Daniel P. Cooper

July 24, 2020, Inside Privacy

The Court of Justice of the European Union’s recent decision in the “Schrems II’ case was one of the most highly anticipated decisions in the world of data privacy, striking down the EU-U.S. Privacy Shield, but upholding the validity of standard contractual clauses. Tune in to the first episode of Covington’s Inside Privacy Audiocast, where...… Continue Reading

July 22, 2020, LexisNexis

Daniel Cooper and Louise Freeman discuss the implications for data protection law under Collective Redress Directive with LexisNexis and Gloria Palazzi.

Summer 2020

Covington's European privacy team offers insights on the current state of play with respect to the intersection of European data privacy laws, and the transition around Europe and further abroad as government lockdown restrictions are lifted and companies begin to plan their return-to-work programs. In this on-demand briefing, we cover the guidance and positions ...

June 25, 2020, Inside Privacy

On June 24, 2020, the European Commission (“Commission”) published its much-anticipated assessment of the EU’s General Data Protection Regulation (“GDPR”) two years after it went into effect.  The assessment takes into account contributions from the European Council, the European Parliament, the European Data Protection Board (“EDPB”), individual supervisory ...

June 24, 2020, Inside Privacy

On June 19, 2020, the French Council of State (Conseil d’État) decided that the French Supervisory Authority (“CNIL”) had gone too far in its guidance on cookies and similar technologies when it stated that conditioning a user’s access to a website upon his or her acceptance of certain cookies (commonly known as “cookie walls”) is...… Continue Reading

June 15, 2020, Computer Weekly

June 8, 2020, Covington Alert

On 19 May 2020, easyJet announced that personal data of approximately 9 million customers worldwide had been unlawfully accessed by third parties in a “highly sophisticated cyber-attack”. Data stolen by the cyber-attackers includes credit card details of 2,000 of the affected customers and, for most other customers, travel details such as departure and arrival ...

Spring 2020, Covington Guide

As businesses across Europe prepare to reopen following the COVID-19 lockdown, Covington is providing practical resources and guidance on the broad array of issues companies face as employees return to the workplace, including employment, privacy, competition, policy, environmental and regulatory considerations at the EU level, with a focus on Germany and the ...

May 27, 2020, Inside Privacy

On May 4, 2020, the European Data Protection Board (“EDPB”) updated its guidelines on consent under the GDPR.  An initial version of these guidelines was adopted by the Article 29 Working Party prior to the GDPR coming into effect, and was endorsed by the EDPB on May 25, 2018. The revisions do not amount to...… Continue Reading

May 19, 2020, Bloomberg

Daniel Cooper spoke with Bloomberg about new wearable technology devices that alert users when they are within close proximity of someone with COVID-19. Mr. Cooper notes that businesses are walking a fine line between keeping people safe and protecting their privacy. The absence of clear guidance from European regulators is forcing companies -- who could also be ...

May 17, 2020, Inside Privacy

On May 11, 2020, the UK Information Commissioner’s Office (“ICO”) published guidance on how employers should handle data in the event they choose to test their employees for COVID-19. The guidance provides a clear reminder that employers must comply with both the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”), and...… ...

May 17, 2020, Inside Privacy

On May 6, 2020, the Italian Supervisory Authority (“Garante”) published a list of frequently asked questions (“FAQs”) and answers on data protection and COVID-19 (see here, in English). The FAQs build on and expand guidance previously issued by the Garante (see our blog post here), and take into account recent measures adopted by Italian authorities, such as...… ...

May 15, 2020, Inside Privacy

On May 4, 2020, the Hungarian Government issued a Decree that suspends, during the COVID-19 created state of emergency, the one-month deadline that controllers have under the GDPR to reply to data subject rights requests. The Decree also allows public entities to refuse or suspend freedom of information (“FOIA”) requests in certain situations. The Decree...… ...

April 24, 2020, Inside Privacy

As we anticipated in a previous blog post, on April 22, 2020, the European Data Protection Board (“EDPB”) issued new guidelines on the use of location data and contact tracing apps in the context of the present COVID-19 pandemic. The EDPB’s new guidelines complement and build on similar guidance previously issued by the Board itself...… Continue Reading

April 24, 2020, Inside Privacy

On April 17, 2020, the UK’s Information Commissioner’s Office (“ICO”) issued an opinion on the recently announced Apple-Google initiative to develop a Bluetooth-based Contact Tracing Framework (“CTF”) to help prevent the spread of COVID-19.  The ICO opinion is generally supportive of the Apple-Google proposal and perceives it to be, at this early phase, aligned ...

