Data collection

What exactly is a “Transfer Impact Assessment” (TIA), and where the heck did it come from?

By David A. Zetoony on March 30, 2022

Posted in Data collection, Data Privacy Law, EEA, European Union, GDPR

The term “Transfer Impact Assessment” or “TIA” is relatively new to the world of data privacy. Indeed, according to one widely used legal database the term was not referenced within any academic journals or secondary sources until 2021.[1] The term has come to refer to a written analysis, conducted by a controller or a…

Transfers from a European Data Subject: Data Subject → Controller (US) → Processor (non-EEA)

By David A. Zetoony, Carsten A. Kociok & Andrea Maciejewski on March 29, 2022

Posted in Data collection, EEA, European Union, GDPR, Online tracking, SCC

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
	The EDPB has taken the position that a data subject “cannot be considered a controller or processor,”[1] and, as a result,

…

Transfers from a European Data Subject: Data Subject→Controller (US)→Processor (US)

By David A. Zetoony, Carsten A. Kociok & Andrea Maciejewski on March 24, 2022

Posted in Data collection, EEA, European Data Protection Board, European Union, GDPR, Online tracking, SCC

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
	The EDPB has taken the position that a data subject “cannot be considered a controller or processor,”1 and, as a result,

…

Transfers from a European Data Subject: Data Subject→Controller (US)→Controller (non-EEA)

By David A. Zetoony, Carsten A. Kociok & Andrea Maciejewski on March 23, 2022

Posted in Data collection, EEA, European Data Protection Board, European Union, GDPR, Online tracking, SCC

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
	The EDPB has taken the position that a data subject “cannot be considered a controller or processor,”1 and, as a result,

…

Transfers from a European Data Subject: Data Subject→Controller (US)→Controller (US)

By David A. Zetoony, Carsten A. Kociok & Andrea Maciejewski on March 22, 2022

Posted in Data collection, EEA, European Data Protection Board, European Union, GDPR, Online tracking, SCC

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
	The EDPB has taken the position that a data subject “cannot be considered a controller or processor,”[1] and, as a result,

…

Transfers from a European Data Subject – Data Subject→Controller (US)

By David A. Zetoony, Carsten A. Kociok & Andrea Maciejewski on March 17, 2022

Posted in Data collection, EEA, European Data Protection Board, European Union, GDPR, Online tracking, SCC

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
	The EDPB has taken the position that a data subject “cannot be considered a controller or processor.”1 As a result, the

…

Other Transfers from EEA Controller Controller A (EEA)→Employee of Controller A (non-EEA)

By David A. Zetoony, Carsten A. Kociok & Andrea Maciejewski on March 16, 2022

Posted in Data collection, EEA, GDPR, Online tracking

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
	Background. Company A is a European legal entity that does not have a legal presence in Country Q. Company A has

…

Transfers from a US Controller to EEA processors (Renvois) Controller (US)→Processor (EEA) (on deck) (Basic Renvoi)

By David A. Zetoony, Carsten A. Kociok & Andrea Maciejewski on March 15, 2022

Posted in Data collection, EEA, European Union, GDPR, SCC

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
	Cross border transfers in the United States don’t need a SCC. Company A is not required under U.S. law or the GDPR

…

Service-Provider Compliance With California Consumer Privacy Act—Written Policies and Procedures

By David A. Zetoony on March 9, 2022

Posted in California, CCPA, CPRA, Data collection, Data Privacy & Cybersecurity, Privacy Legislation, Service-Provider

What types of documents, policies, procedures, and protocols should service providers consider putting in place to comply with the CCPA?

The written policies and procedures that service providers put into place to assist in their compliance with the CCPA differ depending upon several factors including the size of the service provider, the quantity of personal…

Transfers from a US Controller to EEA processors (Renvois) Controller (US) →Processor (Non-EEA)→Sub-processor (EEA)→Controller (US)

By David A. Zetoony, Carsten A. Kociok & Andrea Maciejewski on March 9, 2022

Posted in Data collection, EEA, European Union, GDPR, Online tracking, SCC

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
	Cross border transfers from the United States don’t need a SCC. Company A is not required under U.S. law or the GDPR

…

Data Privacy Dish

Data collection

Service-Provider Compliance With California Consumer Privacy Act—Written Policies and Procedures

About Greenberg Traurig