On March 22, 2024, the centralized regulator of cyber and data security, the Cybersecurity Administration of China (CAC), published the Provisions on Promoting and Regulating the Cross-border Flow of Data (New Provisions), relaxing the existing requirements relating to cross-border data transfers. The New Provisions took immediate effect on March 22, 2024.
cross border
Aug. 15 WEBINAR | The New EU-U.S. Data Privacy Framework: What You Need to Know and Practical Considerations
Please join members of Greenberg Traurig’s Data Privacy & Cybersecurity team for a 1-hour, CLE-eligible webinar “The New EU-U.S. Data Privacy Framework: What You Need to Know and Practical Considerations” Aug. 15 from 12 – 1 p.m. ET.
On July 10, 2023, after years of negotiations between the European Commission and the U.S. government, the…
New EU-U.S. Data Privacy Framework and Website Now Effective for Cross-Border EU Personal Data Transfers to the United States
On July 10, 2023, the European Commission (EC) adopted its long-awaited adequacy decision for the United States, resulting in the new EU-U.S. Data Privacy Framework (DPF or Framework). For more information, see our European Commission Adopts EU-U.S. Adequacy Decision blog post.
Qualified Adequacy Decision for the United States. Typically, EC…
The Complete Handbook for Cross Border Transfers of Personal Information Utilizing the New European Standard Contractual Clauses
All contracts that used the traditional Standard Contractual Clauses must be updated and repapered by 27 December 2022. To help companies comply with the deadline, Greenberg Traurig’s Data Privacy & Cybersecurity Group has compiled a 90-page guide explaining how to apply the new Standard Contractual Clauses in over 40 different transfer scenarios – ranging from…
Is a Company Permitted to Transfer Personal Information From Europe to the US for a Discovery Request?
The Federal Rules of Civil Procedure, as well as state procedural rules, permit parties to a lawsuit to conduct discovery, in search of information and documents that may be relevant to the litigation. Parties can issue requests for documents, information (called interrogatories), and admissions of fact to other parties to the lawsuit; parties may use…
Controller A (EEA) → Processor Z (EEA) → Employee of Processor Z (Non-EEA) (on business trip)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
- Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence
Controller A (EEA) → Processor Z (Non-EEA) → Employee of Processor Z (Non-EEA) (on vacation)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
- Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence
Controller A (EEA) → Processor Z (Non-EEA) → Employee of Processor Z (Non-EEA) (remote worker) (different country)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
- Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence
Is a company permitted to transfer personal information from Europe to the United States in conjunction with discovery in US litigation?
The Federal Rules of Civil Procedure, as well as state procedural rules, permit parties to a lawsuit to conduct discovery, in search of information and documents that may be relevant to the litigation. Parties can issue requests for documents, information (called interrogatories), and admissions of fact to other parties to the lawsuit; parties may use…
Data Subject (EEA) → Processor Z (non-EEA) → Processor Y (non-EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
Visual | Description and Implications |
Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company |
…