Michael Young

Michael Young’s practice focuses primarily on data privacy and security as a member of the firm’s Technology, Privacy & IP Transactions Group. Read more→

AG Empowers EU Privacy Suits with Redress Act Designations

Posted on: 19 Jan 2017

Earlier this week, the U.S. Attorney General designated 26 countries and the European Union as “covered countr[ies]” under the Judicial Redress Act. The Attorney General has simultaneously designated 13 “Federal agenc[ies] or component[s]” under the Act. These designations enable citizens of the “covered countr[ies]” to sue and seek remedies in U.S. court if one of the designated “Federal agenc[ies] or component[s]” violates the Privacy Act of 1974. The Privacy Act protects against intentional or willful unlawful disclosure of covered records containing personal information and […] Read more

Swiss-U.S. Privacy Shield Finalized

Posted on: 16 Jan 2017

On January 11, U.S. and Swiss authorities announced final agreement on the Swiss-U.S. Privacy Shield Framework. The Framework defines standards for handling personal data exported from Switzerland to the U.S. and enables U.S. companies to meet Swiss legal requirements to protect personal data transferred from Switzerland. The Framework is a successor to the former Swiss-U.S. Safe Harbor framework, which was declared invalid by the Swiss data protection commissioner following the invalidation of Safe Harbor by the European Court of Justice.   U.S. companies may participate in the Framework […] Read more

Alston & Bird Issues Advisory on Six Myths of Breach Response

Posted on: 13 Jul 2016

Alston & Bird recently issued an Advisory entitled “Six Myths of Breach Response,” authored by Jim Harvey. As data breaches are on the rise, so are the challenges that businesses face in handling these security incidents. This Advisory identifies six strategic pitfalls to avoid when responding to breaches. The Advisory addresses the true significance of public notification, common mistakes in preserving attorney-client privilege, and tough choices regarding the selection of public relation, investigative, and legal counsel. Jim Harvey co-chairs Alston & Bird’s Cybersecurity Preparedness […] Read more

Turkey’s New Data Protection Law

Posted on: 14 Apr 2016

Turkey’s new “Law on the Protection of Personal Data” has entered into effect following passage by the Turkish Parliament in late March and official publication last week.  The Data Protection Law adopts a broadly European model for data protection and helps clarify key aspects of the regulation of personal data under Turkish law. This blog post examines the law and highlights certain important provisions. Scope The Data Protection Law applies to the “personal data” of natural persons where that personal data is processed “wholly or partly by automatic means,” and to non-automatic […] Read more

CFPB Brings First Enforcement Action on Data Security

Posted on: 04 Mar 2016

On March 2, the federal Consumer Financial Protection Bureau (CFPB) for the first time brought an enforcement action related to data security. The CFPB consent order imposes a $100,000 fine and five years of regulatory oversight for online payments provider Dwolla. The action sends a clear message that the CFPB intends to actively regulate the data security representations of consumer finance service providers. The CFP Act, passed in 2010 as part of the Dodd-Frank Act, grants the CFPB authority to take action to prevent “a covered person or service provider from committing or engaging in an […] Read more

Judicial Redress Act Enacted

Posted on: 25 Feb 2016

Yesterday evening, President Obama signed the Judicial Redress Act (“the Act”) into law. The Act extends the 1974 “Privacy Act” and provides qualifying non-U.S. individuals with limited rights to review, copy, and request amendments to records about themselves maintained by federal government agencies. We previously examined a draft of the bill on this blog here. As previously explained, the Act only extends Privacy Act protections to citizens of “covered countries” which have “effectively shared” information with the U.S. for law enforcement purposes. The Act signed by President […] Read more

Managing the E.U. Data Transfer Landscape

Posted on: 04 Feb 2016

On January 28, Alston & Bird presented “Practical and Strategic Considerations in Today’s EU Data Transfer Landscape.” The panel addressed new laws and breaking events in European Union data privacy. The panel reviewed the status of talks around a revised “Safe Harbor 2.0” following the invalidation of Safe Harbor last October. The panel offered strategic next steps for dealing with data transfers whether or not U.S. and E.U. officials agree to a revised Safe Harbor framework. (At the time of this post, it appears that a revised Safe Harbor 2.0 framework has been agreed.) Other […] Read more

Revised Safe Harbor Agreed: Introducing the New “EU-U.S. Privacy Shield”

Posted on: 02 Feb 2016

European Commission and U.S. officials today announced reaching a “political agreement” on a new Safe Harbor framework. The new framework will be called the “EU-U.S. Privacy Shield.” In a press conference and a press release today, European officials highlighted the following points about the new framework: Limitations on surveillance: Commission officials report that the U.S. has provided “written assurances” that “the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms.” Annual […] Read more

Statement from Peter Swire on Safe Harbor Agreement

Posted on: 02 Feb 2016

Peter Swire issued the following statement today following news of a revised Safe Harbor framework. Today the European Union and United States announced a new framework for transatlantic data flows, called the EU-US Privacy Shield.   This will update the EU-US Safe Harbor agreement, for which I was part of the negotiating team in 2000.  At the invitation of European Union privacy officials, I testified in December 2015 about “US Surveillance Law, Safe Harbor, and Reforms Since 2013,” available here. The US has made multiple and important reforms to its surveillance law since the Snowden […] Read more

Examining the Judicial Redress Act

Posted on: 26 Jan 2016

The proposed Judicial Redress Act has recently been touted as a critical step towards developing a revised “Safe Harbor 2.0″ framework. (See our prior posts on Safe Harbor here and here.) This post summarizes the essential provisions of the bill as passed by the House of Representatives and currently pending before the U.S. Senate. As currently drafted, the Judicial Redress Act extends privacy protections and remedies available under the federal Privacy Act to qualifying non-U.S. individuals. The Privacy Act, enacted in 1974, provides individuals with limited rights to review, copy, and request […] Read more