Daniel P. Cooper

April 2, 2020, Inside Privacy

Pan-European Privacy Preserving Proximity Tracing Initiative According to media sources, an EU consortium led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI) will soon release software code that can be used to create apps that will help track transmission chains of COVID-19.  The Pan-European Privacy Preserving Proximity Tracing (“PEPP-PT”) ...

April 2, 2020, Inside Privacy

On 1 April 2020, the UK Supreme Court handed down its ruling in WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12.  The Court ruled that Morrisons was not vicariously liable for a data breach deliberately perpetrated by an employee.  The judgment is significant in that it overturned the decisions of the two lower...… Continue Reading

March 30, 2020, Inside Privacy

On 18 March, 2020, the Hellenic (Greek) Data Protection Authority (“HDPA”) issued guidelines on data protection and COVID-19. With these guidelines, the HDPA aims to provide guidance on the interpretation and application of data protection legislation during the COVID-19 pandemic. In this blog, we summarise the key points included in the HDPA’s guidelines. ...

March 23, 2020, Inside Privacy

In order to combat the proliferation of COVID-1, several EU Member States have strongly recommended or required that employees engage in teleworking, rather than attend work as normal. In this context, the European Union Agency for Cybersecurity (“ENISA”), on March 15, 2020, issued its “top tips for cybersecurity when working remotely”. Some data protection ...

March 20, 2020, Inside Privacy

As scientists work around the clock to gain insights into the Corona virus and how to fight it, public and private-sector stakeholders are in discussions to promote the rapid exchange of scientific data. During these discussions, the GDPR acronym inevitably rears its head and casts doubt over what is lawful. The GDPR and national data...… Continue Reading

March 20, 2020, Global Data Review

Dan Cooper spoke with Global Data Review about how telecommunications companies are providing data regulators location data to track the effects of social distancing in the wake of coronavirus. Mr. Cooper told GDR that the measures in Europe are “not too much of a concern” from a privacy perspective as the data being used by authorities is anonymized and ...

March 18, 2020, Inside Privacy

On March 17, 2020, the Executive Committee of the Global Privacy Assembly (“GPA”) issued a statement on data protection in the context of the COVID-19 pandemic. The GPA is an entity representing data protection and privacy regulators around the globe, formerly known as the International Conference of Data Protection and Privacy Commissioners (“ICDPPC”). The ...

March 17, 2020, Inside Privacy

On March 14, 2020, the Italian Government and several trade unions have signed a protocol, which establishes specific procedures for fighting COVID-19 in the workplace. The protocol also includes provisions on the processing of personal data of employees.  In particular, it provides that employers may subject their employees to pro-active body temperature ...

March 16, 2020, Inside Privacy

On March 16, 2020, the Chair of the European Data Protection Board (“EDPB”), Andrea Jelinek, issued a statement on the processing of personal data in the context of the COVID-19 outbreak. The statement made clear that EU data protection law does not stand in the way of the adoption of measures to fight against the Coronavirus pandemic.  However,...… Continue ...

March 16, 2020, Inside Privacy

On March 13, 2020, the Belgian data protection authority (“APD”) issued guidance on data protection and COVID-19. The guidance is mainly aimed at employers processing personal data of employees in the context of the measures they have taken to contain the spreading of COVID-19. The guidance is divided in the following three parts: legal basis...… Continue Reading

March 14, 2020, Inside Privacy

On March 10, 2020, the Hungarian National Authority for Data Protection and Freedom of Information (“NAIH”) issued guidance on data protection and COVID-19. The NAIH highlights that controllers processing personal data in the context of their efforts to prevent the spread of COVID-19 must comply with the GDPR as well as Hungarian data protection law....… ...

March 2020

As the legal, regulatory, and commercial implications of coronavirus COVID-19 continue to evolve, our lawyers and advisors are helping clients navigate the complex considerations that companies around the world are facing and develop plans and strategies in response. Reach out to our COVID-19 task force at COVID19@cov.com. Below is a compendium of resources ...

February 18, 2020, Inside Tech Media

On February 4, 2020, the United Kingdom’s Centre for Data Ethics and Innovation (“DEI”) published its final report on “online targeting” (the “Report”), examining practices used to monitor a person’s online behaviour and subsequently customize their experience. In October 2018, the UK government appointed the DEI, an expert committee that advises the UK ...

