Mark Young

September 24, 2020, Incident Response Forum Europe 2020

June 8, 2020, Covington Alert

On 19 May 2020, easyJet announced that personal data of approximately 9 million customers worldwide had been unlawfully accessed by third parties in a “highly sophisticated cyber-attack”. Data stolen by the cyber-attackers includes credit card details of 2,000 of the affected customers and, for most other customers, travel details such as departure and arrival ...

January 31, 2020, Covington Alert

At 11 p.m. tonight, the UK will officially leave the EU. Although this is a significant milestone in the development of the UK’s data protection framework, the UK will remain very closely linked to the EU in the short term at least, and for many the change may be imperceptible.

April 17, 2018

October 6, 2015, CNBC Europe

Mark Young discussed a ruling from the highest court in the EU that invalidated a key EU-US data sharing agreement.

March 2021

As the legal, regulatory, and commercial implications of coronavirus COVID-19 continue to evolve, our lawyers and advisors are helping clients navigate the complex considerations that companies around the world are facing and develop plans and strategies in response. Reach out to our COVID-19 task force at COVID19@cov.com. Below is a compendium of resources ...

March 2021

Since the beginning of the Brexit process in 2016, Covington’s Brexit Task Force–comprised of over 40 lawyers and former senior diplomats and policymakers, in London, Brussels, Frankfurt, Dublin, and Washington–has advised clients in a wide range of industries on the challenges and opportunities created by this historic event. While the EU-UK negotiations have ...

February 10, 2021, Inside Privacy

In this blog post, we look at a recent decision by the UK Court of Appeal and a separate prosecution brought by the Information Commissioner’s Office (“ICO”; the UK data protection authority), which together serve as a cautionary tale for employees and prospective future employers of the risks of civil liability and criminal conviction for...… Continue Reading

February 10, 2021, Covington Alert

In this alert we look at a recent decision by the UK Court of Appeal and a separate prosecution brought by the Information Commissioner’s Office (“ICO”; the UK data protection authority), which together serve as a cautionary tale for employees and prospective future employers of the risks of civil liability and criminal conviction for confidential information ...

February 1, 2021, Inside Privacy

On January 18, 2021, the European Data Protection Board (“EDPB”) published its draft Guidelines 01/2021 on Examples regarding Data Breach Notification (“Guidelines”) (available here).  The Guidelines aim to assist data controllers in responding to and assessing the risk of personal data breaches, providing “practice-oriented, case-based guidance” which draws ...

January 15, 2021, Inside EU Life Sciences

In addition to releasing the new EU Cybersecurity Strategy before the holidays (see our post here), the Commission published a revised Directive on measures for high common level of cybersecurity across the Union (“NIS2”) and a Directive on the resilience of critical entities (“Critical Entities Resilience Directive”). In this blog post, we summarize key ...

January 15, 2021, Covington Digital Health

In addition to releasing the new EU Cybersecurity Strategy before the holidays (see our post here), the Commission published a revised Directive on measures for high common level of cybersecurity across the Union (“NIS2”) and a Directive on the resilience of critical entities (“Critical Entities Resilience Directive”). In this blog post, we summarize key ...

January 15, 2021, Inside Privacy

In addition to releasing the new EU Cybersecurity Strategy before the holidays (see our post here), the Commission published a revised Directive on measures for high common level of cybersecurity across the Union (“NIS2”) and a Directive on the resilience of critical entities (“Critical Entities Resilience Directive”). In this blog post, we summarize key ...

December 22, 2020, Inside Privacy

On December 15, 2020, the Irish Data Protection Commission (“DPC”) fined Twitter International Company (“TIC”) EUR 450,000 (USD 500,000) following a narrow investigation into TIC’s compliance with obligations to (a) notify a personal data breach within 72 hours under Article 33(1) GDPR; and (b) document the facts of the breach under Article 33(5) GDPR. The...… ...

December 3, 2020, Inside Privacy

On 25 November 2020, the European Commission published a proposal for a Regulation on European Data Governance (“Data Governance Act”).  The proposed Act aims to facilitate data sharing across the EU and between sectors, and is one of the deliverables included in the European Strategy for Data, adopted in February 2020.  (See our previous blog...… Continue ...

December 3, 2020, Covington Digital Health

On 25 November 2020, the European Commission published a proposal for a Regulation on European Data Governance (“Data Governance Act”).  The proposed Act aims to facilitate data sharing across the EU and between sectors, and is one of the deliverables included in the European Strategy for Data, adopted in February 2020.  (See our previous blog...… Continue ...

October 5, 2020, Inside Privacy

On October 1, 2020, the Hamburg Data Protection Authority (“Hamburg DPA”) fined H&M, the Swedish clothing company, over €35 million for illegally surveilling employees at its service center in Nuremberg.  This fine is the largest financial penalty issued by a German DPA to date for a violation of the European General Data Protection Regulation (“GDPR”),...… ...

