Dan Cooper

Dan Cooper

Daniel Cooper heads up the firm’s growing Data Privacy and Cybersecurity practice in London, and counsels clients in the information technology, pharmaceutical research, sports and financial services industries, among others, on European and UK data protection, data retention and freedom of information laws, as well as associated information technology and e-commerce laws and regulations. Mr. Cooper also regularly counsels clients with respect to Internet-related liabilities under European and US laws. Mr. Cooper sits on the advisory boards of a number of privacy NGOs, privacy think tanks, and related bodies.

Subscribe to all posts by Dan Cooper

COVID-19 Apps and Websites – The “Pan-European Privacy Preserving Proximity Tracing Initiative” and Guidance by Supervisory Authorities

By Dan Cooper, Kristof Van Quathem and Anna Oberschelp de Meneses on Posted in COVID-19, EU Data Protection
Pan-European Privacy Preserving Proximity Tracing Initiative According to media sources, an EU consortium led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI) will soon release software code that can be used to create apps that will help track transmission chains of COVID-19.  The Pan-European Privacy Preserving Proximity Tracing (“PEPP-PT”) project comprises more than 130 … Continue Reading

UK Supreme Court Rules That Supermarket Is Not Vicariously Liable For Data Breach Committed By Employee

By Mark Young, Dan Cooper, Louise Freeman, Richard Mattick, Fredericka Argent and Rosie Klement on Posted in Cybersecurity, Data Breaches, Data Privacy, Data Security, United Kingdom
On 1 April 2020, the UK Supreme Court handed down its ruling in WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12.  The Court ruled that Morrisons was not vicariously liable for a data breach deliberately perpetrated by an employee.  The judgment is significant in that it overturned the decisions of the two lower … Continue Reading

Greek Data Protection Authority Issues Guidelines on Data Protection and Coronavirus

By Dan Cooper and Spyridon Goulielmos on Posted in COVID-19, Data Privacy, Health Privacy
On 18 March, 2020, the Hellenic (Greek) Data Protection Authority (“HDPA”) issued guidelines on data protection and COVID-19. With these guidelines, the HDPA aims to provide guidance on the interpretation and application of data protection legislation during the COVID-19 pandemic. In this blog, we summarise the key points included in the HDPA’s guidelines. Categorization of … Continue Reading

Guidance released by EU Authorities on How to Ensure IT Security when Working Remotely

By Dan Cooper, Kristof Van Quathem and Anna Oberschelp de Meneses on Posted in COVID-19, Data Privacy, Data Security
In order to combat the proliferation of COVID-1, several EU Member States have strongly recommended or required that employees engage in teleworking, rather than attend work as normal. In this context, the European Union Agency for Cybersecurity (“ENISA”), on March 15, 2020, issued its “top tips for cybersecurity when working remotely”. Some data protection Supervisory … Continue Reading

COVID-19, Scientific Research and the GDPR – Some Basic Principles

By Dan Cooper and Kristof Van Quathem on Posted in COVID-19, Data Privacy, EU Data Protection
As scientists work around the clock to gain insights into the Corona virus and how to fight it, public and private-sector stakeholders are in discussions to promote the rapid exchange of scientific data. During these discussions, the GDPR acronym inevitably rears its head and casts doubt over what is lawful. The GDPR and national data … Continue Reading

Global Privacy Assembly Issues Statement on COVID-19

By Dan Cooper and Luca Tosoni on Posted in COVID-19, Data Privacy, European Union, Health Privacy
On March 17, 2020, the Executive Committee of the Global Privacy Assembly (“GPA”) issued a statement on data protection in the context of the COVID-19 pandemic. The GPA is an entity representing data protection and privacy regulators around the globe, formerly known as the International Conference of Data Protection and Privacy Commissioners (“ICDPPC”). The GPA … Continue Reading

Italian Government and Trade Unions Sign Protocol on Fighting COVID-19 in the Workplace

By Dan Cooper and Luca Tosoni on Posted in COVID-19, Data Privacy, EU Data Protection, Health Privacy
On March 14, 2020, the Italian Government and several trade unions have signed a protocol, which establishes specific procedures for fighting COVID-19 in the workplace. The protocol also includes provisions on the processing of personal data of employees.  In particular, it provides that employers may subject their employees to pro-active body temperature controls before entering … Continue Reading