April 20, 2020, Inside Privacy

On 8 April 2020, the European Commission adopted a recommendation on a common European Union toolbox for the use of technology and data to address the COVID-19 crisis (“Recommendation”).  The Recommendation responds to calls for a common EU approach to the use of mobile apps in combatting COVID-19—one that improves the efficacy of the technology...… Continue ...

April 1, 2020, Global Data Review

Daniel Cooper spoke with Global Data Review about a UK high court case involving the deliberate breach of personal information by a supermarket employee from Morrisons. The court ruled that the supermarket was not liable for the actions of the employee. Mr. Cooper described the decision as “dual-edged” and said that “when coupled with the Lloyd Court of Appeal ...

March 20, 2020, Global Data Review

Dan Cooper spoke with Global Data Review about how telecommunications companies are providing data regulators location data to track the effects of social distancing in the wake of coronavirus. Mr. Cooper told GDR that the measures in Europe are “not too much of a concern” from a privacy perspective as the data being used by authorities is anonymized and ...

July 2020

Recapture of Excess COVID-19 Payroll Tax Credits Addressed in New Regs Recapture of Excess COVID-19 Payroll Tax Credits Addressed in New Regs As the legal, regulatory, and commercial implications of coronavirus COVID-19 continue to evolve, our lawyers and advisors are helping clients navigate the complex considerations that companies around the world are ...

February 18, 2020, Inside Tech Media

On February 4, 2020, the United Kingdom’s Centre for Data Ethics and Innovation (“DEI”) published its final report on “online targeting” (the “Report”), examining practices used to monitor a person’s online behaviour and subsequently customize their experience. In October 2018, the UK government appointed the DEI, an expert committee that advises the UK ...

January 31, 2020, Covington Alert

This evening, at 11:00 p.m. GMT, the UK will leave the European Union. Brexit day marks a beginning, not an end. The UK today embarks on a complex process of negotiating new arrangements for trade and cooperation with the EU and partners around the world. Regulatory divergence seems inevitable, given that the UK will want to make its own decisions on existing ...

January 31, 2020, Covington Alert

At 11 p.m. tonight, the UK will officially leave the EU. Although this is a significant milestone in the development of the UK’s data protection framework, the UK will remain very closely linked to the EU in the short term at least, and for many the change may be imperceptible.

January 10, 2020, Global Data Review

Daniel Cooper is quoted in Global Data Review regarding the UK ICO’s decision to fine DSG Retail £500,000 under pre-GDPR data protection law. The fine stems from the company being compromised by a cyberattack affecting at least 14 million people.   Mr. Cooper says, “the ICO's imposition of a maximum fine appears due, in part, to the fact that it felt DSG should ...

January 9, 2020, Global Data Review

Daniel Cooper spoke with Global Data Review about the European Commission’s recommended changes to artificial intelligence liability rules. Mr. Cooper says the commission is keen to stress that the conclusions drawn from the report remain those of the expert group only. “One has to assume that the commission wants to be careful to test the waters first and gauge ...

October 10, 2019, Covington Alert

On October 2, 2019, the English Court of Appeal handed down a landmark judgment in Lloyd v Google LLC [2019] EWCA Civ 1599 (“Lloyd”) concerning Google’s alleged misuse of the personal data of over 4 million iPhone users via cookies placed on the Safari browser.

August 12, 2019, Inside Tech Media

On July 24, 2019, the European Parliament published a study entitled “Blockchain and the General Data Protection Regulation: Can distributed ledgers be squared with European data protection law?”  The study explores the tension between blockchain technology and compliance with the General Data Protection Regulation (the “GDPR”), the EU’s data protection law.  ...

August 2, 2019, Inside Tech Media

On July 29, 2019, the Court of Justice of the European Union (“CJEU”) handed down its judgment in the Fashion ID case (Case C-40/17).   The CJEU found that when a website operator embeds Facebook’s “Like” button on its website, Facebook and the website operator become joint controllers. The case clarifies the relationship between website operators...… Continue ...

August 1, 2019, Inside Tech Media

On July 16, 2019, the UK’s Information Commissioner’s Office (“ICO”) released a new draft Data sharing code of practice (“draft Code”), which provides practical guidance for organizations on how to share personal data in a manner that complies with data protection laws.  The draft Code focuses on the sharing of personal data between controllers, with a section ...

May 23, 2019, Webinar

May 21, 2019

WASHINGTON—Covington advised Merck & Co., Inc., in its definitive agreement under which Merck, through a subsidiary, will acquire privately held Peloton Therapeutics, Inc. in exchange for an upfront payment of $1.05 billion in cash. In addition, Peloton shareholders will be eligible to receive a further $1.15 billion contingent upon successful achievement of ...