January 31, 2020, Covington Alert

This evening, at 11:00 p.m. GMT, the UK will leave the European Union. Brexit day marks a beginning, not an end. The UK today embarks on a complex process of negotiating new arrangements for trade and cooperation with the EU and partners around the world. Regulatory divergence seems inevitable, given that the UK will want to make its own decisions on existing ...

January 31, 2020, Covington Alert

At 11 p.m. tonight, the UK will officially leave the EU. Although this is a significant milestone in the development of the UK’s data protection framework, the UK will remain very closely linked to the EU in the short term at least, and for many the change may be imperceptible.

January 10, 2020, Global Data Review

Daniel Cooper is quoted in Global Data Review regarding the UK ICO’s decision to fine DSG Retail £500,000 under pre-GDPR data protection law. The fine stems from the company being compromised by a cyberattack affecting at least 14 million people.   Mr. Cooper says, “the ICO's imposition of a maximum fine appears due, in part, to the fact that it felt DSG should ...

January 9, 2020, Global Data Review

Daniel Cooper spoke with Global Data Review about the European Commission’s recommended changes to artificial intelligence liability rules. Mr. Cooper says the commission is keen to stress that the conclusions drawn from the report remain those of the expert group only. “One has to assume that the commission wants to be careful to test the waters first and gauge ...

October 10, 2019, Covington Alert

On October 2, 2019, the English Court of Appeal handed down a landmark judgment in Lloyd v Google LLC [2019] EWCA Civ 1599 (“Lloyd”) concerning Google’s alleged misuse of the personal data of over 4 million iPhone users via cookies placed on the Safari browser.

August 12, 2019, Inside Tech Media

On July 24, 2019, the European Parliament published a study entitled “Blockchain and the General Data Protection Regulation: Can distributed ledgers be squared with European data protection law?”  The study explores the tension between blockchain technology and compliance with the General Data Protection Regulation (the “GDPR”), the EU’s data protection law.  ...

August 2, 2019, Inside Tech Media

On July 29, 2019, the Court of Justice of the European Union (“CJEU”) handed down its judgment in the Fashion ID case (Case C-40/17).   The CJEU found that when a website operator embeds Facebook’s “Like” button on its website, Facebook and the website operator become joint controllers. The case clarifies the relationship between website operators...… Continue ...

August 1, 2019, Inside Tech Media

On July 16, 2019, the UK’s Information Commissioner’s Office (“ICO”) released a new draft Data sharing code of practice (“draft Code”), which provides practical guidance for organizations on how to share personal data in a manner that complies with data protection laws.  The draft Code focuses on the sharing of personal data between controllers, with a section ...

May 23, 2019, Webinar

May 21, 2019

WASHINGTON—Covington advised Merck & Co., Inc., in its definitive agreement under which Merck, through a subsidiary, will acquire privately held Peloton Therapeutics, Inc. in exchange for an upfront payment of $1.05 billion in cash. In addition, Peloton shareholders will be eligible to receive a further $1.15 billion contingent upon successful achievement of ...

October 23, 2018, The Law Society Gazette

Daniel Cooper spoke with The Law Society Gazette regarding a UK Court of Appeal decision that could make employers vicariously liable for employees’ actions even if they had taken preventative steps and bore no criminal responsibility.   Mr. Cooper said the employer should bear the enterprise risk and assume liability for the actions of its employees, as long as ...

October 10, 2018, Law360

March 2, 2018, Chartered Management Institute

Daniel Cooper is quoted in a Chartered Management Institute article regarding wearable technology. Providing the legal perspective, Cooper says, "Any employer processing personal information is subject to a range of obligations–this includes making sure they’re very transparent about what they collect, ensuring they have a legal basis for processing that data. ...

September 18, 2017, Covington Alert

Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead. In terms of ranking those priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against climate change, ...

August 31, 2017, Covington Alert

On August 31, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released an updated draft of the Information Security Technology - Guidelines for Data Cross-Border ...

May 24, 2017, Covington Alert

On May 25, 2018, employers located or with staff in the European Union (“EU”) will have to comply with a new data protection law—Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data—commonly referred to as the General Data Protection Regulation (“GDPR”). This will ...

