Mark Young

Mark Young

Mark Young is Special Counsel in the London office. Mark focuses his practice on data protection, cyber security and intellectual property.  He has particular expertise in regulatory compliance, legislative advocacy and online IP enforcement. Mr. Young advises global companies, particularly in the online/e-commerce, technology and pharmaceutical sectors, on all aspects of data protection and security.  He also advises on associated information technology and e-commerce laws and regulations.

In addition to regulatory compliance, Mr. Young advises leading technology companies and consortia on a wide range of law reform efforts in Europe.  This includes strategic advice and advocacy on EU and national initiatives, as well as references from Member State courts to the EU Court of Justice, relating to data privacy and retention, cyber security, copyright, trade marks, ecommerce, online liability, IP enforcement and software related policy.

In the IP enforcement space, Mr. Young represents rights owners in the sport, media, publishing, fashion and luxury goods industries, and helps coordinate a team of internet investigators who conduct global notice and takedown programs to combat internet piracy.

Subscribe to all posts by Mark Young

Advocate General Considers EU-U.S. Safe Harbor to be Invalid

This morning (September 23, 2015), EU Advocate General (“AG”) Bot issued an Opinion in Case C-362/14 Maximilian Schrems v Data Protection Commissioner (see our earlier post on the hearing here).  The AG Opinion has gone further than expected, covering not just the power of national data protection authorities in relation to complaints under the Safe … Continue Reading

UK Government Launches Cybersecurity Service For Healthcare Organizations

The UK government has announced a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system.  The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a full go-live in January 2016. … Continue Reading

Update on the Cybersecurity Directive – over to Luxembourg?

Next week we expect to find out if the Council of the EU will finally agree (“adopt a general approach”) on its version of the proposed General Data Protection Regulation (GDPR).  Progress with a “little brother” of the GDPR – namely the proposed Network and Information Security (NIS) Directive, tagged the Cybersecurity Directive – continues in parallel.  Before … Continue Reading

ICO Fines Insurance Company £175k for Data Security Breach, Criticising Lack of Policies

By Mark Young and Tom Jackson On February 20, 2015, the Information Commissioner’s Office (“ICO”) fined Staysure.co.uk Ltd (“Staysure”), an online travel insurer, £175,000 for failing to protect its customers’ personal data.  In addition to technical vulnerabilities, the ICO took into account Staysure’s lack of security policies and practices when levying the fine. In short, … Continue Reading

EU Data Retention Directive Declared Invalid by Court of Justice of the EU

By Philippe Bradley and Mark Young The Court of Justice of the European Union (CJEU) today held that the EU Data Retention Directive (Directive 2006/24/EC)1 is invalid.  The CJEU ruled that the retention of data under the Directive constitutes an impermissibly broad and serious interference with fundamental human rights to private life and the protection of personal … Continue Reading

European Parliament Votes to Ensure that the Proposed Network and Information Security Directive Focuses on Protecting Critical Infrastructure

It has been an eventful week in the European Parliament in relation to data privacy and security matters.  Having already voted in favor of the General Data Protection Regulation (“GDPR”) and endorsed a controversial report into allegations of mass surveillance, the European Parliament voted yesterday on the proposed Network and Information Security (“NIS”) Directive.  In … Continue Reading

Updating Ofcom’s Guidance on Network Security – New Consultation

In light of growing concerns over cybersecurity and evolving technology and operational practices, Ofcom (the independent regulator and competition authority for the UK communications industries) is seeking views on whether its existing guidance on network security should be revised.  Interested parties have until 21 February 2014 to respond.   Depending on the responses received, Ofcom intends … Continue Reading

What Companies Should Know About the LIBE Committee’s Amendments to the EU’s Proposed Data Protection Regulation

By Mark Young On Monday, the LIBE Committee of the European Parliament adopted proposed amendments to the Commission’s legislative proposal for a General Data Protection Regulation.  Earlier this week we summarized the vote and procedural details (here).  In this alert, we provide more detail on the amendments that companies are likely to care most about, … Continue Reading

Progress Report on the Proposed EU Network and Information Security Directive

By Mark Young and Oliver Grazebrook The Irish Presidency of the Council of the EU has published a progress report on negotiations at Member State level on the EU CyberSecurity Strategy and proposed EU Directive on Network and Information Security (“NIS Directive”).  As we summarised in this post, if enacted in its current form, the … Continue Reading

UK Government Calls for Evidence on EU Directive on Network and Information Security

To help prepare an impact assessment on the potential effects in the UK of the proposed EU Directive on Network and Information Security (“NIS Directive”), the UK Government has launched a call for evidence to gather data.  As we summarised in this post, if enacted in its current form, the NIS Directive will require companies … Continue Reading

EU Adopts CyberSecurity Strategy and Proposes Network and Information Security Directive

The European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, has today published a CyberSecurity Strategy alongside a Commission proposed Directive on Network and Information Security (“NIS”). While much of the Strategy and Directive is aimed at Member State governments (e.g., to improve capabilities and cooperation to prevent … Continue Reading

EU Data Privacy Rules to Extend to All Software and Hardware Manufacturers — Regardless of Whether They Process Personal Data?