EDPB Chair Issues Statement on Data Protection and COVID-19

By Dan Cooper and Luca Tosoni on Posted in COVID-19, Health Privacy
On March 16, 2020, the Chair of the European Data Protection Board (“EDPB”), Andrea Jelinek, issued a statement on the processing of personal data in the context of the COVID-19 outbreak. The statement made clear that EU data protection law does not stand in the way of the adoption of measures to fight against the Coronavirus pandemic.  However, … Continue Reading

Belgian Supervisory Authority Issues Guidance on Data Protection and Coronavirus

By Dan Cooper, Kristof Van Quathem and Anna Oberschelp de Meneses on Posted in COVID-19, Data Privacy, Health Privacy
On March 13, 2020, the Belgian data protection authority (“APD”) issued guidance on data protection and COVID-19. The guidance is mainly aimed at employers processing personal data of employees in the context of the measures they have taken to contain the spreading of COVID-19. The guidance is divided in the following three parts: legal basis … Continue Reading

Hungarian Supervisory Authority Issues Guidance on Data Protection and Coronavirus

By Dan Cooper and Dora Pap on Posted in COVID-19, Data Privacy, Health Privacy
On March 10, 2020, the Hungarian National Authority for Data Protection and Freedom of Information (“NAIH”) issued guidance on data protection and COVID-19. The NAIH highlights that controllers processing personal data in the context of their efforts to prevent the spread of COVID-19 must comply with the GDPR as well as Hungarian data protection law. … Continue Reading

Spanish Supervisory Authority Issues Statement on Data Protection and Coronavirus

By Dan Cooper and Anna Oberschelp de Meneses on Posted in COVID-19, Health Privacy
On March 12, 2020, the Spanish Supervisor Authority (“AEDP”) issued a statement and a report on data protection and COVID-19. The AEPD highlights that controllers processing personal data in the context of their effort to prevent COVID-19 must comply with the GDPR, the Spanish Data Protection Law and the Spanish sectorial health laws. However, the … Continue Reading

UK Supervisory Authority Issues Statement on Data Protection and Coronavirus

By Dan Cooper and Luca Tosoni on Posted in COVID-19, Data Privacy, Health Privacy
 On March 12, 2020, the UK Supervisory Authority (“ICO”) issued a statement on data protection and coronavirus (“COVID-19”).  The statement makes clear that the ICO will take a “reasonable and pragmatic” approach regarding compliance with the GDPR in light of the current health emergency. Similar to the Irish Supervisory Authority (see our previous blog here), … Continue Reading

Irish Supervisory Authority Issues Guidance on Data Protection and COVID-19

By Dan Cooper and Luca Tosoni on Posted in COVID-19
On March 6, 2020, the Irish Supervisory Authority (“DPC”) issued guidance on how companies should process personal data when taking steps to contain the spread and mitigate the effects of COVID-19. The DPC made clear that data protection law does not stand in the way of the provision of healthcare and the management of public health issues, but stressed that companies should be … Continue Reading

Norwegian Supervisory Authority Issues COVID-19 Guidance

By Dan Cooper and Luca Tosoni on Posted in COVID-19
On March 10, 2020, the Norwegian Supervisory Authority (“Datatilsynet”) issued guidance on the processing of personal data in the context of the corona virus (“COVID-19”) crisis (see here, in Norwegian). Datatilsynet stressed that the GDPR allows the processing of special categories of data (e.g., health data) if the processing is necessary for the purposes of … Continue Reading

Advocate General delivers opinion on GDPR consent

By Dan Cooper and Anna Oberschelp de Meneses on Posted in EU Data Protection, European Union
On March 4, 2020, Advocate General Szpunar (“AG”) delivered his opinion in the case C-61/19 Orange România SA v Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP).  The AG concluded that a printed telecommunication contract stating that customers consent to the processing of a copy of their identification card does not meet … Continue Reading

French Supervisory Authority issues COVID-19 Guidance

By Kristof Van Quathem and Dan Cooper on Posted in COVID-19
On March 6, 2020, the French Supervisory Authority (“CNIL”) released a statement on processing personal data in light of COVID-19. The CNIL notes that while everyone should take measures to prevent the spread of the virus, such efforts must comply with applicable data protection rules, in particular when collecting and processing sensitive health data. As … Continue Reading

