Greenberg Traurig Shareholders Reena Bajowala and David Zetoony, Co-Chair of the firm’s U.S. Data Privacy & Cybersecurity Practice, will present the MyLawCLE and Federal Bar Association webinar, “Artificial Intelligence and Data Privacy: The current (and often hidden) United States and European framework for regulating AI,” Wednesday, Oct. 4 at 11 a.m. CT.
Please join members of Greenberg Traurig’s Data Privacy & Cybersecurity team for a 1-hour, CLE-eligible webinar “The New EU-U.S. Data Privacy Framework: What You Need to Know and Practical Considerations” Aug. 15 from 12 – 1 p.m. ET.
On July 10, 2023, after years of negotiations between the European Commission and the U.S. government, the
On July 10, 2023, the European Commission (EC) adopted its long-awaited adequacy decision for the United States, resulting in the new EU-U.S. Data Privacy Framework (DPF or Framework). For more information, see our European Commission Adopts EU-U.S. Adequacy Decision blog post.
Qualified Adequacy Decision for the United States. Typically, EC
On July 10, 2023, the European Commission adopted its long-awaited adequacy decision on the EU-U.S. Data Privacy Framework (the “Framework”) thereby concluding that the United States ensures an adequate level of protection for personal data that are transferred from the European Union to companies in the U.S. that participate in the Framework.
The
Recent developments from the ANPD provide insight into the path ahead.
On July 7, 2022, Brazil’s National Data Protection Authority (ANPD) published its semiannual Regulatory Agenda Monitoring Report. This report updated the public on the current status of the ANPD’s regulatory agenda. With the comment period for regulations on international data transfers officially closing
No. A privacy framework describes a set of standards or concepts around which a company bases its privacy program. Typically, a privacy framework does not attempt to include all privacy-related requirements imposed by law or account for the privacy requirements of any particular legal system or regime. As a result, a company can utilize a
David Zetoony, co-chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice, co-authored an IAPP article titled “Data Privacy Requests Metrics: Lessons for Your Privacy Program.” Read the full article here.
The ISO 29100 privacy framework sets forth the following eleven core principles:
The ISO 27701 privacy framework is not explicitly organized using the
While theoretically an organization could adopt ISO 27701 as a separate standalone framework to apply to an organization’s privacy program, the framework was conceptualized as an extension of the ISO data security standards. As a result, it is organized based upon the assumption that an organization already has a security program that is built off
In 2019, the International Organization for Standards joint technical committee ISO/IEC JTC1, Information technology subcommittee SC27, developed a privacy framework that was intended to build off of the existing ISO data security standards – i.e., ISO/IEC 27001:2013 (Information security management systems) and ISO/IEC 27002:2013 (Code of practice for information security controls) – by integrating into