Dan Cooper

Daniel Cooper heads up the firm’s growing Data Privacy and Cybersecurity practice in London, and counsels clients in the information technology, pharmaceutical research, sports and financial services industries, among others, on European and UK data protection, data retention and freedom of information laws, as well as associated information technology and e-commerce laws and regulations. Mr. Cooper also regularly counsels clients with respect to Internet-related liabilities under European and US laws. Mr. Cooper sits on the advisory boards of a number of privacy NGOs, privacy think tanks, and related bodies.

Subscribe to all posts by Dan Cooper

Swiss Federal Data Protection Authority Removes the US from its List of Adequate Countries

By Dan Cooper and Anna Oberschelp de Meneses on September 11, 2020 Posted in Cross-Border Transfers, Data Privacy

On September 8, 2020, the Swiss Federal Supervisory Authority (“Swiss SA”) issued a position paper stating that Swiss companies can no longer rely on the Swiss-US Privacy Shield Framework to transfer data to the US. The Swiss SA did not revoke the Swiss-US Privacy Shield Framework because it does not have the power to do … Continue Reading

Life After Schrems II: Practical Recommendations In An Uncertain Time

By Dan Cooper, Kristof Van Quathem and Nicholas Shepherd on September 4, 2020 Posted in Cross-Border Transfers, Data Privacy, EU Data Protection, European Union, Privacy and Data Security

On 16 July, 2020, the Court of Justice of the EU (“CJEU”), issued its decision in the Schrems II case. In short, the CJEU invalidated the EU-U.S. Privacy Shield and clarified that the use of standard contractual clauses (“SCCs”) requires data controllers to conduct a case-by-case assessment of the level of data protection that SCCs … Continue Reading

LGPD Effective Imminently

By Dan Cooper and Miles Lynn on August 27, 2020 Posted in Data Privacy, International

On August 26, 2020, the Brazilian Senate rejected an alteration made to Article 4 of Provisional Measure 959/20 — an alteration intended to postpone the effective date of the General Data Protection Law (“LGPD”) until December 31, 2020. Following the removal of Article 4 — and many months of uncertainty — the LGPD’s effective date … Continue Reading

Inside Privacy Audiocast: Episode 3 – Emerging Data Privacy Issues in Brazil

By Dan Cooper on August 27, 2020 Posted in Cross-Border Transfers, Data Privacy, International

On our third episode of our Inside Privacy Audiocast, we are aiming our looking glass at Brazil’s new data protection statute, Lei Geral de Proteção de Dados (or LGPD), and are joined by Ronaldo Lemos, a partner at Rennó Penteado. In our episode recorded earlier this week, Dan Cooper and Ronaldo discuss the LGPD, which … Continue Reading

An Uncertain Date: Preparing for the LGPD to Take Effect

By Dan Cooper on August 10, 2020 Posted in International

As businesses prepare for the Brazil General Law for Data Protection, or LGPD, one key provision is still up in the air: the date the law takes effect. Under the original law, the LGPD was scheduled to take effect next Sunday, August 16. For the past several months, however, that date has been a moving … Continue Reading

Inside Privacy Audiocast: Episode 2 – Data Protection Hot Topics in Russia

By Dan Cooper on August 10, 2020 Posted in Data Privacy, EU Data Protection, International

On the second episode of our Inside Privacy Audiocast, we are aiming our looking glass at Russia, and are joined for our discussion by Partner Maria Ostashenko and Senior Associate Anastasia Petrova of the Data Protection and Cybersecurity practice at the Alrud law firm in Moscow. The pair discuss Russia’s data protection framework, zooming in … Continue Reading

European Commission Publishes 2-Year Report on the Implementation of the GDPR

By Dan Cooper, Kristof Van Quathem, Nicholas Shepherd and Anna Oberschelp de Meneses on June 25, 2020 Posted in Data Privacy, EU Data Protection, European Union, Internet of Things (IoT), Online Targeting, Privacy and Data Security