September 29, 2020, Inside Privacy

On 10 September 2020, the UK Information Commissioner’s Office (“ICO”) published its beta-phase “Accountability Framework” (“Framework”).  The Framework is designed to assist organisations, of any size and across all sectors, in complying with the accountability principle under the GDPR and in meeting the expectations of the ICO. The Framework will help those ...

September 14, 2020, Covington Alert

The English High Court has recently awarded damages in a data privacy case, with two features of particular interest1. First, the nature of the claim is more reminiscent of a claim in defamation than for data privacy breaches, which is a development in the use of data protection legislation. Secondly, the damages awarded (perhaps influenced by the nature of the ...

September 2, 2020

BRUSSELS–Covington has named Dan Cooper to lead its European data protection practice as co-chair of the firm’s global Data Privacy & Cybersecurity Practice, and he has relocated to Brussels to be closer to the institutions and courts that govern the European data privacy landscape. The firm has more than 100 lawyers focused on data privacy and cybersecurity ...

May 27, 2020, Inside Privacy

On May 4, 2020, the European Data Protection Board (“EDPB”) updated its guidelines on consent under the GDPR.  An initial version of these guidelines was adopted by the Article 29 Working Party prior to the GDPR coming into effect, and was endorsed by the EDPB on May 25, 2018. The revisions do not amount to...… Continue Reading

April 2, 2020, Inside Privacy

On 1 April 2020, the UK Supreme Court handed down its ruling in WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12.  The Court ruled that Morrisons was not vicariously liable for a data breach deliberately perpetrated by an employee.  The judgment is significant in that it overturned the decisions of the two lower...… Continue Reading

April 2, 2020, Law360

Mark Young spoke with Law360 about a UK Supreme Court case involving the intentional breach of customer data information by an employee at Morrisons. The court ruled Morrisons will no longer  have to pay a fine. Mr. Young says this is the “dual-edged result” of the Supreme Court judgment. Although a company is off the hook if an employee “goes off the deep end” ...

December 5, 2019, Covington Digital Health

The UK’s Information Commissioner’s Office (“ICO”) has issued and is consulting on draft guidance about explaining decisions made by AI.  The ICO prepared the guidance with The Alan Turing Institute, which is the UK’s national institute for data science and artificial intelligence.  Among other things, the guidance sets out key principles to follow and steps to ...

December 5, 2019, Inside Privacy

The UK’s Information Commissioner’s Office (“ICO”) has issued and is consulting on draft guidance about explaining decisions made by AI.  The ICO prepared the guidance with The Alan Turing Institute, which is the UK’s national institute for data science and artificial intelligence.  Among other things, the guidance sets out key principles to follow and steps...… ...

October 10, 2019, Covington Alert

On October 2, 2019, the English Court of Appeal handed down a landmark judgment in Lloyd v Google LLC [2019] EWCA Civ 1599 (“Lloyd”) concerning Google’s alleged misuse of the personal data of over 4 million iPhone users via cookies placed on the Safari browser.

August 6, 2019, Covington Digital Health

On July 25, 2019, the UK’s Information Commissioner’s Office (“ICO”) published a blog on the trade-offs between different data protection principles when using Artificial Intelligence (“AI”).  The ICO recognizes that AI systems must comply with several data protection principles and requirements, which at times may pull organizations in different directions.  ...

July 2, 2019, Thomson Reuters Regulatory Intelligence

June 19, 2019, Life Sciences Counsel Seminar & Dinner

June 7, 2019, Covington Digital Health

On June 3, 2019, the UK Information Commissioner’s Office (“ICO”), released an Interim Report on a collaboration project with The Alan Turing Institute (“Institute”) called “Project ExplAIn.” The purpose of this project, according to the ICO, is to develop “practical guidance” for organisations on complying with UK data protection law when using artificial ...

June 4, 2019, Thomson Reuters

Mark Young participated in a Q&A with Thomson Reuters about the EU Cybersecurity Act and its new cybersecurity certification schemes for information and communication technology products, services, and processes, especially internet of things devices. The interview also discusses how the Act supports the EU Directive on the Security of Network and Information ...

May 23, 2019, Webinar

October 15, 2018, FT Cyber Security Summit, London

March 5, 2018, Client Presentation, Tokyo, Japan

February 27, 2018, International Privacy + Security Forum, George Washington University

January 30, 2018, Law360

Law360 highlights the promotion of Covington's newest partners, including John Balzano, Lindsay Burke, Bradley Chernin, Christopher DeCresce, Guy Dingley, Matthew Dunn, Laura Flahive Wu, Pamela Forrest, Alexa Hansen, Megan Keane, Sam Pyun, Kyle Rabe, Ansgar Simon, Andrew Soukup, Emily Ullman, and Mark Young.