Danish Supervisory Authority Issues COVID-19 Guidance

By Dan Cooper and Luca Tosoni on Posted in COVID-19
On March 5, 2020, the Danish Supervisory Authority (“Datatilsynet”) issued a guidance document in which it clarifies how companies should process the personal data of their employees in the context of the coronavirus (“COVID-19”) crisis (see here, in Danish). This follows the publication of a similar guidance by the Italian Supervisory Authority (“Garante”) (see our … Continue Reading

Italian Supervisory Authority Publishes COVID-19 Guidance

By Dan Cooper and Luca Tosoni on Posted in COVID-19
On March 2, 2020, the Italian Supervisory Authority (“Garante”) published a “statement” in which it clarifies how companies should process personal data in the context of their efforts for preventing a spread of the coronavirus disease (“COVID-19”) among their employees and others in Italy (see here, in Italian). The Garante made clear that companies must … Continue Reading

Centre for Data Ethics and Innovation Publishes Final Report on “Online Targeting”

By Dan Cooper, Paul Maynard and Jonathan Benjamin on Posted in Centre for Data Ethics and Innovation, Data, Ethics, Online Targeting, Privacy and Data Security, United Kingdom
On February 4, 2020, the United Kingdom’s Centre for Data Ethics and Innovation (“DEI”) published its final report on “online targeting” (the “Report”), examining practices used to monitor a person’s online behaviour and subsequently customize their experience.  In October 2018, the UK government appointed the DEI, an expert committee that advises the UK government on … Continue Reading

UK ICO Publishes New Guidance on Special Category Data

By Dan Cooper, Gemma Nash and Laura Richardson on Posted in Data Privacy, EU Data Protection, United Kingdom
On November 14, 2019, the UK Information Commissioner’s Office (“ICO”) published detailed guidance on the processing of special category data.  The guidance sets out (i) what are the  special categories of data, (ii) the rules that apply to the processing of special category data under the General Data Protection Regulation (“GDPR”) and UK Data Protection … Continue Reading

EDPB Adopts Final Version of Guidelines on Territorial Scope of the GDPR

By Kristof Van Quathem, Dan Cooper and Anna Oberschelp de Meneses on Posted in Data Privacy, EU Data Protection, European Union
On November 14, 2019, the EDPB adopted a final version of Guidelines 3/2018 on the territorial scope of the GDPR (Art. 3). This takes into account the contributions and feedback that the EDPB received during a public consultation on a draft version of the guidelines (see here). The draft version of the guidelines raised many … Continue Reading

European Parliament Publishes Study on Blockchain and the GDPR

By Dan Cooper and Gemma Nash on Posted in Data Privacy, Emerging Technologies, European Union
On July 24, 2019, the European Parliament published a study entitled “Blockchain and the General Data Protection Regulation: Can distributed ledgers be squared with European data protection law?”  The study explores the tension between blockchain technology and compliance with the General Data Protection Regulation (the “GDPR”), the EU’s data protection law.  The study also explores … Continue Reading

ICO Launches Public Consultation on New Data Sharing Code of Practice

By Dan Cooper, Sam Jungyun Choi and Nicholas Shepherd on Posted in Data Privacy, International, Uncategorized, United Kingdom
On July 16, 2019, the UK’s Information Commissioner’s Office (“ICO”) released a new draft Data sharing code of practice (“draft Code”), which provides practical guidance for organizations on how to share personal data in a manner that complies with data protection laws.  The draft Code focuses on the sharing of personal data between controllers, with … Continue Reading

CJEU rules that Facebook and website operators are joint controllers if the website embeds Facebook’s “Like” button

By Dan Cooper, Sam Jungyun Choi and Anna Oberschelp de Meneses on Posted in Advertising & Marketing, EU Data Protection, European Union
On July 29, 2019, the Court of Justice of the European Union (“CJEU”) handed down its judgment in the Fashion ID case (Case C-40/17).   The CJEU found that when a website operator embeds Facebook’s “Like” button on its website, Facebook and the website operator become joint controllers. The case clarifies the relationship between website operators … Continue Reading
LexBlog