On June 24, 2020, the European Commission (“Commission”) published its much-anticipated assessment of the EU’s General Data Protection Regulation (“GDPR”) two years after it went into effect. The assessment takes into account contributions from the European Council, the European Parliament, the European Data Protection Board (“EDPB”), individual supervisory authorities, the Multi-Stakeholder Expert Group and other … Continue Reading

French Council of State Decides that the French Supervisory Authority Cannot Prohibit Cookie Walls

By Kristof Van Quathem, Dan Cooper and Anna Oberschelp de Meneses on June 24, 2020 Posted in Data Privacy, European Union

On June 19, 2020, the French Council of State (Conseil d’État) decided that the French Supervisory Authority (“CNIL”) had gone too far in its guidance on cookies and similar technologies when it stated that conditioning a user’s access to a website upon his or her acceptance of certain cookies (commonly known as “cookie walls”) is … Continue Reading

ICO Issues COVID-19 Guidance for Employers

By Dan Cooper and Miles Lynn on May 17, 2020 Posted in COVID-19

On May 11, 2020, the UK Information Commissioner’s Office (“ICO”) published guidance on how employers should handle data in the event they choose to test their employees for COVID-19. The guidance provides a clear reminder that employers must comply with both the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”), and … Continue Reading

Italian Supervisory Authority Publishes FAQs on Data Protection and COVID-19

By Dan Cooper and Luca Tosoni on May 17, 2020 Posted in COVID-19

On May 6, 2020, the Italian Supervisory Authority (“Garante”) published a list of frequently asked questions (“FAQs”) and answers on data protection and COVID-19 (see here, in English). The FAQs build on and expand guidance previously issued by the Garante (see our blog post here), and take into account recent measures adopted by Italian authorities, such as … Continue Reading

Hungarian Government Suspends GDPR Data Subjects Rights

By Dan Cooper and Anna Oberschelp de Meneses on May 15, 2020 Posted in COVID-19

On May 4, 2020, the Hungarian Government issued a Decree that suspends, during the COVID-19 created state of emergency, the one-month deadline that controllers have under the GDPR to reply to data subject rights requests. The Decree also allows public entities to refuse or suspend freedom of information (“FOIA”) requests in certain situations. The Decree … Continue Reading

EDPB Issues New Guidance on the Use of Location Data and Contact Tracing in the Context of the COVID-19 Outbreak

By Dan Cooper and Luca Tosoni on April 24, 2020 Posted in COVID-19, Data Privacy, EU Data Protection, European Union, Health Privacy, Surveillance

As we anticipated in a previous blog post, on April 22, 2020, the European Data Protection Board (“EDPB”) issued new guidelines on the use of location data and contact tracing apps in the context of the present COVID-19 pandemic. The EDPB’s new guidelines complement and build on similar guidance previously issued by the Board itself … Continue Reading

UK ICO Issues Opinion on Apple-Google Initiative for a Contact Tracing Framework

By Dan Cooper and Nicholas Shepherd on April 24, 2020 Posted in COVID-19, Data Privacy, Data Security, Health Privacy, Privacy and Data Security, United Kingdom

On April 17, 2020, the UK’s Information Commissioner’s Office (“ICO”) issued an opinion on the recently announced Apple-Google initiative to develop a Bluetooth-based Contact Tracing Framework (“CTF”) to help prevent the spread of COVID-19. The ICO opinion is generally supportive of the Apple-Google proposal and perceives it to be, at this early phase, aligned with … Continue Reading

EU Commission Releases Guidance on COVID-19 Apps

By Dan Cooper and Miles Lynn on April 20, 2020 Posted in Big Data, COVID-19, Data Privacy, EU Data Protection, European Union, Health Privacy, Surveillance

On 8 April 2020, the European Commission adopted a recommendation on a common European Union toolbox for the use of technology and data to address the COVID-19 crisis (“Recommendation”). The Recommendation responds to calls for a common EU approach to the use of mobile apps in combatting COVID-19—one that improves the efficacy of the technology … Continue Reading

EDPB will issue data protection guidance on several topics relating to COVID-19

By Dan Cooper and Anna Oberschelp de Meneses on April 8, 2020 Posted in COVID-19, Data Privacy, European Union

