Dan Cooper

Dan Cooper

Daniel Cooper heads up the firm’s growing Data Privacy and Cybersecurity practice in London, and counsels clients in the information technology, pharmaceutical research, sports and financial services industries, among others, on European and UK data protection, data retention and freedom of information laws, as well as associated information technology and e-commerce laws and regulations. Mr. Cooper also regularly counsels clients with respect to Internet-related liabilities under European and US laws. Mr. Cooper sits on the advisory boards of a number of privacy NGOs, privacy think tanks, and related bodies.

Subscribe to all posts by Dan Cooper

EU’s Highest Court Invalidates Safe Harbor with Immediate Effect

By Jetty Tielemans, Dan Cooper, Mark Young and Kristof Van Quathem on Posted in European Union, International
Today, the Court of Justice of the European Union (the “CJEU”) invalidated the European Commission’s Decision on the EU-U.S. Safe Harbor arrangement (Commission Decision 2000/520 – see here). The Court responded to pre-judicial questions put forward by the Irish High Court in the so-called Schrems case. More specifically, the High Court had enquired, in particular, … Continue Reading

Highlights of the Canada Digital Privacy Act 2015

By Dan Cooper on Posted in Canada
On June 18, 2015, the Canadian Parliament passed the Digital Privacy Act (DPA), Senate Bill S-4, into law.  The DPA amends Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA) in important respects, including introducing a new data breach notification requirement (which is not yet in force) and making other … Continue Reading

CJEU Hears Oral Arguments in Pivotal EU-U.S. Safe Harbor Case

By Dan Cooper on Posted in European Union, International
By Dan Cooper and Phil Bradley-Schmieg On March 24, 2015, the Court of Justice of the EU (CJEU) heard arguments in Case C-362/14 (Schrems).  The High Court of Ireland has asked the CJEU whether Ireland’s data protection authority (DPA) — and by extension other EU DPAs — is bound by the Commission’s adequacy decision (Decision 520/2000/EC) … Continue Reading

Top 10 International Privacy Developments of 2014

By Dan Cooper on Posted in European Union, International
  The CJEU “Right to be Forgotten” Ruling.  In May 2014, the Court of Justice of the European Union (CJEU) delivered an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12).  The CJEU’s decision re-interpreted European data protection law to include … Continue Reading

EU Justice Ministers Reach A Common Position on Aspects of the Draft EDPR

By Dan Cooper on Posted in European Union
On June 6, 2014, the Justice and Home Affairs Council of the European Union (the “Council”), representing individual EU Member States, reached a common position on certain important aspects of the draft European Data Protection Regulation (the “Regulation”).  Specifically, the Council reached an agreement on rules governing transfers of personal data outside the EU, set … Continue Reading

Google, the CJEU, and the Long Arm of European Data Protection Law

By Dan Cooper on Posted in European Union, Online
By Dan Cooper, Mark Young and Kristof van Quathem On May 13, the European Court of Justice (the “Court”) handed down an important judgement in a referral from Spain’s National High Court involving Google, a Spanish national, and the Spanish data protection authority (Case C-131/12).  The decision has wide-ranging consequences regarding the application of EU … Continue Reading

European Regulators Set Out Data Anonymization Standards

By Dan Cooper on Posted in Data Security, European Union
By Kristof van Quathem and Dan Cooper On April 10, 2014, the Article 29 Working Party adopted an Opinion on anonymization techniques.  The Working Party accepts that anonymization techniques can help individuals and society reap the benefits of “open data” initiatives – initiatives intended to make various types of data more freely available – while … Continue Reading

European Regulators and the Eternal Cookie Debate

By Dan Cooper on Posted in Advertising & Marketing, European Union, International, Online, Privacy Policies, United Kingdom
By Dan Cooper and Mark Young This week, the Article 29 Working Party (the “WP29”) released an opinion paper on what constitutes “consent” for purposes of complying with the EU’s “cookie” rules — rules that were revised to include a consent requirement nearly four years ago.  The paper will be relevant to website providers that … Continue Reading

Irish Data Protection Commissioner and FTC sign Memorandum of Understanding

By Dan Cooper on Posted in Federal Trade Commission, International
The Data Protection Commissioner Billy Hawkes has signed a memorandum of understanding (MOU) with the Chairwoman of the U.S. Federal Trade Commission (FTC), Edith Ramirez.  The MOU is a statement of cooperation between the two agencies in their efforts to protect consumer privacy.  It includes provisions calling for cooperation in relation to enforcement of relevant … Continue Reading

French Data Protection Authority: 3-Month Deadline for Google to Comply With Privacy Laws

By Dan Cooper on Posted in Advertising & Marketing, European Union, International
The CNIL announced in a press release on Thursday that it has issued a formal notice to Google Inc. that requires the search engine to provide clear and sufficient information to users about how their data is being used. In particular, the Paris based regulator wants Google to: Define specified and explicit purposes to allow … Continue Reading

