Covington & Burling LLP operates as a limited liability partnership worldwide, with the practice in England and Wales conducted by an affiliated
limited liability multinational partnership, Covington & Burling LLP, which is formed under the laws of the State of Delaware in the United States
and authorized and regulated by the Solicitors Regulation Authority with registration number 77071..
Mark Young advises clients on data protection, cybersecurity and other tech regulatory matters. He has particular expertise in product counselling, GDPR regulatory investigations, and legislative advocacy. Mark leads on EU cybersecurity regulatory matters, and helps to oversee our internet enforcement team.
He has been recognized in Chambers UK as "a trusted adviser - practical, results-oriented and an expert in the field." Recent editions note that he is "deeply knowledgeable in the area of privacy and data protection," "fast, thorough and responsive," and has "great insight into the regulators."
Mark has over 15 years of experience advising global companies, particularly in the technology, health and pharmaceutical sectors, on all aspects of data protection and security. This includes providing practical guidance on analyzing and using personal data, transferring personal data across borders, and potential liability exposure. He specializes in advising in relation to new products and services, and providing strategic advice and advocacy on a range of EU law reform issues and references to the EU Court of Justice.
For cybersecurity matters, he counsels clients on practices to protect business-critical information and comply with national and sector-specific regulation, and on preparing for and responding to cyber-based attacks and internal threats to their networks and information. He has helped a range of organizations respond to cyber and data security incidents – including external data breaches and insider theft of trade secrets – through the stages of initial detection, containment, notification, recovery and remediation.
In the IP enforcement space, Mark represents right owners in the sport, media, publishing, fashion and luxury goods industries, and helps coordinate a team of internet investigators that has nearly two decades of experience conducting global notice and takedown programs to combat internet piracy.
Counsel to several major technology companies on GDPR and global data privacy compliance, particularly in relation to new features, products and services that involve cutting edge issues (e.g., AI, biometric data, Internet of Things devices, etc.).
Advises several pharmaceutical, biotech and healthcare companies on GDPR compliance; international transfers of data and the development, implementation and authorization of Binding Corporate Rules (BCRs); clinical trials and pharmacovigilance; cloud computing and service contracts; digital health products and services, including in relation to data analytics and rights; and internal investigations.
Advises a major cloud computing provider on compliance with security and incident reporting obligations that apply to digital service providers under the EU Network and Information Systems (NIS) Directive.
Counsel to multiple clients who have experienced a cyber / data security incident, including supervising technical investigations, advising on notification obligations and other legal risks, and representing clients before regulators around the world.
Coordinated an EU and ex-U.S. team as part of a 24/7 global incident response effort over several weeks in relation to a multifaceted systems and controls issue.
Back