December 26, 2017

SILICON VALLEY—The Financial Times has recognized Covington among the most innovative firms in 2017 in the category of "Enabling Business Growth," for advising "Tencent in its acquisition of a $8.6bn majority stake in Supercell, the Finnish gaming company, while maintaining Supercell’s creative culture and retaining its employees by introducing incentive ...

November 2017, Pratt's Privacy & Cybersecurity Law Report

October 2, 2017

WASHINGTON—Covington has promoted 16 lawyers to its partnership. “It’s a great tribute to the firm’s vibrancy that we’re continuing to build an exceptional pipeline of new partners from within our ranks,” said Timothy Hester, Covington’s chair. “We’re confident that all 16 will add importantly to the firm’s strengths and will drive further expansion of core ...

September 18, 2017, Covington Alert

Last week, in his annual State of the European Union Address, the President of the European Commission Jean-Claude Juncker called out cybersecurity as a key priority for the European Union in the year ahead. In terms of ranking those priorities, President Juncker placed tackling cyber threats just one place below the EU leading the fight against climate change, ...

August 10, 2017, The Wall Street Journal

Mark Young is quoted in The Wall Street Journal's "Morning Risk Report" in an article regarding the Network and Information Systems directive. According to Young, “This is another data-related compliance requirement and it carries heavy penalties for failure to have in place appropriate network security measures."

June 22, 2017, API-IOGP Cybersecurity Europe Conference for the Oil and Natural Gas Industry

June 21, 2017, Facebook Design Jam

May 24, 2017, Covington Alert

On May 25, 2018, employers located or with staff in the European Union (“EU”) will have to comply with a new data protection law—Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data—commonly referred to as the General Data Protection Regulation (“GDPR”). This will ...

May 17, 2017, Covington Alert

Last Friday may mark the start of a new era in cyber crime. The first worldwide ransomware attack, commonly dubbed “WannaCry,” emerged on May 12. The malware is believed to have infected more than 300,000 computers in 150 countries to date. A cyber criminal or ring of criminals, taking advantage of an exploit made available by the ShadowBrokers hacker group that ...

March 2017, Computer Law Review International

February 15, 2017, Webinar

January 24, 2017, Law360

Mark Young and Ian Hargreaves are quoted in a Law360 article regarding the high level of cyberattacks on the financial services industry and the resulting regulatory pressures. According to Young, “The GDPR [General Data Protection Regulation] is a massive text with groundbreaking change in the data privacy area, in terms of compliance requirements and the new ...

October 19, 2016, Webinar

August 10, 2016, Webinar

June 24, 2016, Covington Alert

The UK has voted to leave the European Union in an advisory referendum. 52% leave - 48% remain. Were the UK to leave the EU, this would have significant implications for the UK and for international businesses operating in the UK. The longer term impact of the decision on the regulatory framework for the UK will depend, in part, on the relationship that the UK ...

June 21, 2016, Webinar

June 21, 2016

SILICON VALLEY—Covington advised Tencent Holdings Limited, a leading provider of internet service in China, in connection with its acquisition of a majority stake in Supercell from SoftBank. A consortium established by Tencent will acquire up to 84% of Supercell for $8.6 billion in a transaction valuing Supercell at approximately $10.2 billion. Supercell is a ...

May 26, 2016, Webinar

April 21, 2016, Covington Workshop

April 21, 2016, Webinar

March 17, 2016, Covington Workshop

March 2016, eHealth Law & Policy

February 25, 2016, Webinar

February 23, 2016, Employment Lawyers Association

February 19, 2016, Law360

Mark Young and Libbie Canter are quoted in this Law360 article offering tips on how deal makers can mitigate cybersecurity risks.  According to Young, any discovered incidents can give buyers pause on how  — and if — they want to move forward. “We’ve dealt with at least a couple examples where deals were at least delayed if not reconsidered because of ...

February 18, 2016, Covington Alert

January 21, 2016, Covington Webinar

December 21, 2015, Covington Alert

On December 15, the EU institutions finally agreed the text of the new EU data protection law, the General Data Protection Regulation (“GDPR”), completing a process that began in January 2012. The LIBE committee has published the consolidated version of the GDPR text. The GDPR heralds a new era of data protection. It replaces the existing data protection ...

December 8, 2015, Law360

Mark Young is quoted in a Law360 article discussing the EU Network and Information Security Directive, which sets a cybersecurity and breach reporting baseline for both critical infrastructure operators, as well as digital service providers. This directive, which is the first of its kind, comes after two years of negotiations. According to Young, “There’s going ...

