Stacy Young

Stacy Young counsels clients across the breadth of technology regulation in the European Union and United Kingdom, including the General Data Protection Regulation (GDPR), the NIS2 Directive, the EU AI Act, the EU Digital Services Act, and the UK Online Safety Act. 

She advises on the development and deployment of new technologies, such as AI-integrated toys, AI-powered search engines, wearables and smart home devices, autonomous vehicles, and checkout-free retail technology. Stacy also advises companies on online platform and product compliance, cookie practices, and global business-to-business and business-to-consumer marketing and advertising programs. In addition, she has experience helping companies respond to cybersecurity incidents and comply with global incident notification obligations. 

Stacy also has experience advising life sciences companies on international clinical-trial data flows, patient consent forms, and marketing communications with healthcare professionals.  

Stacy maintains an active pro bono practice, providing guidance to nonprofits on their internal privacy practices and handling of sensitive health information, and delivering GDPR training sessions.