data transfer

New EU-U.S. Data Privacy Framework and Website Now Effective for Cross-Border EU Personal Data Transfers to the United States

By Darren Abernethy & Gretchen A. Ramos on July 17, 2023

Posted in Data Privacy & Cybersecurity, Data Privacy Law, European Union, Featured, Privacy, privacy framework

On July 10, 2023, the European Commission (EC) adopted its long-awaited adequacy decision for the United States, resulting in the new EU-U.S. Data Privacy Framework (DPF or Framework). For more information, see our European Commission Adopts EU-U.S. Adequacy Decision blog post.

Qualified Adequacy Decision for the United States. Typically, EC…

Litigation and International Data Privacy: Is a Company Permitted To Transfer Personal Data From Europe to the US in Litigation?

By Greenberg Traurig, LLP on March 7, 2023

Posted in Data Privacy & Cybersecurity, Data Privacy Law, European Union, Events, Featured, Personal information

Greenberg Traurig Shareholders Jena M. Valdetero, David A. Zetoony, and Diane D. Reynolds presented the Thomson Reuters West LegalEdcenter and Celesq webinar, “Litigation and International Data Privacy: Is a Company Permitted To Transfer Personal Data From Europe to the US in Litigation?” Thursday, Feb. 23 at 12:00 pm EST. The webinar…

The Complete Handbook for Cross Border Transfers of Personal Information Utilizing the New European Standard Contractual Clauses

By David A. Zetoony, Carsten A. Kociok & Andrea C. Maciejewski on December 8, 2022

Posted in Data, Data collection, Data Privacy Law, EEA, EU E-Privacy Directive, European Data Protection Board, European Union, Featured, GDPR, Germany, Personal information, SCC

All contracts that used the traditional Standard Contractual Clauses must be updated and repapered by 27 December 2022. To help companies comply with the deadline, Greenberg Traurig’s Data Privacy & Cybersecurity Group has compiled a 90-page guide explaining how to apply the new Standard Contractual Clauses in over 40 different transfer scenarios – ranging from…

Controller A (EEA) → Processor Z (EEA) → Employee of Processor Z (Non-EEA) (on business trip)

By David A. Zetoony on November 3, 2022

Posted in Data collection, Data Privacy & Cybersecurity, Data Privacy Law, EEA, European Union, SCC, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence

…

Controller A (EEA) → Processor Z (Non-EEA) → Employee of Processor Z (Non-EEA) (on vacation)

By David A. Zetoony on November 3, 2022

Posted in Data collection, Data Privacy & Cybersecurity, Data Privacy Law, EEA, European Union, SCC, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence

…

Controller A (EEA) → Processor Z (Non-EEA) → Employee of Processor Z (Non-EEA) (remote worker) (different country)

By David A. Zetoony on November 2, 2022

Posted in Data collection, Data Privacy & Cybersecurity, Data Privacy Law, EEA, European Union, GDPR, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Background. Company A is an EEA controller that utilizes Company Z, a processor based in Country Q. Company Z does not have a legal presence

…

Is a company permitted to transfer personal information from Europe to the United States in conjunction with discovery in US litigation?

By Jena M. Valdetero & David A. Zetoony on September 27, 2022

Posted in Data, Data collection, Data Privacy Law, European Data Protection Board, European Union, GDPR, Online tracking, Privacy, SCC

The Federal Rules of Civil Procedure, as well as state procedural rules, permit parties to a lawsuit to conduct discovery, in search of information and documents that may be relevant to the litigation. Parties can issue requests for documents, information (called interrogatories), and admissions of fact to other parties to the lawsuit; parties may use…

Data Subject (EEA) → Processor Z (non-EEA) → Processor Y (non-EEA)

By David A. Zetoony & Andrea C. Maciejewski on September 12, 2022

Posted in Data collection, Data Privacy & Cybersecurity, Data Privacy Law, GDPR, SCC, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company

…

Controller A (EEA) → Processor Z (EEA) → Controller B (Non-EEA)

By David A. Zetoony & Andrea C. Maciejewski on September 9, 2022

Posted in Data Privacy & Cybersecurity, SCC, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual	Description and Implications
	Background. Company A transmits personal data to its processor Company Z, and then instructs its processor to onward transfer the personal

…

Data Transfers from European Companies to Their Non-European Affiliates

By David A. Zetoony on August 8, 2022

Posted in Data, Data Privacy & Cybersecurity, SCC, Transfer Impact Assessment (TIA)

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Controller A-1 (EEA) → Controller A-2 (Non-EEA)

Visual	Description and Implications
	Background. Company A-1 and Company A-2 are corporate affiliates that are under common ownership

…

Data Privacy Dish

data transfer

New EU-U.S. Data Privacy Framework and Website Now Effective for Cross-Border EU Personal Data Transfers to the United States

Litigation and International Data Privacy: Is a Company Permitted To Transfer Personal Data From Europe to the US in Litigation?

Controller A (EEA) → Processor Z (EEA) → Employee of Processor Z (Non-EEA) (on business trip)

Controller A (EEA) → Processor Z (Non-EEA) → Employee of Processor Z (Non-EEA) (on vacation)

Controller A (EEA) → Processor Z (EEA) → Controller B (Non-EEA)

Data Transfers from European Companies to Their Non-European Affiliates

About Greenberg Traurig