May 19, 2017, Covington Alert

On May 19, 2017, the Cyberspace Administration of China (“CAC”) invited international stakeholders to attend a seminar to discuss an updated version of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Measures”). Given that the Measures have an intended effective date of June 1, 2017, it is likely ...

April 12, 2017, Covington Alert

On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).

March 30, 2017, Business Forums International Ltd.

February 15, 2017, Webinar

December 15, 2016, CCT News

Daniel Cooper is quoted by CCT News in an article regarding the use of wearable technology in the workplace. According to Cooper, the use of wearable devices is a good way, especially for insurers.  However, the wearers’ privacy must be taken care of as well as their legitimate treatment concerns.

November 21, 2016, Financial Times

Daniel Cooper is quoted in a Financial Times article regarding wearable technology in the workplace. According to Cooper, not everyone will welcome sharing intimate personal information with the boss, however. “Wearable devices could be a good way for insurers to get the data . . . but it’s essential to address wearers’ privacy and fair treatment concerns and ...

July 14, 2016, Covington Alert

At a joint press conference on July 12, 2016 in Brussels, EU Commissioner for Justice, Consumers and Gender Equality, Věra Jourová and the U.S. Secretary of Commerce, Penny Pritzker, presented the Privacy Shield (see Press Release here, Adequacy Decision text here, Annexes here, Communication here, and Q&A factsheet here). The press conference followed the ...

July 2016, BNA’s World Data Protection Report

April 12, 2016, Law360

March 24, 2016, The Wall Street Journal

Daniel Cooper is quoted in The Wall Street Journal’s “Morning Risk Report” discussing how companies should best comply with global data protection regulations. Commenting on the binding corporate rule process, Cooper said,“The one thing we know about binding corporate rules is [they tend] to have more appeal to European regulators.” He continues, “For a lot of ...

February 5, 2016, LexisNexis

December 21, 2015, Covington Alert

On December 15, the EU institutions finally agreed the text of the new EU data protection law, the General Data Protection Regulation (“GDPR”), completing a process that began in January 2012. The LIBE committee has published the consolidated version of the GDPR text. The GDPR heralds a new era of data protection. It replaces the existing data protection ...

November 24, 2015, The Register

Dan Cooper is quoted by The Register in an article discussing the uncertainty and complications continuing to surround the Schrems decision that derailed Safe Harbour. Cooper stated that his business clients were both “surprise[d] and shock[ed]” by the European Court’s decision. “Businesses felt like the rug had been pulled out from under them,” said Cooper. ...

October 6, 2015, Al Jazeera

Dan Cooper appeared on the show to discuss the implications of the ECJ Schrems judgment.

October 6, 2015, Covington Alert

7/27/2015-7/31/2015, The Hague Academy of International Law 2015 Session

July 1, 2015, Webinar

June 8, 2015, Financial Times

Covington's Daniel Cooper is quoted regarding the legal implications of wearables in the workplace: “Historically European regulators in the data protection area have been very sceptical you can ever get a valid employee consent — they feel that for existing employees, [the relationship] is almost inherently coercive.”

June 1, 2015, Global Trade & Regulatory Compliance Summit

May 13, 2015, Life Sciences Essentials Webinar Series

May 7, 2015, International Data Exports – EU-US Data Transfers

May 4, 2015, Global Benefits Forum

November 13, 2014, 9th Annual Data Protection Practical Compliance Conference

October 10, 2014, 13th Annual Data Protection Compliance Conference

August 5, 2014

LONDON, 5 August, 2014 — Covington & Burling advised Illumina on its partnership with Genomics England to provide infrastructure and expertise for a four-year project that aims to make the UK the world leader in genetic research into cancer and rare diseases, through funding research to decode 100,000 human genomes - a patient's personal DNA code. The deal is ...

April 24, 2014, Inside EU Life Sciences

This post was originally published on our sister blog Inside Privacy On April 10, 2014, the Article 29 Working Party adopted an Opinion on anonymization techniques.  The Working Party accepts that anonymization techniques can help individuals and society reap the benefits of “open data” initiatives – initiatives intended to make various types of data more freely ...

