Photo of Dan Cooper

Dan Cooper

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing clients in regulatory proceedings before privacy authorities in Europe and counseling them on their global compliance and government affairs strategies. Dan regularly lectures on the topic, and was instrumental in drafting the privacy standards applied in professional sport.

According to Chambers UK, his "level of expertise is second to none, but it's also equally paired with a keen understanding of our business and direction." It was noted that "he is very good at calibrating and helping to gauge risk."

Dan is qualified to practice law in the United States, the United Kingdom, Ireland and Belgium. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as the IAPP's European Advisory Board, Privacy International and the European security agency, ENISA.

Contact:Read more about Dan CooperEmail

The European Commission (“Commission”) is working on a new EU consumer protection law called the Digital Fairness Act (“DFA”) to better protect consumers in the digital space.  The DFA is expected to regulate, among other things, influencer marketing. 

With EU consumer protection watchdogs starting to bring cases against companies whose products or services are promoted by influencers (see for example here), the DFA’s provisions may apply not only to influencers, but also to companies that deploy or use influencers, to ensure that advertising practices are fair and transparent.  This blog post explores two key issues that the European Commission is expected to prioritize in its approach to influencer marketing.  It also provides a brief overview of the French legal framework in this area, which some expect to serve as a model for the EU’s forthcoming rules in this area.Continue Reading Digital Fairness Act Series – Topic 1: Influencer Marketing

On April 7, 2025, South Africa’s Information Regulator announced a new requirement for organizations to report data breaches—referred to under local law as “security compromises”—via an online eServices Portal. The announcement marks a significant procedural shift in how companies must comply with the Protection of Personal Information Act, 2013

Continue Reading South Africa Introduces Mandatory e-Portal Reporting for Data Breaches

The “market” for AI contracting terms continues to evolve, and whilst there is no standardised approach (as much will depend on the use cases, technical features and commercial terms), a number of attempts have been made to put forward contracting models. One of the latest being from the EU’s Community of Practice on Public Procurement of AI, which published an updated version of its non-binding EU AI Model Contractual Clauses (“MCC-AI”) on March 5, 2025. The MCC-AI are template contractual clauses intended to be used by public organizations that procure AI systems developed by external suppliers.  An initial draft had been published in September 2023.  This latest version has been updated to align with the EU AI Act, which entered into force on August 1, 2024 but whose terms apply gradually in a staggered manner.  Two templates are available: one for public procurement of “high-risk” AI systems, and another for non-high-risk AI systems. A commentary, which provides guidance on how to use the MCC-AI, is also available.Continue Reading EU’s Community of Practice Publishes Updated AI Model Contractual Clauses

Kenya has released its first National Artificial Intelligence Strategy (2025–2030), a landmark document on the continent that sets out a government-led vision for ethical, inclusive, and innovation-driven AI adoption. Framed as a foundational step in the country’s digital transformation agenda, the strategy articulates policy ambitions that will be of

Continue Reading Kenya’s AI Strategy 2025–2030: Signals for Global Companies Operating in Africa

On March 20, 2025, the Court of Justice of the European Union (“CJEU”) ruled on the fairness, under EU consumer protection law, of a contractual clause allocating a percentage of an athlete’s income to a professional services provider (Case C‑365/23 [Arce]).  This ruling sets an important precedent and strengthens the protection afforded by consumer protection law to minors who enter into professional service contracts, whether in sport or elsewhere.Continue Reading CJEU Rules on Fairness of Remuneration Clause in Sports Contract

On March 21, 2025, the European Commission announced that the Consumer Protection Cooperation Network (“CPC-N”) had initiated enforcement proceedings against an online gaming company, for allegedly violating EU consumer protection laws and engaging in practices that could pose a particular risk to children.  The gaming company now has one month to propose commitments to remedy the consumer law violations identified by the CPC-N.  Concurrently, the CPC-N published guidelines to promote transparency and fairness in the online gaming industry’s use of virtual currencies.Continue Reading Consumer Watchdogs Turn Their Attention to the Online Gaming Industry

On February 4, 2025, the Japanese Government announced its intention to position Japan as “the most AI-friendly country in the world”, with a lighter regulatory approach than that of the EU and some other nations.  This statement follows: (i) the Japanese government’s recent submission of an AI bill to Japan’s Parliament, and (ii) the Japanese Personal Data Protection Commission’s (“PPC”) proposals to amend the Japanese Act on the Protection of Personal Information (“APPI”) to facilitate the use of personal data for the development of AI.Continue Reading Japan Plans to Adopt AI-Friendly Legislation

On March 13, 2025, the Court of Justice of the EU (“CJEU”) ruled that the right of rectification (in Article 16 GDPR) requires a national authority to correct a person’s gender identity, where it is shown to be inaccurate (Case C‑247/23 [Deldits]).  The authority, however, may require that person to provide relevant and sufficient evidence to establish that the information concerning their gender is inaccurate, but may not go so far as to require proof of gender reassignment surgery.Continue Reading CJEU Rules on Right of Rectification of Gender Identity

Updated

On March 5, 2025, the European Data Protection Board (“EDPB”) announced that EU Supervisory Authorities (“SAs”) will undertake a coordinated enforcement action in 2025 regarding data subjects’ right to erasure under Art. 17 of the GDPR.  For context, the EDPB selects a particular topic each year as its focus for pan-EU coordinated enforcement.Continue Reading EDPB Launches Coordinated Enforcement on the Right to Erasure

On November 8, 2024, the UK’s communications regulator, the Office of Communications (“Ofcom”) published an open letter to online service providers operating in the UK regarding the Online Safety Act (“OSA”) and generative AI (the “Open Letter”).  In the Open Letter, Ofcom reminds online service providers that generative AI tools, such as chatbots and search assistants may fall within the scope of regulated services under the OSA.  More recently, Ofcom also published several pieces of guidance (some of which are under consultation) that include further commentary on how the OSA applies to generative AI services.Continue Reading Ofcom Explains How the UK Online Safety Act Will Apply to Generative AI