October 23, 2018, The Law Society Gazette

Daniel Cooper spoke with The Law Society Gazette regarding a UK Court of Appeal decision that could make employers vicariously liable for employees’ actions even if they had taken preventative steps and bore no criminal responsibility.   Mr. Cooper said the employer should bear the enterprise risk and assume liability for the actions of its employees, as long as ...

October 10, 2018, Law360

March 2, 2018, Chartered Management Institute

Daniel Cooper is quoted in a Chartered Management Institute article regarding wearable technology. Providing the legal perspective, Cooper says, "Any employer processing personal information is subject to a range of obligations–this includes making sure they’re very transparent about what they collect, ensuring they have a legal basis for processing that data. ...

September 18, 2017, Covington Alert

Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead. In terms of ranking those priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against climate change, ...

August 31, 2017, Covington Alert

On August 31, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released an updated draft of the Information Security Technology - Guidelines for Data Cross-Border ...

May 24, 2017, Covington Alert

On May 25, 2018, employers located or with staff in the European Union (“EU”) will have to comply with a new data protection law—Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data—commonly referred to as the General Data Protection Regulation (“GDPR”). This will ...

May 19, 2017, Covington Alert

On May 19, 2017, the Cyberspace Administration of China (“CAC”) invited international stakeholders to attend a seminar to discuss an updated version of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Measures”). Given that the Measures have an intended effective date of June 1, 2017, it is likely ...

April 12, 2017, Covington Alert

On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).

March 30, 2017, Business Forums International Ltd.

February 15, 2017, Webinar

December 15, 2016, CCT News

Daniel Cooper is quoted by CCT News in an article regarding the use of wearable technology in the workplace. According to Cooper, the use of wearable devices is a good way, especially for insurers.  However, the wearers’ privacy must be taken care of as well as their legitimate treatment concerns.

November 21, 2016, Financial Times

Daniel Cooper is quoted in a Financial Times article regarding wearable technology in the workplace. According to Cooper, not everyone will welcome sharing intimate personal information with the boss, however. “Wearable devices could be a good way for insurers to get the data . . . but it’s essential to address wearers’ privacy and fair treatment concerns and ...

July 14, 2016, Covington Alert

At a joint press conference on July 12, 2016 in Brussels, EU Commissioner for Justice, Consumers and Gender Equality, Věra Jourová and the U.S. Secretary of Commerce, Penny Pritzker, presented the Privacy Shield (see Press Release here, Adequacy Decision text here, Annexes here, Communication here, and Q&A factsheet here). The press conference followed the ...

July 2016, BNA’s World Data Protection Report

April 12, 2016, Law360

March 24, 2016, The Wall Street Journal

Daniel Cooper is quoted in The Wall Street Journal’s “Morning Risk Report” discussing how companies should best comply with global data protection regulations. Commenting on the binding corporate rule process, Cooper said,“The one thing we know about binding corporate rules is [they tend] to have more appeal to European regulators.” He continues, “For a lot of ...

February 5, 2016, LexisNexis

December 21, 2015, Covington Alert

On December 15, the EU institutions finally agreed the text of the new EU data protection law, the General Data Protection Regulation (“GDPR”), completing a process that began in January 2012. The LIBE committee has published the consolidated version of the GDPR text. The GDPR heralds a new era of data protection. It replaces the existing data protection ...

November 24, 2015, The Register

Dan Cooper is quoted by The Register in an article discussing the uncertainty and complications continuing to surround the Schrems decision that derailed Safe Harbour. Cooper stated that his business clients were both “surprise[d] and shock[ed]” by the European Court’s decision. “Businesses felt like the rug had been pulled out from under them,” said Cooper. ...

October 6, 2015, Al Jazeera

Dan Cooper appeared on the show to discuss the implications of the ECJ Schrems judgment.

October 6, 2015, Covington Alert

7/27/2015-7/31/2015, The Hague Academy of International Law 2015 Session

July 1, 2015, Webinar

June 8, 2015, Financial Times

Covington's Daniel Cooper is quoted regarding the legal implications of wearables in the workplace: “Historically European regulators in the data protection area have been very sceptical you can ever get a valid employee consent — they feel that for existing employees, [the relationship] is almost inherently coercive.”

June 1, 2015, Global Trade & Regulatory Compliance Summit

May 13, 2015, Life Sciences Essentials Webinar Series

May 7, 2015, International Data Exports – EU-US Data Transfers

May 4, 2015, Global Benefits Forum

November 13, 2014, 9th Annual Data Protection Practical Compliance Conference

October 10, 2014, 13th Annual Data Protection Compliance Conference

August 5, 2014

LONDON, 5 August, 2014 — Covington & Burling advised Illumina on its partnership with Genomics England to provide infrastructure and expertise for a four-year project that aims to make the UK the world leader in genetic research into cancer and rare diseases, through funding research to decode 100,000 human genomes - a patient's personal DNA code. The deal is ...

April 24, 2014, Inside EU Life Sciences

This post was originally published on our sister blog Inside Privacy On April 10, 2014, the Article 29 Working Party adopted an Opinion on anonymization techniques.  The Working Party accepts that anonymization techniques can help individuals and society reap the benefits of “open data” initiatives – initiatives intended to make various types of data more freely ...

April 23, 2014, XIIth International CIFA Forum

March 28, 2014, Biobanking Global Congress 2014 Europe

January 22, 2014, Covington E-Alert

December 5, 2013, Global Investigations Summit

November 27, 2013, Covington E-Alert

November 2013, ITU Telecom World 2013 Conference, Bangkok

October 24, 2013, Covington E-Alert

September 11, 2013, 12th Annual Data Protection Compliance Conference

July 11, 2013, Inside Tech Media

By Dan Cooper and Oliver Grazebrook On 20 June 2103, the Court of Rome in Italy ruled that the Wikimedia Foundation (the charitable organisation that operates Wikipedia) could not be liable for defamatory content posted by users on its site.  The court deemed that Wikimedia fell within the exemptions in the Italian transposition of Articles...… Continue Reading

July 8, 2013, 2013 IViR Summer Course on Privacy Law and Policy

June 26, 2013

LONDON, 26 June, 2013 — The UK Information Commissioner's Office has authorised GlaxoSmithKline’s 'Binding Corporate Rules' (BCRs) – a set of internal policies and procedures used to protect personal data across GSK’s operations globally. The privacy and data security team at Covington & Burling was instrumental in the development, implementation and ...

June 25, 2013, SMi’s 3rd Annual Biobanking Conference

May 2013, International Data Privacy Law

April 2013, World Data Protection Report

March 13, 2013, Tackling Doping in Sport 2013

February 27, 2013, Data Protection & Privacy for In-House Advisers

February 15, 2013, Covington E-Alert

February 14, 2013, Covington E-Alert

January 11, 2013, Covington E-Alert

November 16, 2012, Data Protection in the Financial Services Sector 2012, DataGuidance

October 9, 2012, RSA Conference Europe 2012

March 27, 2012, Covington E-Alert

February 21, 2012, Thomson Reuters (Webinar)

February 2, 2012, International Association of Privacy Professionals (Webinar)

January 25, 2012, Covington E-Alert

January 25, 2012, C5’s 5th Annual European Forum on Anti-Corruption - Effective Anti-Corruption Compliance Strategies to Prepare for Increased Regulatory Scrutiny and Global Enforcement, Munich

October 18, 2011, European Privacy Association First International Conference in Europe on Cloud Computing for e-Health, Castelfranco Veneto, Italy

October 13, 2011, PDP 10th Annual Data Protection Compliance Conference

June 24, 2011, European Healthcare Compliance Ethics & Regulation

June 23, 2011, Council of American Survey Research Organizations (Webinar)

May 10, 2011

WASHINGTON, SAN FRANCISCO, BRUSSELS, AND LONDON, May 10, 2011 —Covington & Burling LLP is advising Microsoft Corp. in its acquisition of Skype Global S.à.r.l., the leading Internet communications company, for $8.5 billion in cash. Microsoft’s purchase of Skype from the investor group led by Silver Lake is expected to increase the accessibility of real-time ...