April 23, 2014, XIIth International CIFA Forum

March 28, 2014, Biobanking Global Congress 2014 Europe

January 22, 2014, Covington E-Alert

December 5, 2013, Global Investigations Summit

November 27, 2013, Covington E-Alert

November 2013, ITU Telecom World 2013 Conference, Bangkok

October 24, 2013, Covington E-Alert

September 11, 2013, 12th Annual Data Protection Compliance Conference

July 11, 2013, Inside Tech Media

By Dan Cooper and Oliver Grazebrook On 20 June 2103, the Court of Rome in Italy ruled that the Wikimedia Foundation (the charitable organisation that operates Wikipedia) could not be liable for defamatory content posted by users on its site.  The court deemed that Wikimedia fell within the exemptions in the Italian transposition of Articles...… Continue Reading

July 8, 2013, 2013 IViR Summer Course on Privacy Law and Policy

June 26, 2013

LONDON, 26 June, 2013 — The UK Information Commissioner's Office has authorised GlaxoSmithKline’s 'Binding Corporate Rules' (BCRs) – a set of internal policies and procedures used to protect personal data across GSK’s operations globally. The privacy and data security team at Covington & Burling was instrumental in the development, implementation and ...

June 25, 2013, SMi’s 3rd Annual Biobanking Conference

May 2013, International Data Privacy Law

April 2013, World Data Protection Report

March 13, 2013, Tackling Doping in Sport 2013

February 27, 2013, Data Protection & Privacy for In-House Advisers

February 15, 2013, Covington E-Alert

February 14, 2013, Covington E-Alert

January 11, 2013, Covington E-Alert

November 16, 2012, Data Protection in the Financial Services Sector 2012, DataGuidance

October 9, 2012, RSA Conference Europe 2012

March 27, 2012, Covington E-Alert

February 21, 2012, Thomson Reuters (Webinar)

February 2, 2012, International Association of Privacy Professionals (Webinar)

January 25, 2012, Covington E-Alert

January 25, 2012, C5’s 5th Annual European Forum on Anti-Corruption - Effective Anti-Corruption Compliance Strategies to Prepare for Increased Regulatory Scrutiny and Global Enforcement, Munich

October 18, 2011, European Privacy Association First International Conference in Europe on Cloud Computing for e-Health, Castelfranco Veneto, Italy

October 13, 2011, PDP 10th Annual Data Protection Compliance Conference

June 24, 2011, European Healthcare Compliance Ethics & Regulation

June 23, 2011, Council of American Survey Research Organizations (Webinar)

May 10, 2011

WASHINGTON, SAN FRANCISCO, BRUSSELS, AND LONDON, May 10, 2011 —Covington & Burling LLP is advising Microsoft Corp. in its acquisition of Skype Global S.à.r.l., the leading Internet communications company, for $8.5 billion in cash. Microsoft’s purchase of Skype from the investor group led by Silver Lake is expected to increase the accessibility of real-time ...

April 26, 2011, Innovation and Privacy Conference

April 5, 2011, Law Accord 2011 Program - Why Sports Law Matters

April 5, 2011, Law Accord 2011 Program - Why Sports Law Matters

March 10, 2011, Covington Advisory

February 15, 2011, EuroWatch

February 10, 2011, Covington Advisory

January 2011, World Data Protection Report

December 24, 2010, Covington Advisory

December 21, 2010, Covington Advisory

November/December 2010, Data Protection Ireland: Volume 3, Issue 6

November 9, 2010, Covington Advisory

June 15, 2010, Covington Advisory

March 29, 2010, Covington Advisory

February 25, 2010, Covington Advisory

February 9, 2010, Covington E-Alert

January/February 2010, The Privacy Advisor

January 26, 2010, 5th European Forum on Anti-Corruption

January 5, 2010, Covington Advisory

November 23, 2009, Covington Advisory

November 20, 2009, Covington Advisory

November 2009, 20th Pandemic Swine Flu Summit, Royal College of Surgeons, London

October 26, 2009, Covington Advisory

October 2, 2009, Covington Advisory

October 2009, PDP 8th Annual Data Protection Compliance Conference

October 2009, The Privacy Advisor

September 30, 2009, EuroWatch

September 22, 2009, Covington Advisory

September 2009, IAPP Privacy Conference, Boston

June 24, 2009, Covington E-Alert

6/09/2009

LONDON, June 9, 2009 — An enhanced version of the world’s first data protection standard for athletes took effect on June 1, 2009. The International Standard for the Protection of Privacy and Personal Information took effect on January 1, 2009, and an enhanced version was unanimously approved in early May 2009 by the Executive Committee of the World Anti-Doping ...

