Dan Cooper

Dan Cooper

Daniel Cooper heads up the firm’s growing Data Privacy and Cybersecurity practice in London, and counsels clients in the information technology, pharmaceutical research, sports and financial services industries, among others, on European and UK data protection, data retention and freedom of information laws, as well as associated information technology and e-commerce laws and regulations. Mr. Cooper also regularly counsels clients with respect to Internet-related liabilities under European and US laws. Mr. Cooper sits on the advisory boards of a number of privacy NGOs, privacy think tanks, and related bodies.

Subscribe to all posts by Dan Cooper

ICO Issues COVID-19 Guidance for Employers

On May 11, 2020, the UK Information Commissioner’s Office (“ICO”) published guidance on how employers should handle data in the event they choose to test their employees for COVID-19. The guidance provides a clear reminder that employers must comply with both the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”), and … Continue Reading

Italian Supervisory Authority Publishes FAQs on Data Protection and COVID-19

On May 6, 2020, the Italian Supervisory Authority (“Garante”) published a list of frequently asked questions (“FAQs”) and answers on data protection and COVID-19 (see here, in English). The FAQs build on and expand guidance previously issued by the Garante (see our blog post here), and take into account recent measures adopted by Italian authorities, such as … Continue Reading

Hungarian Government Suspends GDPR Data Subjects Rights

On May 4, 2020, the Hungarian Government issued a Decree that suspends, during the COVID-19 created state of emergency, the one-month deadline that controllers have under the GDPR to reply to data subject rights requests. The Decree also allows public entities to refuse or suspend freedom of information (“FOIA”) requests in certain situations. The Decree … Continue Reading

EDPB Issues New Guidance on the Use of Location Data and Contact Tracing in the Context of the COVID-19 Outbreak

As we anticipated in a previous blog post, on April 22, 2020, the European Data Protection Board (“EDPB”) issued new guidelines on the use of location data and contact tracing apps in the context of the present COVID-19 pandemic. The EDPB’s new guidelines complement and build on similar guidance previously issued by the Board itself … Continue Reading

UK ICO Issues Opinion on Apple-Google Initiative for a Contact Tracing Framework

On April 17, 2020, the UK’s Information Commissioner’s Office (“ICO”) issued an opinion on the recently announced Apple-Google initiative to develop a Bluetooth-based Contact Tracing Framework (“CTF”) to help prevent the spread of COVID-19.  The ICO opinion is generally supportive of the Apple-Google proposal and perceives it to be, at this early phase, aligned with … Continue Reading

EU Commission Releases Guidance on COVID-19 Apps

On 8 April 2020, the European Commission adopted a recommendation on a common European Union toolbox for the use of technology and data to address the COVID-19 crisis (“Recommendation”).  The Recommendation responds to calls for a common EU approach to the use of mobile apps in combatting COVID-19—one that improves the efficacy of the technology … Continue Reading

EDPB will issue data protection guidance on several topics relating to COVID-19

On April 7, 2020, the European Data Protection Board (“EDPB”) announced that it assigned specific mandates to two expert subgroups to prepare guidance on a number of Covid-19 related topics. The list of topics chosen by the EDPB reflects those that have received the closest scrutiny by the national authorities.… Continue Reading

COVID-19 Apps and Websites – The “Pan-European Privacy Preserving Proximity Tracing Initiative” and Guidance by Supervisory Authorities

Pan-European Privacy Preserving Proximity Tracing Initiative According to media sources, an EU consortium led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI) will soon release software code that can be used to create apps that will help track transmission chains of COVID-19.  The Pan-European Privacy Preserving Proximity Tracing (“PEPP-PT”) project comprises more than 130 … Continue Reading

UK Supreme Court Rules That Supermarket Is Not Vicariously Liable For Data Breach Committed By Employee

On 1 April 2020, the UK Supreme Court handed down its ruling in WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12.  The Court ruled that Morrisons was not vicariously liable for a data breach deliberately perpetrated by an employee.  The judgment is significant in that it overturned the decisions of the two lower … Continue Reading

Greek Data Protection Authority Issues Guidelines on Data Protection and Coronavirus

On 18 March, 2020, the Hellenic (Greek) Data Protection Authority (“HDPA”) issued guidelines on data protection and COVID-19. With these guidelines, the HDPA aims to provide guidance on the interpretation and application of data protection legislation during the COVID-19 pandemic. In this blog, we summarise the key points included in the HDPA’s guidelines. Categorization of … Continue Reading

Guidance released by EU Authorities on How to Ensure IT Security when Working Remotely

In order to combat the proliferation of COVID-1, several EU Member States have strongly recommended or required that employees engage in teleworking, rather than attend work as normal. In this context, the European Union Agency for Cybersecurity (“ENISA”), on March 15, 2020, issued its “top tips for cybersecurity when working remotely”. Some data protection Supervisory … Continue Reading