As we reported last week, MEP Jan Philipp Albrecht, the rapporteur for the lead European Parliament Committee (LIBE) for the proposed EU Data Protection Regulation, has released a controversial report on the Commission’s proposal.  There have been several news articles and commentaries in recent days about numerous aspects of the report — including the threat … Continue Reading

European Data Protection Supervisor Issues New Opinion On Proposed European Regulation Of eIDs And Trusted Services

In a new opinion on the Commission’s proposal for a Regulation on electronic identification (“eID”) and trusted services, the European Data Protection Supervisor (“EDPS”) has called, amongst other things, for security measures that trust service providers must apply to their services to be specified directly in legislation rather than left to the Commission to define … Continue Reading

European Data Protection Supervisor Calls For Clearer and More Privacy-Friendly Rules On Internet Intermediary Liability

The European Data Protection Supervisor (EDPS), Peter Hustinx, recently published a response to a European Commission consultation on reform of the “notice-and-action” (“N&A”) procedure rules — i.e., the legal regime that requires Internet intermediaries to remove hosted content when they are notified that such content is illegal.  As set out in more detail below, the … Continue Reading

UK Government Launches Consultation on New Data Portability Requirement

The UK’s Department for Business, Innovation and Skills (BIS) has launched a consultation on proposals to compel suppliers of goods and services to provide consumers access, upon request, to their personal transaction and consumption data in an open standard machine-readable format.  The UK Government (UKG) would prefer that the data be supplied at no cost and … Continue Reading

Google Contacts ICO Stating That It Still Holds Some Street View Payload Data

In a surprise turn of events, Google has written today to the UK data protection authority (the “ICO”) and other regulators around the world stating that it still possesses some of the payload data collected by its Street View vehicles in 2010.  This follows the ICO re-opening its probe into Google’s Street View activity last … Continue Reading

Facial Recognition Opinion Targets Social Networks, Authentication Services and Games Consoles

The Article 29 Working Party (WP29) yesterday published an opinion on facial recognition in online and mobile services.  The WP29 states this technology requires “specific attention” as it presents “a range of data protection concerns”.  The opinion focuses on facial technology being used in three main contexts: identifying people in social networks; authenticating and verifying … Continue Reading

Q&A Regarding Proposed Reforms to European Data Protection Framework

As we have previously posted, on January 25, 2012, the European Commission proposed comprehensive measures to reform the European data protection framework.  Among other things, the proposal would impose restrictions on the processing of personal data relating to children; create a breach notification requirement in the EU; require organizations employing 250 or more persons to … Continue Reading

European Commission Proposes Comprehensive Data Protection Reform

Following more than two years of consultations and intense speculation in recent weeks, the European Commission today proposed comprehensive measures to reform the European data protection framework.  We currently are analysing the proposed reforms in detail, but it appears that the proposal for a General Data Protection Regulation largely mirrors earlier leaked drafts.  For example, … Continue Reading

Publication of the European Commission’s Proposal for a Data Protection Regulation Faces Delay

Following more than two years of extensive consultations on the review of the European data protection framework, the European Commission was expected to publish its proposal for a General Data Protection Regulation later this month.  As we reported on this blog, an early version of this proposal, which was widely leaked last December, contained several … Continue Reading

UK ICO Calls for More Privacy Audits

The U.K. Information Commissioner’s Office (ICO) issued a press release yesterday calling on companies to undergo more data protection audits.  (Currently, only some public sector entities in the UK can be made to undergo audits — the ICO can effectively only request to audit a private sector company).  The ICO issued the “warning” after releasing … Continue Reading

UK Information Commissioner Issues (Vague) Warning on Cookies

Since the 2009 amendments to Article 5(3) of the ePrivacy Directive (2002/58/EC) regarding cookies and consent, there has been considerable debate over what web sites and ad networks must do in order to deploy cookies lawfully, and over what constitutes informed consent from users (e.g., opt-in versus opt-out).  For a flavour, see the Article 29 Working Party Opinion 2/2010 on online behavioural … Continue Reading

Towards a European Cloud Computing Strategy

Following on from ENISA’s recent report on cloud computing in government, Commissioner Neelie Kroes set out some further thoughts on a European Cloud Computing Strategy last week at Davos.  In an encouraging sign for cloud providers and European industry more broadly, Commissioner Kroes spoke positively about the need to ensure that effective data protection and the EU’s Single … Continue Reading

Governmental Cloud in the EU – New ENISA Report

Hot on the heels of its report on data breach notifications in the EU, the EU’s cyber security regulator, ENISA, published yesterday a new report on cloud computing in the government.  The report is targeted at senior managers of public bodies who are considering cloud computing platforms and services, and it aims to highlight the … Continue Reading
LexBlog