cross border

The Complete Handbook for Cross Border Transfers of Personal Information Utilizing the New European Standard Contractual Clauses

By David A. Zetoony, Carsten A. Kociok & Andrea C. Maciejewski on December 8, 2022

Posted in Data, Data collection, Data Privacy Law, EEA, EU E-Privacy Directive, European Data Protection Board, European Union, Featured, GDPR, Germany, Personal information, SCC

All contracts that used the traditional Standard Contractual Clauses must be updated and repapered by 27 December 2022. To help companies comply with the deadline, Greenberg Traurig’s Data Privacy & Cybersecurity Group has compiled a 90-page guide explaining how to apply the new Standard Contractual Clauses in over 40 different transfer scenarios – ranging from…

Is a Company Permitted to Transfer Personal Information From Europe to the US for a Discovery Request?

By Diane Reynolds, Jena M. Valdetero & David A. Zetoony on November 9, 2022

Posted in Data, Data collection, Data Privacy Law, European Data Protection Board, European Union, Featured, GDPR, Personal information

The Federal Rules of Civil Procedure, as well as state procedural rules, permit parties to a lawsuit to conduct discovery, in search of information and documents that may be relevant to the litigation. Parties can issue requests for documents, information (called interrogatories), and admissions of fact to other parties to the lawsuit; parties may use…

Controller A (EEA) → Processor Z (EEA) → Employee of Processor Z (Non-EEA) (on business trip)

By David A. Zetoony on November 3, 2022

Posted in Data collection, Data Privacy & Cybersecurity, Data Privacy Law, EEA, European Union, SCC, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence

…

Controller A (EEA) → Processor Z (Non-EEA) → Employee of Processor Z (Non-EEA) (on vacation)

By David A. Zetoony on November 3, 2022

Posted in Data collection, Data Privacy & Cybersecurity, Data Privacy Law, EEA, European Union, SCC, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence

…

Controller A (EEA) → Processor Z (Non-EEA) → Employee of Processor Z (Non-EEA) (remote worker) (different country)

By David A. Zetoony on November 2, 2022

Posted in Data collection, Data Privacy & Cybersecurity, Data Privacy Law, EEA, European Union, GDPR, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence

…

Is a company permitted to transfer personal information from Europe to the United States in conjunction with discovery in US litigation?

By Jena M. Valdetero & David A. Zetoony on September 27, 2022

Posted in Data, Data collection, Data Privacy Law, European Data Protection Board, European Union, GDPR, Online tracking, Privacy, SCC

Data Subject (EEA) → Processor Z (non-EEA) → Processor Y (non-EEA)

By David A. Zetoony & Andrea C. Maciejewski on September 12, 2022

Posted in Data collection, Data Privacy & Cybersecurity, Data Privacy Law, GDPR, SCC, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company

…

Controller A (EEA) → Processor Z (EEA) → Controller B (Non-EEA)

By David A. Zetoony & Andrea C. Maciejewski on September 9, 2022

Posted in Data Privacy & Cybersecurity, SCC, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
	Background. Company A transmits personal data to its processor Company Z, and then instructs its processor to onward transfer the personal

…

Data Transfers from European Companies to Their Non-European Affiliates

By David A. Zetoony on August 8, 2022

Posted in Data, Data Privacy & Cybersecurity, SCC, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Controller A-1 (EEA) → Controller A-2 (Non-EEA)

Visual	Description and Implications
	Background. Company A-1 and Company A-2 are corporate affiliates that are under common ownership

…

China Releases Draft Cross-Border Personal Information Transfer Certification Guideline

By Sherry Xiaoxuan Ding & Gretchen A. Ramos on May 26, 2022

Posted in China, Data, Data collection, Data Privacy Law, Featured, Online tracking, Privacy

On April 29, 2022, China’s National Information Security Standardization Technical Committee (commonly referred to as “TC260”) released a draft Technical Guideline on Personal Information Cross-Border Transfer Certifications (Cert Guideline). While the Cert Guideline is still in draft form and thus subject to change, it provides some clarification regarding the certification process for cross-border transfers of…

Data Privacy Dish

cross border

Controller A (EEA) → Processor Z (EEA) → Employee of Processor Z (Non-EEA) (on business trip)

Controller A (EEA) → Processor Z (Non-EEA) → Employee of Processor Z (Non-EEA) (on vacation)

Controller A (EEA) → Processor Z (EEA) → Controller B (Non-EEA)

Data Transfers from European Companies to Their Non-European Affiliates

China Releases Draft Cross-Border Personal Information Transfer Certification Guideline

About Greenberg Traurig