data Protection Regulation (“GDPR”), completing a process that began in January 2012. The LIBE committee has published the consolidated version of the GDPR text. The GDPR heralds a new era of data protection. It replaces the existing data protection ...
November 24, 2015, The Register
Dan Cooper is quoted by The Register in an article discussing the uncertainty and complications continuing to surround the Schrems decision that derailed Safe Harbour. Cooper stated that his business clients were both “surprise[d] and shock[ed]” by the European Court’s decision. “Businesses felt like the rug had been pulled out from under them,” said Cooper. ...
October 6, 2015, Covington Alert
News Hour
October 6, 2015, Al Jazeera
Dan Cooper appeared on the show to discuss the implications of the ECJ Schrems judgment.
Data Protection Law and International Commercial Arbitration
7/27/2015-7/31/2015, The Hague Academy of International Law 2015 Session
The EU General Data Protection Regulation: What’s Next and What It Means For Your Business
July 1, 2015, Webinar
June 8, 2015, Financial Times
Covington's Daniel Cooper is quoted regarding the legal implications of wearables in the workplace: “Historically European regulators in the data protection area have been very sceptical you can ever get a valid employee consent — they feel that for existing employees, [the relationship] is almost inherently coercive.”
Moving to the Cloud: Privacy and Other Key Considerations for Healthcare Entities
May 13, 2015, Life Sciences Essentials Webinar Series
The Future of Safe Harbor
May 7, 2015, International Data Exports – EU-US Data Transfers
Key Compliance Developments for Global Employers
May 4, 2015, Global Benefits Forum
Privacy Impact Assessments - The Latest Thinking
November 13, 2014, 9th Annual Data Protection Practical Compliance Conference
Privacy Impact Assessments – The Latest Thinking
October 10, 2014, 13th Annual Data Protection Compliance Conference
August 5, 2014
LONDON, 5 August, 2014 — Covington & Burling advised Illumina on its partnership with Genomics England to provide infrastructure and expertise for a four-year project that aims to make the UK the world leader in genetic research into cancer and rare diseases, through funding research to decode 100,000 human genomes - a patient's personal DNA code. The deal is ...
April 24, 2014, Inside EU Life Sciences
This post was originally published on our sister blog Inside Privacy On April 10, 2014, the Article 29 Working Party adopted an Opinion on anonymization techniques. The Working Party accepts that anonymization techniques can help individuals and society reap the benefits of “open data” initiatives – initiatives intended to make various types of data more freely ...
Protection of the Private Sphere, Fight Against Terrorism and Internet Surveillance: How to Reconcile These Priorities?
April 23, 2014, XIIth International CIFA Forum
Privacy/Data Protection Regulation of Biobanks
March 28, 2014, Biobanking Global Congress 2014 Europe
Reconciling Regulatory Requests with Data Privacy Obligations
December 5, 2013, Global Investigations Summit
November 27, 2013, Covington E-Alert
Protecting the Individual in a Growingly Connected World of Big Data
November 2013, ITU Telecom World 2013 Conference, Bangkok
October 24, 2013, Covington E-Alert
Privacy Impact Assessments – When They are Needed and How to Conduct Them
September 11, 2013, 12th Annual Data Protection Compliance Conference
July 11, 2013, Inside Tech Media
By Dan Cooper and Oliver Grazebrook On 20 June 2103, the Court of Rome in Italy ruled that the Wikimedia Foundation (the charitable organisation that operates Wikipedia) could not be liable for defamatory content posted by users on its site. The court deemed that Wikimedia fell within the exemptions in the Italian transposition of Articles...… Continue Reading
Doing Business over the Internet: Legal and Policy Challenges
July 8, 2013, 2013 IViR Summer Course on Privacy Law and Policy
June 26, 2013
LONDON, 26 June, 2013 — The UK Information Commissioner's Office has authorised GlaxoSmithKline’s 'Binding Corporate Rules' (BCRs) – a set of internal policies and procedures used to protect personal data across GSK’s operations globally. The privacy and data security team at Covington & Burling was instrumental in the development, implementation and ...
