Dan Cooper

Daniel Cooper heads up the firm’s growing Data Privacy and Cybersecurity practice in London, and counsels clients in the information technology, pharmaceutical research, sports and financial services industries, among others, on European and UK data protection, data retention and freedom of information laws, as well as associated information technology and e-commerce laws and regulations. Mr. Cooper also regularly counsels clients with respect to Internet-related liabilities under European and US laws. Mr. Cooper sits on the advisory boards of a number of privacy NGOs, privacy think tanks, and related bodies.

Subscribe to all posts by Dan Cooper

European Parliament Publishes Study on Blockchain and the GDPR

On July 24, 2019, the European Parliament published a study entitled “Blockchain and the General Data Protection Regulation: Can distributed ledgers be squared with European data protection law?” The study explores the tension between blockchain technology and compliance with the General Data Protection Regulation (the “GDPR”), the EU’s data protection law. The study also explores … Continue Reading

ICO Launches Public Consultation on New Data Sharing Code of Practice

By Dan Cooper, Sam Jungyun Choi and Nicholas Shepherd on August 1, 2019 Posted in Data Privacy, International, Uncategorized, United Kingdom

On July 16, 2019, the UK’s Information Commissioner’s Office (“ICO”) released a new draft Data sharing code of practice (“draft Code”), which provides practical guidance for organizations on how to share personal data in a manner that complies with data protection laws. The draft Code focuses on the sharing of personal data between controllers, with … Continue Reading

CJEU rules that Facebook and website operators are joint controllers if the website embeds Facebook’s “Like” button

By Dan Cooper, Sam Jungyun Choi and Anna Oberschelp de Meneses on July 31, 2019 Posted in Advertising & Marketing, EU Data Protection, European Union

On July 29, 2019, the Court of Justice of the European Union (“CJEU”) handed down its judgment in the Fashion ID case (Case C-40/17). The CJEU found that when a website operator embeds Facebook’s “Like” button on its website, Facebook and the website operator become joint controllers. The case clarifies the relationship between website operators … Continue Reading

Italian Supervisory Authority Issues Judgment Concerning ‘Right to be Forgotten’

By Dan Cooper and Teresa Portelli on July 26, 2019 Posted in Data Privacy, EU Data Protection, International

On July 22, 2019, the Italian supervisory authority for data protection (“Garante”) issued a judgment involving the so-called “right to be forgotten”. The Garante’s decision explores the boundaries of this right in a case in which Internet users could access an article by using a professional position as a search term, whereas it was not … Continue Reading

European Commission Issues Report on the Implementation of the GDPR

By Dan Cooper and Nicholas Shepherd on July 25, 2019 Posted in Cross-Border Transfers, Data Privacy, EU Data Protection, European Union, International

On July 24, 2019, the European Commission (“the Commission”) published a report appraising Europe’s progress in implementing the General Data Protection Regulation (“GDPR”) as a central component of its revamped data protection framework. In its report, the Commission highlights certain achievements resulting from implementation efforts, calls attention to issues that require further action, and describes … Continue Reading

European Commission Issues Updated Q&A on Interplay between the GDPR and the Clinical Trials Regulation

By Kristof Van Quathem and Dan Cooper on April 15, 2019 Posted in European Union, Health Privacy

On April 10, 2019, European Commission Directorate-General for Health and Food Safety issued a revised Q&A analyzing the interplay between the EU Clinical Trials Regulation (“CTR”) and the EU General Data Protection Regulation (“GDPR”). The revised Q&A takes into account the opinion of the European Data Protection Board (“EDPB”) issued on January 23, 2019, on … Continue Reading

EDPB releases information note in the event of a “No-deal Brexit”

By Dan Cooper and Anna Herrmann on February 15, 2019 Posted in Brexit, Cross-Border Transfers, Data Privacy, EU Data Protection, European Union, Uncategorized

On February 12, 2019, the European Data Protection Board (“EDPB”) published two information notes to highlight the impact of a so-called “No-deal Brexit” on data transfers under the EU General Data Protection Regulation (“GDPR”), as well as the impact on organizations that have selected the UK Information Commissioner (“ICO”) as their “lead supervisory authority” for … Continue Reading

The CNIL Publishes Report On Blockchain and the GDPR

By Dan Cooper, Gemma Nash and Sophie Bertin on November 14, 2018 Posted in European Union, Financial Institutions

On November 6, 2018, the French data protection authority (the “CNIL”) published a report that discusses some of the questions raised by the use of blockchain technology and perceived tensions between it and foundational principles found in the General Data Protection Regulation (the “GDPR”). As we noted in an earlier blog post on this topic, … Continue Reading

The GDPR and Blockchain

By Bruce Bennett, Sophie Bertin, Dan Cooper, Carlo Kostka, Gemma Nash, Mike Nonaka and Kristof Van Quathem on July 24, 2018 Posted in Data Privacy, European Union, Financial Institutions, Financial Privacy

Blockchain technology has the potential to revolutionise many industries; it has been said that “blockchain will do to the financial system what the internet did to media”. Its most famous use is its role as the architecture of the cryptocurrency Bitcoin, however it has many other potential uses in the financial sector, for instance in … Continue Reading

The UK Adopts Data Protection Act 2018

By Dan Cooper on May 25, 2018 Posted in Children's Privacy, European Union, United Kingdom

