Law Bulletins
Michael R. Young
Partner Atlanta
- E michael.young@taftlaw.com
- T (404) 495-8481
- F (404) 365-9532
Summary
Michael advises and represents clients on complex privacy, AI and data protection issues. From pre-venture startups to some of the most recognizable brands in the world, whether strategic or transactional, Michael specializes in helping companies find answers that are right for them given their unique challenges. For example, Michael advises:
- Applicability of various privacy, AI, and cybersecurity laws
- New product / service development, especially when involving AI technologies, and/or personal data inputs or exposure
- Technical compliance advising under a myriad of specific privacy and AI laws and regulations (see partial list below)
- Contract negotiations, complex or simple
- Development of form contracts, data privacy assessments
- Diligence review and advising in mergers and acquisitions contexts (from both seller and buyer sides)
- Impact of privacy/data/AI on exit events
- Data transfers, data localization, and other go-global strategies
- Private and public complaints, investigations, demands, including a Congressional subpoena
- Privacy- and AI- notices
- Company position/status as “controller,” “processor,” “developer,” “deployer,” “business,” “initiator,” and many other terms of art with legal consequences for privacy and AI compliance
- Data lake, data sharing, brokering, and marketing strategy (including within affiliated companies and with third parties)
Michael has a leadership role supporting the firm’s FinTech privacy work, and has advised some of the largest, global, financial companies in the world. You can learn more about Taft’s FinTech services, including privacy services, here.
Michael’s deep and broad experience includes work with many different privacy and AI statutes over more than a decade. Michael has helped develop advice under:
- State comprehensive privacy laws
- State AI laws
- Federal and state children’s privacy laws, including the Children’s Online Privacy Protection Act
- Video Privacy Protection Act
- Telephone Consumer Protection Act (TCPA)
- CAN-SPAM
- Vehicle privacy / vehicle data record laws
- Wiretapping laws (especially in response to plaintiff demands)
- International data protection and transfer laws
- Financial privacy laws, including Gramm Leach Bliley, New York Department of Financial Services Cybersecurity Regulation (“Part 500”), state law implementing NAIC ML 670 and 672 privacy regulations and other state insurance regulations
- California and Vermont financial privacy statutes
- the Affiliate Marketing Rule under the Fair Credit Reporting Act (and implementing regulations)
- SEC Cybersecurity Rules
- Data broker laws
- Data breach and cybersecurity laws and rules
- And others
Michael has substantial experience handling international matters for global clients in dozens of countries. This international privacy experience enables practical engagements with specialized local counsel when needed to resolve local privacy issues through a network of local contacts.
In addition to his legal practice, Michael Young often speaks and writes on privacy and AI topics, including co-authoring a popular privacy textbook.
Awards
Best Lawyers: Ones to Watch, Technology Law, 2021, 2023 – 2025
All Service Areas
Education
- New York University (2011)
Master of Laws (LL.M.)
- Ohio State University (2010)
Juris Doctor (J.D.)
- College of Wooster (2007)
Bachelor of Arts (B.A.)
Admissions
- State - Georgia
- State - New York
- State - New Jersey
- State - Ohio
Notable Matters
- Developed data sharing compliance framework to support multi-branded digital platform initiative for large international bank.
- Provided privacy due diligence support for mobile tech support application for device warranties and insurance.
- Supported compliance project planning for numerous in response to the California Consumer Privacy Act.
- Assisted a U.S. national provider of insurance and investment services in support of a major IT project to consolidate customer service functions across the organization, including identification of applicable data use restrictions, revisions to Gramm-Leach-Bliley and online privacy notices, and related data management advice.
- Support negotiation of privacy and data management provisions in complex service contracts worth billions of dollars.
*Conducted while at another firm.
News
Intra-Company Data Transfers: Compliance Risks and EDTA Solutions Law Bulletins
Privacy and AI Checklist for the New Year Law Bulletins
AI in Recruiting, Interviewing, and Hiring News
The Big Long List of U.S. AI Laws