Biobanks and Compliance with Data Protection Laws
June 25, 2013, SMi’s 3rd Annual Biobanking Conference
May 2013, International Data Privacy Law
April 2013, World Data Protection Report
Data Protection in Anti-Doping ― Recent Developments
March 13, 2013, Tackling Doping in Sport 2013
Enforcement and Sanctions - Present and Future Concerns
February 27, 2013, Data Protection & Privacy for In-House Advisers
China Releases New National Standard for Personal Information Collected Over Information Systems
February 15, 2013, Covington E-Alert
Privacy & Financial Institutiions
November 16, 2012, Data Protection in the Financial Services Sector 2012, DataGuidance
The Legal Attack Vector, How To Protect Yourself
October 9, 2012, RSA Conference Europe 2012
March 27, 2012, Covington E-Alert
The New EU Data Protection Framework - Significant Changes Proposed for Business and Consumers
February 2, 2012, International Association of Privacy Professionals (Webinar)
A Step-by-Step Action Plan to Respond to Corruption Allegations while Navigating the Complexities of Data Privacy Requirements
January 25, 2012, C5’s 5th Annual European Forum on Anti-Corruption - Effective Anti-Corruption Compliance Strategies to Prepare for Increased Regulatory Scrutiny and Global Enforcement, Munich
Health Data in the Cloud
October 18, 2011, European Privacy Association First International Conference in Europe on Cloud Computing for e-Health, Castelfranco Veneto, Italy
Social Media: Dealing with Employment Issues
October 13, 2011, PDP 10th Annual Data Protection Compliance Conference
Privacy Laws as Related to Anti-corruption Compliance
June 24, 2011, European Healthcare Compliance Ethics & Regulation
EU Data Protection Law
June 23, 2011, Council of American Survey Research Organizations (Webinar)
Covington Advises Microsoft in $8.5 Billion Skype Deal
May 10, 2011
WASHINGTON, SAN FRANCISCO, BRUSSELS, AND LONDON, May 10, 2011 —Covington & Burling LLP is advising Microsoft Corp. in its acquisition of Skype Global S.à.r.l., the leading Internet communications company, for $8.5 billion in cash. Microsoft’s purchase of Skype from the investor group led by Silver Lake is expected to increase the accessibility of real-time ...
Privacy in Finance & Health
April 26, 2011, Innovation and Privacy Conference
International Sports Anti-Doping Law a Model for Global Law Making?
April 5, 2011, Law Accord 2011 Program - Why Sports Law Matters
International Sports Anti‐Doping Law a Model for Global Law Making?
April 5, 2011, Law Accord 2011 Program - Why Sports Law Matters
February 15, 2011, EuroWatch
February 10, 2011, Covington Advisory
January 2011, World Data Protection Report
December 21, 2010, Covington Advisory
November/December 2010, Data Protection Ireland: Volume 3, Issue 6
March 29, 2010, Covington Advisory
February 9, 2010, Covington E-Alert
January/February 2010, The Privacy Advisor
A Step-by-Step Corporate Approach for Conducting a Thorough and Satisfactory Internal Investigation
January 26, 2010, 5th European Forum on Anti-Corruption
January 5, 2010, Covington Advisory
November 23, 2009, Covington Advisory
EU Employment Law Issues
November 2009, 20th Pandemic Swine Flu Summit, Royal College of Surgeons, London
October 26, 2009, Covington Advisory
October 2009, The Privacy Advisor
Data Security and Data Breaches: Being Prepared
October 2009, PDP 8th Annual Data Protection Compliance Conference
Conducting Cross-Border Discovery and Data Breach Investigations
September 2009, IAPP Privacy Conference, Boston
June 24, 2009, Covington E-Alert
6/09/2009
LONDON, June 9, 2009 — An enhanced version of the world’s first data protection standard for athletes took effect on June 1, 2009. The International Standard for the Protection of Privacy and Personal Information took effect on January 1, 2009, and an enhanced version was unanimously approved in early May 2009 by the Executive Committee of the World Anti-Doping ...