COVID-19, Scientific Research and the GDPR – Some Basic Principles

As scientists work around the clock to gain insights into the Corona virus and how to fight it, public and private-sector stakeholders are in discussions to promote the rapid exchange of scientific data. During these discussions, the GDPR acronym inevitably rears its head and casts doubt over what is lawful. The GDPR and national data … Continue Reading

Global Privacy Assembly Issues Statement on COVID-19

On March 17, 2020, the Executive Committee of the Global Privacy Assembly (“GPA”) issued a statement on data protection in the context of the COVID-19 pandemic. The GPA is an entity representing data protection and privacy regulators around the globe, formerly known as the International Conference of Data Protection and Privacy Commissioners (“ICDPPC”). The GPA … Continue Reading

Italian Government and Trade Unions Sign Protocol on Fighting COVID-19 in the Workplace

On March 14, 2020, the Italian Government and several trade unions have signed a protocol, which establishes specific procedures for fighting COVID-19 in the workplace. The protocol also includes provisions on the processing of personal data of employees.  In particular, it provides that employers may subject their employees to pro-active body temperature controls before entering … Continue Reading

EDPB Chair Issues Statement on Data Protection and COVID-19

On March 16, 2020, the Chair of the European Data Protection Board (“EDPB”), Andrea Jelinek, issued a statement on the processing of personal data in the context of the COVID-19 outbreak. The statement made clear that EU data protection law does not stand in the way of the adoption of measures to fight against the Coronavirus pandemic.  However, … Continue Reading

Belgian Supervisory Authority Issues Guidance on Data Protection and Coronavirus

On March 13, 2020, the Belgian data protection authority (“APD”) issued guidance on data protection and COVID-19. The guidance is mainly aimed at employers processing personal data of employees in the context of the measures they have taken to contain the spreading of COVID-19. The guidance is divided in the following three parts: legal basis … Continue Reading

Hungarian Supervisory Authority Issues Guidance on Data Protection and Coronavirus

On March 10, 2020, the Hungarian National Authority for Data Protection and Freedom of Information (“NAIH”) issued guidance on data protection and COVID-19. The NAIH highlights that controllers processing personal data in the context of their efforts to prevent the spread of COVID-19 must comply with the GDPR as well as Hungarian data protection law. … Continue Reading

Spanish Supervisory Authority Issues Statement on Data Protection and Coronavirus

On March 12, 2020, the Spanish Supervisor Authority (“AEDP”) issued a statement and a report on data protection and COVID-19. The AEPD highlights that controllers processing personal data in the context of their effort to prevent COVID-19 must comply with the GDPR, the Spanish Data Protection Law and the Spanish sectorial health laws. However, the … Continue Reading

UK Supervisory Authority Issues Statement on Data Protection and Coronavirus

 On March 12, 2020, the UK Supervisory Authority (“ICO”) issued a statement on data protection and coronavirus (“COVID-19”).  The statement makes clear that the ICO will take a “reasonable and pragmatic” approach regarding compliance with the GDPR in light of the current health emergency. Similar to the Irish Supervisory Authority (see our previous blog here), … Continue Reading

Irish Supervisory Authority Issues Guidance on Data Protection and COVID-19

On March 6, 2020, the Irish Supervisory Authority (“DPC”) issued guidance on how companies should process personal data when taking steps to contain the spread and mitigate the effects of COVID-19. The DPC made clear that data protection law does not stand in the way of the provision of healthcare and the management of public health issues, but stressed that companies should be … Continue Reading

Norwegian Supervisory Authority Issues COVID-19 Guidance

On March 10, 2020, the Norwegian Supervisory Authority (“Datatilsynet”) issued guidance on the processing of personal data in the context of the corona virus (“COVID-19”) crisis (see here, in Norwegian). Datatilsynet stressed that the GDPR allows the processing of special categories of data (e.g., health data) if the processing is necessary for the purposes of … Continue Reading

Advocate General delivers opinion on GDPR consent

On March 4, 2020, Advocate General Szpunar (“AG”) delivered his opinion in the case C-61/19 Orange România SA v Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP).  The AG concluded that a printed telecommunication contract stating that customers consent to the processing of a copy of their identification card does not meet … Continue Reading

French Supervisory Authority issues COVID-19 Guidance

On March 6, 2020, the French Supervisory Authority (“CNIL”) released a statement on processing personal data in light of COVID-19. The CNIL notes that while everyone should take measures to prevent the spread of the virus, such efforts must comply with applicable data protection rules, in particular when collecting and processing sensitive health data. As … Continue Reading

Danish Supervisory Authority Issues COVID-19 Guidance

On March 5, 2020, the Danish Supervisory Authority (“Datatilsynet”) issued a guidance document in which it clarifies how companies should process the personal data of their employees in the context of the coronavirus (“COVID-19”) crisis (see here, in Danish). This follows the publication of a similar guidance by the Italian Supervisory Authority (“Garante”) (see our … Continue Reading
LexBlog