Mark Young is Special Counsel in the London office. Mark focuses his practice on data protection, cyber security and intellectual property. He has particular expertise in regulatory compliance, legislative advocacy and online IP enforcement. Mr. Young advises global companies, particularly in the online/e-commerce, technology and pharmaceutical sectors, on all aspects of data protection and security. He also advises on associated information technology and e-commerce laws and regulations.
In addition to regulatory compliance, Mr. Young advises leading technology companies and consortia on a wide range of law reform efforts in Europe. This includes strategic advice and advocacy on EU and national initiatives, as well as references from Member State courts to the EU Court of Justice, relating to data privacy and retention, cyber security, copyright, trade marks, ecommerce, online liability, IP enforcement and software related policy.
In the IP enforcement space, Mr. Young represents rights owners in the sport, media, publishing, fashion and luxury goods industries, and helps coordinate a team of internet investigators who conduct global notice and takedown programs to combat internet piracy.
By Philippe Bradley and Mark Young The Court of Justice of the European Union (CJEU) today held that the EU Data Retention Directive (Directive 2006/24/EC)1 is invalid. The CJEU ruled that the retention of data under the Directive constitutes an impermissibly broad and serious interference with fundamental human rights to private life and the protection of personal … Continue Reading
It has been an eventful week in the European Parliament in relation to data privacy and security matters. Having already voted in favor of the General Data Protection Regulation (“GDPR”) and endorsed a controversial report into allegations of mass surveillance, the European Parliament voted yesterday on the proposed Network and Information Security (“NIS”) Directive. In … Continue Reading
In light of growing concerns over cybersecurity and evolving technology and operational practices, Ofcom (the independent regulator and competition authority for the UK communications industries) is seeking views on whether its existing guidance on network security should be revised. Interested parties have until 21 February 2014 to respond. Depending on the responses received, Ofcom intends … Continue Reading
By Mark Young On Monday, the LIBE Committee of the European Parliament adopted proposed amendments to the Commission’s legislative proposal for a General Data Protection Regulation. Earlier this week we summarized the vote and procedural details (here). In this alert, we provide more detail on the amendments that companies are likely to care most about, … Continue Reading
By Mark Young and Oliver Grazebrook The Irish Presidency of the Council of the EU has published a progress report on negotiations at Member State level on the EU CyberSecurity Strategy and proposed EU Directive on Network and Information Security (“NIS Directive”). As we summarised in this post, if enacted in its current form, the … Continue Reading
To help prepare an impact assessment on the potential effects in the UK of the proposed EU Directive on Network and Information Security (“NIS Directive”), the UK Government has launched a call for evidence to gather data. As we summarised in this post, if enacted in its current form, the NIS Directive will require companies … Continue Reading
The European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, has today published a CyberSecurity Strategy alongside a Commission proposed Directive on Network and Information Security (“NIS”). While much of the Strategy and Directive is aimed at Member State governments (e.g., to improve capabilities and cooperation to prevent … Continue Reading
As we reported last week, MEP Jan Philipp Albrecht, the rapporteur for the lead European Parliament Committee (LIBE) for the proposed EU Data Protection Regulation, has released a controversial report on the Commission’s proposal. There have been several news articles and commentaries in recent days about numerous aspects of the report — including the threat … Continue Reading
In a new opinion on the Commission’s proposal for a Regulation on electronic identification (“eID”) and trusted services, the European Data Protection Supervisor (“EDPS”) has called, amongst other things, for security measures that trust service providers must apply to their services to be specified directly in legislation rather than left to the Commission to define … Continue Reading
The European Data Protection Supervisor (EDPS), Peter Hustinx, recently published a response to a European Commission consultation on reform of the “notice-and-action” (“N&A”) procedure rules — i.e., the legal regime that requires Internet intermediaries to remove hosted content when they are notified that such content is illegal. As set out in more detail below, the … Continue Reading
The UK’s Department for Business, Innovation and Skills (BIS) has launched a consultation on proposals to compel suppliers of goods and services to provide consumers access, upon request, to their personal transaction and consumption data in an open standard machine-readable format. The UK Government (UKG) would prefer that the data be supplied at no cost and … Continue Reading
In a surprise turn of events, Google has written today to the UK data protection authority (the “ICO”) and other regulators around the world stating that it still possesses some of the payload data collected by its Street View vehicles in 2010. This follows the ICO re-opening its probe into Google’s Street View activity last … Continue Reading
The Article 29 Working Party (WP29) yesterday published an opinion on facial recognition in online and mobile services. The WP29 states this technology requires “specific attention” as it presents “a range of data protection concerns”. The opinion focuses on facial technology being used in three main contexts: identifying people in social networks; authenticating and verifying … Continue Reading
As we have previously posted, on January 25, 2012, the European Commission proposed comprehensive measures to reform the European data protection framework. Among other things, the proposal would impose restrictions on the processing of personal data relating to children; create a breach notification requirement in the EU; require organizations employing 250 or more persons to … Continue Reading
Following more than two years of consultations and intense speculation in recent weeks, the European Commission today proposed comprehensive measures to reform the European data protection framework. We currently are analysing the proposed reforms in detail, but it appears that the proposal for a General Data Protection Regulation largely mirrors earlier leaked drafts. For example, … Continue Reading
Following more than two years of extensive consultations on the review of the European data protection framework, the European Commission was expected to publish its proposal for a General Data Protection Regulation later this month. As we reported on this blog, an early version of this proposal, which was widely leaked last December, contained several … Continue Reading
The U.K. Information Commissioner’s Office (ICO) issued a press release yesterday calling on companies to undergo more data protection audits. (Currently, only some public sector entities in the UK can be made to undergo audits — the ICO can effectively only request to audit a private sector company). The ICO issued the “warning” after releasing … Continue Reading
Since the 2009 amendments to Article 5(3) of the ePrivacy Directive (2002/58/EC) regarding cookies and consent, there has been considerable debate over what web sites and ad networks must do in order to deploy cookies lawfully, and over what constitutes informed consent from users (e.g., opt-in versus opt-out). For a flavour, see the Article 29 Working Party Opinion 2/2010 on online behavioural … Continue Reading
Following on from ENISA’s recent report on cloud computing in government, Commissioner Neelie Kroes set out some further thoughts on a European Cloud Computing Strategy last week at Davos. In an encouraging sign for cloud providers and European industry more broadly, Commissioner Kroes spoke positively about the need to ensure that effective data protection and the EU’s Single … Continue Reading
Hot on the heels of its report on data breach notifications in the EU, the EU’s cyber security regulator, ENISA, published yesterday a new report on cloud computing in the government. The report is targeted at senior managers of public bodies who are considering cloud computing platforms and services, and it aims to highlight the … Continue Reading
The EU’s ‘cyber security’ agency ENISA has issued a report on data breach notifications in the EU. The report is in response to the 2009 amendments to the ePrivacy Directive requiring telecom and Internet service providers to issue notifications for personal data breaches, which Member States must transpose into national legislation by May 2011. The … Continue Reading