Photo of Gretchen A. Ramos

Gretchen A. Ramos is Global Co-Chair of the Data, Privacy & Cybersecurity Practice. Gretchen is a creative problem-solver that various large tech clients rely on to handle their most challenging data protection issues. Clients appreciate not only her legal skills, but also her direct, no-nonsense approach in providing advice. She works closely with her clients to manage data and leverage its value in ways to meet compliance obligations, as well as deliver value to the business and instill consumer trust.

As more children spend their time online exploring and learning, government bodies in the United States and internationally have enacted policies to ensure safer spaces, privacy, security, and protection for children online. The California Senate Judiciary Committee recently voted to advance two California bills to protect children’s online activities.

Closely modeled after the UK’s Children’s

On July 8, 2022, the California Privacy Protection Agency (CPPA) issued proposed amendments to the California Consumer Privacy Act (CCPA) regulations to harmonize them with the California Privacy Rights Act of 2020 (CPRA), which will go into effect on Jan. 1, 2023. Individuals or companies have until Aug. 23, 2022, at 5 p.m. to submit

On April 29, 2022, China’s National Information Security Standardization Technical Committee (commonly referred to as “TC260”) released a draft Technical Guideline on Personal Information Cross-Border Transfer Certifications (Cert Guideline). While the Cert Guideline is still in draft form and thus subject to change, it provides some clarification regarding the certification process for cross-border transfers of

In most contexts, employees should have a low expectation of privacy in the workplace. Their computers, desks, and other common areas may be subject to strict company control and their conduct subject to workplace policies. But as we will discuss in an upcoming two-part series on The Performance Review (Greenberg Traurig’s California Labor and Employment

On 04 June 2021, the EU Commission adopted two new sets of standard contractual clauses (SCC): one set for the transfer of personal data from the EU to third countries (Cross-Border SCC) and another set addressing certain clauses in controller-processor data processing agreements (DPA-SCC). The adoption was made some seven months after initial drafts

New regulations to the California Consumer Privacy Act (CCPA) took effect in March that prohibit businesses from using on their websites “dark patterns” that make it difficult for California consumers to opt out of the sale of their personal information.

A dark pattern is a potentially manipulative user interface design that can have the effect,

On March 2, 2021, Virginia Gov. Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA) into law, making Virginia the second state to have comprehensive data privacy legislation on the books. The CDPA is similar to the privacy regime enacted under the California Consumer Privacy Act (CCPA) and expanded under the California Privacy Rights

In late January, California’s Attorney General (AG) tweeted about the use of the new Global Privacy Control (GPC), informing California consumers that on certain browsers they can use GPC as a “stop selling my data switch” to exercise their right to opt out of the sale of their personal information (PI) in one step –

  1. EEA Cross-Border Transfers. The U.S. and the EU will work towards, and hopefully reach, a cross-border data transfer solution.
  2. Ransomware. More ransomware attacks and increased regulatory scrutiny of companies that pay ransom demands.
  3. Digital Advertising. Development of alternate marketing strategies, and perhaps more reliance on consumer opt-in, as privacy laws further erode traditional tracking

On December 10, 2020, the California Attorney General (AG) released the Fourth Set of Proposed Modifications to the California Consumer Protection Act (CCPA) Regulations, styled as “Modifications to Proposed Modifications.” The Fourth Set comes shortly after the comment period for the Third Set of Proposed Modifications closed on Oct. 28.  Per the AG’s Notice