All contracts that used the traditional Standard Contractual Clauses must be updated and repapered by 27 December 2022. To help companies comply with the deadline, Greenberg Traurig’s Data Privacy & Cybersecurity Group has compiled a 90-page guide explaining how to apply the new Standard Contractual Clauses in over 40 different transfer scenarios – ranging from
The IAPP Europe Data Protection Congress 2022, Europe’s premier gathering of data protection professionals discussing strategic developments in regional and international data privacy, will be held in Brussels Nov. 16-17. Several members of our Data Privacy & Cybersecurity Group will be in attendance, and we are excited to see everyone there. If you or
The Federal Rules of Civil Procedure, as well as state procedural rules, permit parties to a lawsuit to conduct discovery, in search of information and documents that may be relevant to the litigation. Parties can issue requests for documents, information (called interrogatories), and admissions of fact to other parties to the lawsuit; parties may use
On Oct. 18, 2022, the UK Information Commissioner’s Office (ICO) updated its “Guidance on Direct Marketing Using Electronic Mail,” providing refreshed FAQs regarding what constitutes electronic mail marketing, related rules and responsibilities, and miscellaneous clarifications to compliance questions such as “are tracking pixels covered by the electronic mail marketing rules?” (Short answer: technically no, but
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
The Federal Rules of Civil Procedure, as well as state procedural rules, permit parties to a lawsuit to conduct discovery, in search of information and documents that may be relevant to the litigation. Parties can issue requests for documents, information (called interrogatories), and admissions of fact to other parties to the lawsuit; parties may use
After Europe blazed the trail by passing the sweeping General Data Protection Regulation (“GDPR”) in 2016, California followed closely in the footsteps of European efforts by passing the most comprehensive data privacy law in the United States, the California Consumer Privacy Act (the “CCPA”). Effective January 1, 2020, the CCPA provided a number of obligations
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
| Visual | Description and Implications |
| Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company | |
Controller A (Non-EEA) → Processor Z (Non-EEA) → Sub-processor Y (EEA) → Controller A (Non-EEA) (same country)
| Visual | Description and Implications |
 |
|
Modern state privacy laws mandate that agreements with service providers or processors contain specific contractual provisions to govern the parties’ relationship. Which provisions should be included in a vendor agreement, however, differ by state statute. In addition, some state privacy laws impose statutory obligations upon vendors that do not necessarily need to be memorialized in