All contracts that used the traditional Standard Contractual Clauses must be updated and repapered by 27 December 2022. To help companies comply with the deadline, Greenberg Traurig’s Data Privacy & Cybersecurity Group has compiled a 90-page guide explaining how to apply the new Standard Contractual Clauses in over 40 different transfer scenarios – ranging from

The California Consumer Privacy Act and the California Privacy Rights Act specifically state that they do not restrict a business’s ability to collect, use, retain, sell, share, or disclose “aggregated consumer information.”[1] Aggregate consumer information is defined as “information that relates to a group or category of consumers, from which individual consumer identities have

As more children spend their time online exploring and learning, government bodies in the United States and internationally have enacted policies to ensure safer spaces, privacy, security, and protection for children online. The California Senate Judiciary Committee recently voted to advance two California bills to protect children’s online activities.

Closely modeled after the UK’s Children’s

The terms “deidentified” and “deidentification” are commonly used in modern privacy statutes and are functionally exempt from most privacy and security-related requirements. As indicated in the chart below, differences exist between how the term was defined in the California Consumer Privacy Act (CCPA) and how it was defined in later state privacy statutes that are

The terms “pseudonymize” and “pseudonymization” are commonly referenced in the data privacy community, but their origins and meaning are not widely understood among American attorneys.  Most American dictionaries do not recognize either term.[1] While they derive from the root word “pseudonym” – which is defined as a “name that someone uses instead of his

What types of documents, policies, procedures, and protocols should service providers consider putting in place to comply with the CCPA?

The written policies and procedures that service providers put into place to assist in their compliance with the CCPA differ depending upon several factors including the size of the service provider, the quantity of personal

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Implications
  • 1st SCC Module 1. Initial cross-border transfer from the EEA to the US utilizes the SCC Module 1 designed for transfers from a

Modern privacy laws contain different definitions for the term “consent,” and different standards for when consent will, and will not, be effective.

In Europe, the right of an individual to withdraw consent for the processing of their personal data has become near axiomatic and is often referred to by Member State supervisory authorities. The right

The impetus to conduct a Data Transfer Impact Assessment (TIA) comes from three legal authorities: (1) the European Court of Justice’s recommendation in Schrems II that the parties to a transfer verify on a case-by-case basis whether the “law of the third country of destination ensures adequate protection . . . of personal data transferred