Conflicts of Law and E-Discovery
April 2009, Society for Computers & Law Data Protection Group, London
Breach Notification in the EU
March 2009, UC Berkeley School of Law, Security Breach Notification Symposium, California
Medical Research and EU Data Privacy Law
March 2009, Medical Research and EU Data Privacy Law
International Data Protection Laws
February 2009, ABA Brown Bag Series (In-House Webinar)
What was on the law firms agenda in 2008?
January 2009, Computer, Privacy and Data Protection (CPDP) 2nd International Conference, Brussels
11/15/2008
LONDON, 15 November, 2008 — The latest editions of Chambers UK and Legal 500 UK have recognised the London office of Covington & Burling LLP in a combined 22 categories, praising the firm’s lawyers for “best-in-class business acumen” and “excellent industry knowledge” as well as “consistent, absolutely top-tier service.” The firm’s London office has also ...
Covington Promotes 12 Lawyers to the Partnership
10/1/2008
WASHINGTON, DC, October 1, 2008 — Covington & Burling LLP today announced that 12 of its lawyers have been elected to the firm’s partnership. These new partners are resident in four of the firm’s offices and practice in the litigation, corporate/tax, and regulatory fields. Timothy Hester, chair of the firm’s management committee, commented: “These young and ...
July 19, 2008, Covington E-Alert
Corporate Investigations & EU Data Privacy Laws - What Every In-House Counsel Should Know
2008, Covington Report
Covington Advises Bank of China, London Branch on the Transfer of its Non-Wholesale Banking Business
November 15, 2007
LONDON, November 15, 2007 - Covington & Burling LLP is pleased to announce its role in advising Bank of China’s London Branch on the transfer of its UK retail and part of its UK corporate banking business (based in London, Birmingham, Manchester and Glasgow) to Bank of China (UK) Ltd. Bank of China (UK) Ltd is a newly established UK bank and a wholly-owned ...
Covington Announces Ten New Counsel
April 3, 2007
WASHINGTON, DC, April 3, 2007 — Covington & Burling LLP has announced the promotion of four new Of Counsel and six new Special Counsel.The four new Of Counsel are Daniel P. Cooper, Christian Neira, Matthew J. O’Connor, and Kevin J. Shortill.Daniel P. Cooper advises on European privacy and data protection matters, as well as on contentious and non-contentious ...
Corporate Investigations and EU Data Privacy Laws
September 2006, 5th Annual Data Protection Compliance Conference and Workshop Series, London
August 2006, Computer Law & Security Report
Employee Monitoring and Surveillance Across Europe
July 2006, Privacy Laws & Business 19th Annual International Conference on Data Protection, Cambridge University, UK
EU Data Privacy Update & Employee Vetting
June 2006, Business Forums International
Legal & Policy Considerations: Avian Flu
January/February 2006, Avian Flu Summit, Royal College of Surgeons, London
July 2005, BNA International World Data Protection Report
July 2005, World Data Protection Report
The Legal Challenge - Market Research in Europe
July 2005, Council of American Survey Research Organizations (CASRO) University Conference, New York
July 2004, Data Protection Law & Policy
Developments in Data Protection Law: Central and Eastern Europe
July 2004, Privacy Laws & Business 17th Annual International Conference on Data Protection, Cambridge University, England
October 2003, Privacy International
July 2003, Privacy Laws & Business 16th Annual International Conference on Data Protection, Cambridge University, England
2003, Aspen Copyright Treatise
Developments in European Privacy Laws
November 2002, United Nations Economic Commission for Europe, Moscow, Russia
Intellectual Property Rights in the Developing World
June 2001, United Nations Economic Commission for Europe, Geneva, Switzerland
- Chambers UK, Data Protection (2009-2019)
- Chambers Europe, Data Protection (2015-2018)
- Chambers Global, Data Protection (2008-2018)
- Legal 500 UK, Data Protection (2012-2016)
- Legal 500 UK, Sport (2013-2016)
- Legal 500 UK, Media & Entertainment (2013)
- Best Lawyers in the United Kingdom, Privacy & Data Protection Law (2014)
- Super Lawyers - London, Computer and IT Law (2013)
- Who's Who Legal, Data (2018) and Information Technology (2013)
- Legal 500 EMEA, EU Regulatory, Privacy and Data Protection - Belgium (2011)