Vote on EU Data Protection Regulation Again Postponed

By Dan Cooper on Posted in European Union, International
Despite previous assertions to the contrary, the European Parliament’s Civil Liberties Committee (“LIBE”) announced on Wednesday that it would not be holding its important vote on the Proposed Data Protection Regulation before the summer recess. A new vote has not yet been scheduled but is planned for September or October 2013. As leading committee on … Continue Reading

EU Data Protection Working Party Sets Out App Privacy Recommendations

By Dan Cooper on Posted in Advertising & Marketing, European Union, International, Mobile
By Dan Cooper and Philippe Bradley This week the Article 29 Working Party released its Opinion 2/2013 on apps on smart devices (WP 202), a 30-page report on mobile app privacy and data protection considerations. This development follows on the Working Party’s Statement on the draft General Data Protection Regulation on 27 February 2013 (which … Continue Reading

The ICO Responds to the Leveson Report

By Dan Cooper on Posted in European Union, International, United Kingdom
By Dan Cooper, Helena Marttila & Fredericka Argent Following the 2011 News International phone-hacking scandal, the UK government commissioned an in-depth inquiry into the accusations made against the British press to be conducted by Lord Justice Leveson.  The “Leveson Inquiry” was a full-scale investigation, which culminated in an approximately 2000-page report published in November 2012.  The … Continue Reading

Australia Introduces New Privacy Act

By Dan Cooper on Posted in Uncategorized
By Daniel Cooper and Fredericka Argent On 29 November 2012, the Office of the Australian Information Commissioner announced that the Australian government passed the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (“the Act”). The Act, due to come into force in March 2014, is the biggest reform to Australian privacy law in over 20 … Continue Reading

The European Court of Justice Rules That Austria’s Data Protection Authority Is Not Sufficiently Independent

By Dan Cooper on Posted in European Union, International
On 16 October 2012, the Court of Justice of the European Union (“CJEU”) ruled in favour of the European Commission in its claim against Austria that the Austrian Data Protection Authority, the Datenschutzkommission (“DSK”), was not independent from the Austrian government as required under Article 28 of the EU’s Data Protection Directive. The Commission’s action was … Continue Reading

CNIL and Article 29 Working Party Release Report on Google Privacy Policy

By Dan Cooper on Posted in European Union, International
By Dan Cooper On 16 October, 2012, the French data protection authority, the CNIL, released a report on behalf of the Article 29 Working Party that examines Google’s compliance with European data protection law.  The report marks a new stage in an investigation which began nine months ago, when Google announced that it intended to … Continue Reading

ICO Issues New £250,000 Fine to Scottish Local Government Body

By Dan Cooper on Posted in Data Security, United Kingdom
On 11 September 2012, the UK Information Commissioner’s Office (ICO) announced that it had fined the Scottish Borders Council £250,000 under the Data Protection Act 1998 (the DPA) following the discovery of a former Council employee’s pension records in a supermarket’s car park paper recycling bank. The document was one of at least 676 files … Continue Reading

UK Parliament Committees Open Consultations on Proposed Data Protection Regulation and Proposed Communications Data Bill

By Dan Cooper on Posted in European Union, International, United Kingdom
On 12 July, 2012, the Justice Select Committee, the body tasked by the UK Parliament’s European Scrutiny Committee to give its opinion on the EU Commission’s proposals to reform EU data protection laws, launched a call for written evidence on the following questions:  Will the proposed Regulation strike the right balance between the need, on … Continue Reading

Grace Period for Compliance with New Korean Privacy Law Ended this Spring

By Dan Cooper on Posted in Data Security, International
South Korea's new comprehensive privacy law, the Personal Information Protection Act, promulgated on 29 March 2011, is now in effect. The Korean government allowed a grace period for companies to comply with the provisions of the new law and this came to an end on March 31st 2012. In relation to the private sector, the new legislation replaces some aspects of the Act on Promotion of Information and Communications Network Utilization and Information Protection (ICN Act). Described by privacy commentators as one of the strictest privacy laws in the world, the new legislation reflects the baseline standards of the OECD Privacy Guidelines and the APEC Privacy Framework (2004) to a large extent and also appears to exceed those requirements in several respects. This is an introduction to some of the core provisions of the new legislation:… Continue Reading

Article 29 Working Party Publishes Guidance On Cookie Rule Exemptions

By Dan Cooper on Posted in European Union, International
On Tuesday, June 12, the Article 29 Working Party (WP29), a group of European data protection authorities, published an opinion on the exemptions available to the new cookie rules introduced by the revised EU ePrivacy Directive.  The opinion provides guidance on the implementation of the available exemptions to the requirement to obtain internet users’ informed … Continue Reading

Consent in EU Data Protection Law

By Dan Cooper on Posted in Data Security, European Union, International
I recently published an editorial with the European Privacy Association regarding the concept of “consent” under the EU’s Framework Data Protection Directive that is available here.   As the editorial explains, the concept is a fundamental fixture of the EU’s data protection regime featuring in data protection law in a variety of different ways, from “unambiguous” … Continue Reading
LexBlog