December 8, 2015, InsidePrivacy Blog

December 2015, E-Commerce Law and Policy

October 6, 2015, Covington Alert

September 23, 2015, InsidePrivacy Blog

September 17, 2015, InsidePrivacy Blog

July 1, 2015, Webinar

June 12, 2015, InsidePrivacyBlog

May 13, 2015, Employment Lawyers Association Annual Conference (Leeds)

May 2015, Privacy Laws & Business UK Report

April 17, 2015, Global In-House Employment Lawyers' Society (Cliveden)

March 13, 2015, CDR News

February 28, 2015, InsidePrivacy Blog

February 5, 2015, Covington and China Luxury Advisors (London)

December 9, 2014, Microsoft eHealth Conference (Brussels)

October 15, 2014, Employment Lawyers Association (London)

October 6, 2014, Covington E-Alert

August 5, 2014

LONDON, 5 August, 2014 — Covington & Burling advised Illumina on its partnership with Genomics England to provide infrastructure and expertise for a four-year project that aims to make the UK the world leader in genetic research into cancer and rare diseases, through funding research to decode 100,000 human genomes - a patient's personal DNA code. The deal is ...

May 14, 2014, InsidePrivacy Blog

May 1, 2014, IAPP Europe (London)

May 2014, Privacy Laws & Business

April 17, 2014

WASHINGTON, DC, April 17, 2014 — Covington & Burling is pleased to announce the promotion of four lawyers to of counsel and three lawyers to special counsel, effective April 1, 2014. The new of counsel are as follows: Lindsay Burke advises U.S., international, and multinational employers on employee management issues and international HR compliance. Her ...

April 8, 2014, InsidePrivacy Blog

March 15, 2014, InsidePrivacy Blog

February/March 2014, World Trademark Review

November 27, 2013, Covington E-Alert

October 24, 2013, InsidePrivacy Blog

October 24, 2013, Covington E-Alert

October 18, 2013, InsidePrivacy Blog

September 2013, Wayra

August 30, 2013, Covington E-Alert

June 26, 2013

LONDON, 26 June, 2013 — The UK Information Commissioner's Office has authorised GlaxoSmithKline’s 'Binding Corporate Rules' (BCRs) – a set of internal policies and procedures used to protect personal data across GSK’s operations globally. The privacy and data security team at Covington & Burling was instrumental in the development, implementation and ...

March 14, 2013, Inside Compensation

On 7 March 2013, the UK Information Commissioner’s Office (ICO) issued new guidance for employers on the use of personal devices for business purposes.  The guidance is largely informed by a survey commissioned by the ICO and carried out by the market research firm YouGov.  According to the survey, 47 percent of adults in the UK...… Continue Reading

March 14, 2013, InsideCompensation Blog

February 7, 2013, InsidePrivacy Blog

September 2012, Publisher Roundtable on Data Privacy in conjunction with The Publishers Association

March 27, 2012, Covington E-Alert

January 25, 2012, Covington E-Alert

December 8, 2011, Bloomberg Technology Law Report

July 2011, Privacy Laws & Business

March 8, 2011, InsidePrivacy Blog

February 15, 2011, EuroWatch

February 10, 2011, Covington Advisory

January 2011, 5th Annual Privacy & Data Protection Conference Ireland - The Law Society of Ireland (Dublin)

May 2010, Privacy Law & Business

March 2010, Westminster Legal Policy Forum and eForum Briefing Paper: Surveillance and Data Protection

November 20, 2009, Covington Advisory

October 2009, Privacy Law & Business

September 2009, Digital Publishing Forum, hosted by The Publishers Association, UCL, and EDItEUR

June 24, 2009, Covington E-Alert

June 2009, IT Law Today

March/April 2009, Landslide

October 2008, Trademark World

October 2008, Frankfurt Book Fair, International Publishers Association International Publishing Update 2008

September 2008, ICOMP Meeting (London)

July 19, 2008, Covington E-Alert

July/August 2008, Trademark World

July/August 2008, World Trademark Review

November 2007, presented at Edition Formation Entreprise (EFE) training day on e-commerce and pharmaceutical products (Paris)

September 2007, Patent World

8/6/2007

LONDON, 6 August, 2007 — Covington & Burling LLP is pleased to announce the appointment of two associates in the London office: Janet Kidd joins the European Life Sciences Group and Mark Young joins the European TMC Practice. Before qualifying as a solicitor, Janet spent 15 years in the pharmaceutical industry where she worked for household names such as Pfizer, ...

July/August 2007, Trademark World

October 2006, Computer and Telecommunications Law Review

August 2006, Entertainment Law Review

April 2006, E-Commerce Law & Policy

Summer 2005, International Journal of Law and Information Technology