The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Controller A (EEA) → Controller B (EEA) → Controller C (Non-EEA)
| Visual | Description and Implications |
 |
|
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Controller A (EEA) → Controller B (EEA) → Processor Z (Non-EEA)
| Visual | Description and Implications |
 |
|
Several modern state data privacy statutes refer to precise geolocation information as a “sensitive” category of personal information. What constitutes precise geolocation information differs slightly between and among states. The following table provides a side-by-side comparison of the how the states have defined the term.
| Click here for a side-by-side comparison of the how the |
Most modern state data privacy laws exempt from their definition of personal information “publicly available information.” What constitutes publicly available information differs between state privacy laws and may not correlate to the lay definition understood by many businesses and individuals. For example, while some businesses may consider information available on the internet “publicly available information
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Data Subject (EEA) → Processor Z-1 (non-EEA) → Processor Z-2 (EEA) → Controller A (EEA)
| Visual | Description and Implications |
| Background. Company A retains Company Z-2 | |
Controller A (Non-EEA) → Processor Z (Non-EEA) → Sub-processor Y (EEA) → Controller A (Non-EEA) (same country)
| Visual | Description and Implications |
 |
|
Modern state privacy laws mandate that agreements with service providers or processors contain specific contractual provisions to govern the parties’ relationship. Which provisions should be included in a vendor agreement, however, differ by state statute. In addition, some state privacy laws impose statutory obligations upon vendors that do not necessarily need to be memorialized in
Gretchen A. Ramos, Global Co-Chair of the Data, Privacy & Cybersecurity Practice, is quoted in a Bloomberg Law article titled “Bosses Brace for Worker Chaos If California Privacy Law Expands.”
UPDATE: The program, “The Proposed CPRA (California Privacy Rights Act) Regulations: What to look for, deciding whether to comment, and how to prepare,” originally scheduled to take place on Thursday, June 30 has been rescheduled as Chairperson Urban of the CPPA recently indicated that she will provide additional information regarding the timeline for public comment
No. A privacy framework describes a set of standards or concepts around which a company bases its privacy program. Typically, a privacy framework does not attempt to include all privacy-related requirements imposed by law or account for the privacy requirements of any particular legal system or regime. As a result, a company can utilize a