On April 7, 2020, the European Data Protection Board (“EDPB”) announced that it assigned specific mandates to two expert subgroups to prepare guidance on a number of Covid-19 related topics. The list of topics chosen by the EDPB reflects those that have received the closest scrutiny by the national authorities.… Continue Reading

COVID-19 Apps and Websites – The “Pan-European Privacy Preserving Proximity Tracing Initiative” and Guidance by Supervisory Authorities

By Dan Cooper, Kristof Van Quathem and Anna Oberschelp de Meneses on April 2, 2020 Posted in COVID-19, EU Data Protection

Pan-European Privacy Preserving Proximity Tracing Initiative According to media sources, an EU consortium led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI) will soon release software code that can be used to create apps that will help track transmission chains of COVID-19. The Pan-European Privacy Preserving Proximity Tracing (“PEPP-PT”) project comprises more than 130 … Continue Reading

UK Supreme Court Rules That Supermarket Is Not Vicariously Liable For Data Breach Committed By Employee

By Mark Young, Dan Cooper, Louise Freeman, Richard Mattick, Fredericka Argent and Rosie Klement on April 2, 2020 Posted in Cybersecurity, Data Breaches, Data Privacy, Data Security, United Kingdom

On 1 April 2020, the UK Supreme Court handed down its ruling in WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12. The Court ruled that Morrisons was not vicariously liable for a data breach deliberately perpetrated by an employee. The judgment is significant in that it overturned the decisions of the two lower … Continue Reading

Greek Data Protection Authority Issues Guidelines on Data Protection and Coronavirus

By Dan Cooper and Spyridon Goulielmos on March 30, 2020 Posted in COVID-19, Data Privacy, Health Privacy

On 18 March, 2020, the Hellenic (Greek) Data Protection Authority (“HDPA”) issued guidelines on data protection and COVID-19. With these guidelines, the HDPA aims to provide guidance on the interpretation and application of data protection legislation during the COVID-19 pandemic. In this blog, we summarise the key points included in the HDPA’s guidelines. Categorization of … Continue Reading

Guidance released by EU Authorities on How to Ensure IT Security when Working Remotely

By Dan Cooper, Kristof Van Quathem and Anna Oberschelp de Meneses on March 23, 2020 Posted in COVID-19, Data Privacy, Data Security

In order to combat the proliferation of COVID-1, several EU Member States have strongly recommended or required that employees engage in teleworking, rather than attend work as normal. In this context, the European Union Agency for Cybersecurity (“ENISA”), on March 15, 2020, issued its “top tips for cybersecurity when working remotely”. Some data protection Supervisory … Continue Reading

COVID-19, Scientific Research and the GDPR – Some Basic Principles

By Dan Cooper and Kristof Van Quathem on March 20, 2020 Posted in COVID-19, Data Privacy, EU Data Protection

As scientists work around the clock to gain insights into the Corona virus and how to fight it, public and private-sector stakeholders are in discussions to promote the rapid exchange of scientific data. During these discussions, the GDPR acronym inevitably rears its head and casts doubt over what is lawful. The GDPR and national data … Continue Reading

Global Privacy Assembly Issues Statement on COVID-19

By Dan Cooper and Luca Tosoni on March 18, 2020 Posted in COVID-19, Data Privacy, European Union, Health Privacy

On March 17, 2020, the Executive Committee of the Global Privacy Assembly (“GPA”) issued a statement on data protection in the context of the COVID-19 pandemic. The GPA is an entity representing data protection and privacy regulators around the globe, formerly known as the International Conference of Data Protection and Privacy Commissioners (“ICDPPC”). The GPA … Continue Reading

Italian Government and Trade Unions Sign Protocol on Fighting COVID-19 in the Workplace

By Dan Cooper and Luca Tosoni on March 17, 2020 Posted in COVID-19, Data Privacy, EU Data Protection, Health Privacy

On March 14, 2020, the Italian Government and several trade unions have signed a protocol, which establishes specific procedures for fighting COVID-19 in the workplace. The protocol also includes provisions on the processing of personal data of employees. In particular, it provides that employers may subject their employees to pro-active body temperature controls before entering … Continue Reading