May 2009, European Commission, Madrid

April 2009, Society for Computers & Law Data Protection Group, London

March 2009, UC Berkeley School of Law, Security Breach Notification Symposium, California

March 2009, Medical Research and EU Data Privacy Law

February 2009, ABA Brown Bag Series (In-House Webinar)

January 2009, Computer, Privacy and Data Protection (CPDP) 2nd International Conference, Brussels

11/15/2008

LONDON, 15 November, 2008 — The latest editions of Chambers UK and Legal 500 UK have recognised the London office of Covington & Burling LLP in a combined 22 categories, praising the firm’s lawyers for “best-in-class business acumen” and “excellent industry knowledge” as well as “consistent, absolutely top-tier service.” The firm’s London office has also ...

November 2008, Business Crimes Bulletin

10/1/2008

WASHINGTON, DC, October 1, 2008 — Covington & Burling LLP today announced that 12 of its lawyers have been elected to the firm’s partnership. These new partners are resident in four of the firm’s offices and practice in the litigation, corporate/tax, and regulatory fields. Timothy Hester, chair of the firm’s management committee, commented: “These young and ...

August 14, 2008, The Lawyer

July 19, 2008, Covington E-Alert

July 2008, Privacy and Data Protection

June 2008, Privacy and Data Protection Journal

2008, Covington Report

November 15, 2007

LONDON, November 15, 2007 - Covington & Burling LLP is pleased to announce its role in advising Bank of China’s London Branch on the transfer of its UK retail and part of its UK corporate banking business (based in London, Birmingham, Manchester and Glasgow) to Bank of China (UK) Ltd. Bank of China (UK) Ltd is a newly established UK bank and a wholly-owned ...

July 16, 2007, Covington E-Alert

July 2007, PLC

April 3, 2007

WASHINGTON, DC, April 3, 2007 — Covington & Burling LLP has announced the promotion of four new Of Counsel and six new Special Counsel.The four new Of Counsel are Daniel P. Cooper, Christian Neira, Matthew J. O’Connor, and Kevin J. Shortill.Daniel P. Cooper advises on European privacy and data protection matters, as well as on contentious and non-contentious ...

September 2006, 5th Annual Data Protection Compliance Conference and Workshop Series, London

August 2006, Computer Law & Security Report

July 2006, Privacy Laws & Business 19th Annual International Conference on Data Protection, Cambridge University, UK

June 2006, Business Forums International

May 2006, Data Protection Law & Policy

January/February 2006, Avian Flu Summit, Royal College of Surgeons, London

November 2005, Data Protection Law & Policy

August 2005, Journal of Financial Crime

August 2005, Data Protection Law & Policy

July 2005, BNA International World Data Protection Report

July 2005, Data Protection Law & Policy

July 2005, World Data Protection Report

July 2005, Council of American Survey Research Organizations (CASRO) University Conference, New York

July 2005, The Company Lawyer

April 2005, The Company Lawyer

April 2005, Business Forums International - Amsterdam

February 2005, Regulatory Affairs Journal

January 2005, BNA International World Data Protection Report

January 2005, Covington Report

July 2004, Privacy Laws & Business 17th Annual International Conference on Data Protection, Cambridge University, England

July 2004, Data Protection Law & Policy

October 2003, Privacy International

July 2003, Privacy Laws & Business 16th Annual International Conference on Data Protection, Cambridge University, England

2003, Aspen Copyright Treatise

November 2002, United Nations Economic Commission for Europe, Moscow, Russia

September 1, 2002

September 2002, Privacy Laws & Business

July 24, 2002, Covington Report

May 2002, In Brief

September 2001, E-commerce Law & Policy

June 2001, United Nations Economic Commission for Europe, Geneva, Switzerland

1998, PLI