Having received Royal Assent on May 23, 2018, the UK Data Protection Bill is now an Act of Parliament. The Data Protection Act 2018 (the “Act”) implements the General Data Protection Regulation (“GDPR”) and replaces the UK Data Protection Act 1998. Notable provisions that make use of the ability of Member States to implement different … Continue Reading

CJEU Rejects Consumer Privacy Class Action

By Dan Cooper on January 30, 2018 Posted in European Union, International

On January 25, 2018, the Court of Justice of the European Union (“CJEU”) handed down a ruling permitting consumer privacy actions to be brought in the consumer’s home jurisdiction — as opposed to the jurisdiction in which the defendant data controller has its main establishment — but not permitting consumer privacy class actions to be … Continue Reading

EU Article 29 Working Party Releases Extensive GDPR Guidance on Data Processing at Work

By Dan Cooper on July 4, 2017 Posted in European Union

By Dan Cooper and Rosie Klement The EU’s Article 29 Working Party (“WP29”) has issued new guidance on data processing in the employment context. Adopted on June 8, 2017, the guidance primarily takes account of the existing data protection framework under the EU Data Protection Directive (Directive 95/46/EC), but also considers the developments coming into force … Continue Reading

CJEU Limits Public Record ‘Right to Be Forgotten’

By Dan Cooper and Phil Bradley-Schmieg on March 10, 2017 Posted in European Union

On March 9, 2017, the Court of Justice of the EU (“CJEU”) handed down a ruling limiting the reach of its prior “right to be forgotten” jurisprudence, by holding that the right does not prevail over society’s interest in access to official public records of company details required by law.… Continue Reading

UK Information Commissioner’s Office Publishes Draft Guidance on Consent under the GDPR

By Dan Cooper on March 8, 2017 Posted in European Union, United Kingdom

By Dan Cooper and Rosie Klement On March 2, 2017, the Information Commissioner’s Office (“ICO”) released draft guidance for UK organizations on how the notion of consent will be interpreted and applied when the General Data Protection Regulation (“GDPR”) comes into force in May 2018. The ICO is currently engaging in a public consultation on … Continue Reading

European Commission Unveils Data Economy Package: International Data Transfers

By Dan Cooper and Ezra Steinhardt on January 11, 2017 Posted in Cross-Border Transfers, European Union, International

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future. These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) (see our post here); A Communication on “Building a European Data Economy” (see our post here); and A Communication … Continue Reading

European Commission Unveils Data Economy Package: “Building a European Data Economy”

By Dan Cooper and Ezra Steinhardt on January 11, 2017 Posted in European Union, International

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future. These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) (see our post here); A Communication on “Building a European Data Economy”; and A Communication on exchanging and protecting … Continue Reading

European Commission Unveils Data Economy Package: E-Privacy Regulation

By Dan Cooper and Ezra Steinhardt on January 11, 2017 Posted in European Union, International

On January 10, 2017, the European Commission unveiled the “last major Digital Single Market initiatives” addressing Europe’s digital future. These initiatives comprise the following: A proposal for a Regulation on Privacy and Electronic Communications (E-Privacy Regulation) ; A Communication on “Building a European Data Economy” (see our post here); and A Communication on exchanging and … Continue Reading

CJEU Confirms Dynamic IP Addresses To Be Personal Data

By Dan Cooper and Mark Young on October 19, 2016 Posted in European Union, International

On Wednesday October 19, 2016 the Court of Justice of European Union (“CJEU”) issued its judgment in Case C-582/14, Patrick Breyer v Germany. The CJEU held that a “dynamic” IP address constitutes personal data (agreeing with the Opinion of the Advocate General from May this year). Dynamic IP addresses qualify as personal data, even if … Continue Reading

Agreement Reached on New EU-U.S. Safe Harbor: the EU-U.S. Privacy Shield

By Dan Cooper and Phil Bradley-Schmieg on February 2, 2016 Posted in Department of Commerce, European Union, Federal Trade Commission, International, United States

Today (February 2nd, 2016), the European Commission and U.S. Government reached political agreement on the new framework for transatlantic data flows. The new framework – the EU-U.S. Privacy Shield – succeeds the EU-U.S. Safe Harbor framework (for more on the Court of Justice of the European Union decision in the Schrems case declaring the Safe … Continue Reading

EU’s Highest Court Invalidates Safe Harbor with Immediate Effect

By Jetty Tielemans, Dan Cooper, Mark Young and Kristof Van Quathem on October 6, 2015 Posted in European Union, International

Today, the Court of Justice of the European Union (the “CJEU”) invalidated the European Commission’s Decision on the EU-U.S. Safe Harbor arrangement (Commission Decision 2000/520 – see here). The Court responded to pre-judicial questions put forward by the Irish High Court in the so-called Schrems case. More specifically, the High Court had enquired, in particular, … Continue Reading

Highlights of the Canada Digital Privacy Act 2015

By Dan Cooper on June 24, 2015 Posted in Canada

On June 18, 2015, the Canadian Parliament passed the Digital Privacy Act (DPA), Senate Bill S-4, into law. The DPA amends Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA) in important respects, including introducing a new data breach notification requirement (which is not yet in force) and making other … Continue Reading