Our Website Uses Cookies 


We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.


For more information, please contact us or consult our Privacy Notice.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

Covid-19 fragments EU approach to data protection and privacy

February 11, 2021, International Financial Law Review

Dan Cooper spoke with International Financial Law Review about how COVID-19 has disjointed the GDPR. Mr. Cooper says, “the way that the GDPR works, companies that operate across the EU simply have to be nimble. As a result of this, companies have had to be nimble in their approach to implementing GDPR across different member states.”

Mr. Cooper adds, “For instance, with children's data, member states need to select what age a child can give unilateral consent and they're given out a range. Different countries have adopted different ranges. Secondly, not only does the GDPR expressly invite these kinds of variances from member states, but the very principles themselves are open to divergent interpretations.”

“For example, in Belgium, France, and the Netherlands, the attitude adopted was that employers shouldn't require employees to give them this information," says Mr. Cooper. "They could invite them to provide it, but they couldn't make it compulsory. On the other hand, you had countries such as Germany, UK, and Ireland where you'd find that many employers were expected to request this information in order to protect the health and safety of staff and employees in the workplace," he adds. In these countries the legal obligation to disclose this information was grounded within labor law compliance. Thus, “you would probably see more companies in those jurisdictions seeking this kind of information feeling like they needed to collect it to protect their coworkers.”

Mr. Cooper went on to say, “This problem started to appear immediately, and is yet to be effectively resolved. The EU received a lot of criticism for this fractured approach and privacy was in part driving that. There's not really a consistent pan-EU position so it makes it very difficult to adopt a consistent standard that puts us into a position where you have to be able to manage your response in a way that is flexible. It's going to be a challenge and it's going to be a long haul.”

Share this article: