On Oct. 28, 2025, please join Greenberg Traurig and leaders from its Chambers USA Band 1 Retail Industry Group and Privacy & Cybersecurity Practice, along with a legal director from Scott’s Company LLC, for a CLE exploring the evolving landscape of data privacy and security laws and their impact on in-house legal teams.
This expert
On Sept. 3, 2025, in a much-anticipated legal decision, the European General Court (EGC) rejected the request of a French member of Parliament to annul the EU-U.S. Data Privacy Framework (DPF or Framework).
Although this decision reinforces that U.S. organizations that have self-certified as to their adherence to the DPF principles may continue to receive
Categorizing data as “sensitive” is a common feature in U.S. state privacy law, as well as the EU’s GDPR (which uses the term “special category” for similar personal data).[1] What is considered sensitive data varies from state to state, as well as the obligations that come with it. Colorado, Connecticut, Florida, Indiana, Montana, Oregon
Please join members of Greenberg Traurig’s Data Privacy & Cybersecurity team for a 1-hour, CLE-eligible webinar “The New EU-U.S. Data Privacy Framework: What You Need to Know and Practical Considerations” Aug. 15 from 12 – 1 p.m. ET.
On July 10, 2023, after years of negotiations between the European Commission and the U.S. government, the
On July 10, 2023, the European Commission (EC) adopted its long-awaited adequacy decision for the United States, resulting in the new EU-U.S. Data Privacy Framework (DPF or Framework). For more information, see our European Commission Adopts EU-U.S. Adequacy Decision blog post.
Qualified Adequacy Decision for the United States. Typically, EC
On July 10, 2023, the European Commission adopted its long-awaited adequacy decision on the EU-U.S. Data Privacy Framework (the “Framework”) thereby concluding that the United States ensures an adequate level of protection for personal data that are transferred from the European Union to companies in the U.S. that participate in the Framework.
The
No. A privacy framework describes a set of standards or concepts around which a company bases its privacy program. Typically, a privacy framework does not attempt to include all privacy-related requirements imposed by law or account for the privacy requirements of any particular legal system or regime. As a result, a company can utilize a
Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not
The ISO 29100 privacy framework sets forth the following eleven core principles:
The ISO 27701 privacy framework is not explicitly organized using the
While theoretically an organization could adopt ISO 27701 as a separate standalone framework to apply to an organization’s privacy program, the framework was conceptualized as an extension of the ISO data security standards. As a result, it is organized based upon the assumption that an organization already has a security program that is built off