April 26, 2011, Innovation and Privacy Conference

April 5, 2011, Law Accord 2011 Program - Why Sports Law Matters

April 5, 2011, Law Accord 2011 Program - Why Sports Law Matters

March 10, 2011, Covington Advisory

February 15, 2011, EuroWatch

February 10, 2011, Covington Advisory

January 2011, World Data Protection Report

December 24, 2010, Covington Advisory

December 21, 2010, Covington Advisory

November/December 2010, Data Protection Ireland: Volume 3, Issue 6

November 9, 2010, Covington Advisory

June 15, 2010, Covington Advisory

March 29, 2010, Covington Advisory

February 25, 2010, Covington Advisory

February 9, 2010, Covington E-Alert

January/February 2010, The Privacy Advisor

January 26, 2010, 5th European Forum on Anti-Corruption

January 5, 2010, Covington Advisory

November 23, 2009, Covington Advisory

November 20, 2009, Covington Advisory

November 2009, 20th Pandemic Swine Flu Summit, Royal College of Surgeons, London

October 26, 2009, Covington Advisory

October 2, 2009, Covington Advisory

October 2009, PDP 8th Annual Data Protection Compliance Conference

October 2009, The Privacy Advisor

September 30, 2009, EuroWatch

September 22, 2009, Covington Advisory

September 2009, IAPP Privacy Conference, Boston

June 24, 2009, Covington E-Alert

6/09/2009

LONDON, June 9, 2009 — An enhanced version of the world’s first data protection standard for athletes took effect on June 1, 2009. The International Standard for the Protection of Privacy and Personal Information took effect on January 1, 2009, and an enhanced version was unanimously approved in early May 2009 by the Executive Committee of the World Anti-Doping ...

May 2009, European Commission, Madrid

April 2009, Society for Computers & Law Data Protection Group, London

March 2009, UC Berkeley School of Law, Security Breach Notification Symposium, California

March 2009, Medical Research and EU Data Privacy Law

February 2009, ABA Brown Bag Series (In-House Webinar)

January 2009, Computer, Privacy and Data Protection (CPDP) 2nd International Conference, Brussels

11/15/2008

LONDON, 15 November, 2008 — The latest editions of Chambers UK and Legal 500 UK have recognised the London office of Covington & Burling LLP in a combined 22 categories, praising the firm’s lawyers for “best-in-class business acumen” and “excellent industry knowledge” as well as “consistent, absolutely top-tier service.” The firm’s London office has also ...

November 2008, Business Crimes Bulletin

10/1/2008

WASHINGTON, DC, October 1, 2008 — Covington & Burling LLP today announced that 12 of its lawyers have been elected to the firm’s partnership. These new partners are resident in four of the firm’s offices and practice in the litigation, corporate/tax, and regulatory fields. Timothy Hester, chair of the firm’s management committee, commented: “These young and ...

August 14, 2008, The Lawyer

July 19, 2008, Covington E-Alert

July 2008, Privacy and Data Protection

June 2008, Privacy and Data Protection Journal

2008, Covington Report

November 15, 2007

LONDON, November 15, 2007 - Covington & Burling LLP is pleased to announce its role in advising Bank of China’s London Branch on the transfer of its UK retail and part of its UK corporate banking business (based in London, Birmingham, Manchester and Glasgow) to Bank of China (UK) Ltd. Bank of China (UK) Ltd is a newly established UK bank and a wholly-owned ...

July 16, 2007, Covington E-Alert

July 2007, PLC

April 3, 2007

WASHINGTON, DC, April 3, 2007 — Covington & Burling LLP has announced the promotion of four new Of Counsel and six new Special Counsel.The four new Of Counsel are Daniel P. Cooper, Christian Neira, Matthew J. O’Connor, and Kevin J. Shortill.Daniel P. Cooper advises on European privacy and data protection matters, as well as on contentious and non-contentious ...

September 2006, 5th Annual Data Protection Compliance Conference and Workshop Series, London

August 2006, Computer Law & Security Report

July 2006, Privacy Laws & Business 19th Annual International Conference on Data Protection, Cambridge University, UK

June 2006, Business Forums International

May 2006, Data Protection Law & Policy

January/February 2006, Avian Flu Summit, Royal College of Surgeons, London

November 2005, Data Protection Law & Policy

August 2005, Journal of Financial Crime

August 2005, Data Protection Law & Policy

July 2005, BNA International World Data Protection Report

July 2005, Data Protection Law & Policy

July 2005, World Data Protection Report

July 2005, Council of American Survey Research Organizations (CASRO) University Conference, New York

July 2005, The Company Lawyer

April 2005, The Company Lawyer

April 2005, Business Forums International - Amsterdam

February 2005, Regulatory Affairs Journal

January 2005, BNA International World Data Protection Report

January 2005, Covington Report

July 2004, Privacy Laws & Business 17th Annual International Conference on Data Protection, Cambridge University, England

July 2004, Data Protection Law & Policy

October 2003, Privacy International

July 2003, Privacy Laws & Business 16th Annual International Conference on Data Protection, Cambridge University, England

2003, Aspen Copyright Treatise

November 2002, United Nations Economic Commission for Europe, Moscow, Russia

September 1, 2002

September 2002, Privacy Laws & Business

July 24, 2002, Covington Report

May 2002, In Brief

September 2001, E-commerce Law & Policy

June 2001, United Nations Economic Commission for Europe, Geneva, Switzerland

1998, PLI