Data Privacy & Cybersecurity

The California Consumer Privacy Act and the California Privacy Rights Act specifically state that they do not restrict a business’s ability to collect, use, retain, sell, share, or disclose “aggregated consumer information.”[1] Aggregate consumer information is defined as “information that relates to a group or category of consumers, from which individual consumer identities have

Join Greenberg Traurig’s Data, Privacy & Cybersecurity Practice for an interactive CLE symposium in Chicago on Wednesday, October 12. Attendees will hear from GT team members and industry peers on a variety of new privacy, cybersecurity, and tech issues. Speakers will also provide timely and practical tips for addressing these issues, with particular emphasis

The IAPP Privacy. Security. Risk. 2022 Conference will focus on the intersection of privacy and technology, with sessions focused on adtech, artificial intelligence, big data, cybersecurity, and more.

Please join Data, Privacy & Cybersecurity Shareholder Darren Abernethy, a panelist on the “Managing your Marketing Program with New Global and State Laws” session, on Oct.

After Europe blazed the trail by passing the sweeping General Data Protection Regulation (“GDPR”) in 2016, California followed closely in the footsteps of European efforts by passing the most comprehensive data privacy law in the United States, the California Consumer Privacy Act (the “CCPA”). Effective January 1, 2020, the CCPA provided a number of obligations

GT Shareholders Gretchen A. Ramos and Darren Abernethy will lead a webinar hosted by the Association of Corporate Counsel titled “Website and Mobile App Compliance Under the CPRA and New State Privacy Laws Effective in 2023” Oct. 6 at 11 a.m. PDT.

Starting Jan. 1, 2023, the California Privacy Rights Act and the CPRA

GT Shareholder Timothy A. Butler will deliver a “Regulatory Roundup” during a meeting for industry members at the Money Transmitter Regulators Association (MTRA) 2022 Annual Conference in Fort Worth, Texas. The presentation, beginning Sept. 20 at 1:15 p.m., will address how money services businesses (MSBs) can comply with the ever-changing set of data privacy

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company

Tim Butler, a shareholder in GT’s Data, Privacy & Cybersecurity Practice, participated in the 2022 LEND360 Conference in Chicago. Tim was a panelist on the presentation “Data Ownerships and Security,” including a breakout session titled “The Road Forward for Banks and Fintech,” on Sept. 14, 2022.

Amid new innovations in the

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Description and Implications
  • Background. Company A transmits personal data to its processor Company Z, and then instructs its processor to onward transfer the personal

Some modern data privacy statutes require organizations to consider and document privacy-related risks regarding certain types of processing activities. These assessments are sometimes referred to as “data protection assessments” or “data protection impact assessments” (generically a DPIA). DPIAs are intended to make an organization identify and weigh the benefits that may flow from processing personal