Visual Implications
  • 1st SCC Module 1. Initial cross-border transfer from Company A to Company B utilizes the SCC Module 1 designed for transfers from a controller to a non-EEA Controller (1st SCC).
  • 2nd SCC Module 2. Pursuant to Section 8.7 of the 1st SCC, all subsequent onward transfers to non-adequate jurisdictions must also

Companies are allowed to transfer personal data outside the European Economic Area (EEA) if they are (1) transferring data to an entity that is within a country that has been recognized by the European Commission as ensuring an adequate level of protection or (2) they have put in place a European Commission-approved mechanism (a “safeguard”)

The Article 29 Working Party took the position that for an action to constitute profiling three elements must be met:

  1. An activity must involve “an automated form of processing;”
  2. An activity must be “carried out on personal data;”
  3. The objective of the activity must be “to evaluate personal aspects about a natural person.”1

So much has been said about the new Cross-Border standard contractual clauses (SCC), which the EU Commission finally adopted on 4 June 2021 (see GT blog post from 9 June 2021), that it almost went unnoticed that the Commission published two different kinds of SCC that day. The other set of SCC (the DPA-SCC)

Greenberg Traurig is sponsoring the Virtual Fall Academy 2021 Privacy + Security Forum, taking place Sept. 29 through Oct. 1, 2021.

On Sept. 29, Shareholder Ian C. Ballon, co-chair of the firm’s Global Intellectual Property & Technology Practice, will join a workshop panel on “Surprising Trends and Important Lessons from Recent Developments

When transferring personal information from the European Union to the United States, the European Data Protection Board has recommended that companies undergo a six-step process through which they (1) know the data being transferred, (2) identify the transfer tool that will be relied upon, (3) assess whether the destination country (i.e., the United States) will

On 04 June 2021, the EU Commission adopted two new sets of standard contractual clauses (SCC): one set for the transfer of personal data from the EU to third countries (Cross-Border SCC) and another set addressing certain clauses in controller-processor data processing agreements (DPA-SCC). The adoption was made some seven months after initial drafts

On Wednesday, May 12, 12:00 – 1:00 p.m. ET, join GT for a webinar on the current state of the law in the United States and Europe when it comes to the use of cookies, pixels, scripts, and other tracking technologies online.

New laws, including the California Consumer Privacy Act (CCPA), the California Privacy

Possibly, yes. The European Data Protection Board (EDPB) has issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries).

The EDPB addresses a common

Given the circumstances of most ransomware attacks, likely yes.

The EDPB issued practical guidance on various types of data breaches, giving top billing to ransomware attacks. Given the recent increase in ransomware attacks likely due to the sudden shift to remote work in response to COVID-19, the EDPB’s guidance focuses extensively on ransomware attacks. In