- Consent. A company may process personal information if it collects
Aug. 16 WEBINAR | Intersection of Privacy Laws and AI
- Privacy issues arising from
Under the GDPR, are companies that utilize personal information to train artificial intelligence (AI) controllers or processors?
The EU’s General Data Protection Regulation (GDPR) applies to two types of entities – “controllers” and “processors.”
A “controller” refers to an entity that “determines the purposes and means” of how personal information will be processed.[1] Determining the “means” of processing refers to deciding “how” information will be processed.[2] That does not necessitate
The Complete Handbook for Cross Border Transfers of Personal Information Utilizing the New European Standard Contractual Clauses
All contracts that used the traditional Standard Contractual Clauses must be updated and repapered by 27 December 2022. To help companies comply with the deadline, Greenberg Traurig’s Data Privacy & Cybersecurity Group has compiled a 90-page guide explaining how to apply the new Standard Contractual Clauses in over 40 different transfer scenarios – ranging from
Data Subject (EEA) → Processor Z (non-EEA) → Processor Y (non-EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
| Visual | Description and Implications |
| Background. Company A retains Company Z in Country Q to process personal data (e.g., collect personal data from data subjects). Company | |
Controller A (EEA) → Processor Z (EEA) → Controller B (Non-EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.
| Visual | Description and Implications |
 |
|
Transfers from a US Controller to EEA processors (Renvois): Controller (US) → Processor (US) → Sub-processor (EEA) → Processor (US)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June of 2021.
|
Visual |
Summary |
 |
|
Transfers from EEA Controller to non-EEA Processor: Controller A (EEA) → Processor Z-1 (US), Processor Z-2 (Non-EEA), Processor Z-3 (Non-EEA), etc.
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June of 2021.
| Visual | Summary |
| Overview of situation. Company A in the EEA retains Company Z-1 in the US to process personal data. Company Z-1 intends to | |
Transfers from EEA Controller to non-EEA Processor: Controller A (EEA) → Processor Z (non-EEA) → Processor X (Non-EEA) → Controller A (EEA)
The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June of 2021.
| Visual | Summary |
 |
|
Gretchen Ramos Quoted in Cybersecurity Law Report Article on Cross-Border Data Transfers Under Schrems II
Gretchen A. Ramos is quoted in a Cybersecurity Law Report article titled “Navigating Post-Schrems II International Data Transfer Waters: Challenges and TIAs.” The article discusses the challenges companies may face as they complete transfer impact assessments (TIAs) and update their standard contractual clauses (SCCs).
Click here to read the full article. (subscription required)