standard contractual clauses

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Visual Implications
Controller (EEA) Processor (EEA) → Employee of Processor (non-EEA)
  • Background. Company Z is a European legal entity that does not have a legal presence in Country Q. Company Z has an employee

The long-awaited UK data transfer mechanism has been published by the Information Commissioner’s Office (ICO), resolving the question of how international transfers of personal data from the UK will be handled post-Brexit. As a refresher, the European Commission published four new versions of the EU standard contractual clauses (SCCs) in June 2021. However, these new

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Controller (EEA)→ Controller (EEA)→ Branch Office (US)
  • Background. Company B is a European entity, that has a branch office in the United States (which is not a separate legal entity). While data

No.

Companies are allowed to transfer personal data outside the European Economic Area (EEA) if they are (1) transferring data to an entity that is within a country that has been recognized by the European Commission as ensuring an adequate level of protection or (2) they have put in place a European Commission-approved mechanism (a

No.

Companies are allowed to transfer personal data outside the European Economic Area (EEA) if they are (1) transferring data to an entity within a country recognized by the European Commission as ensuring an adequate level of protection or (2) they have put in place a European Commission-approved mechanism (a “safeguard”) that imposes many of

So much has been said about the new Cross-Border standard contractual clauses (SCC), which the EU Commission finally adopted on 4 June 2021 (see GT blog post from 9 June 2021), that it almost went unnoticed that the Commission published two different kinds of SCC that day. The other set of SCC (the DPA-SCC)

When transferring personal information from the European Union to the United States, the European Data Protection Board has recommended that companies undergo a six-step process through which they (1) know the data being transferred, (2) identify the transfer tool that will be relied upon, (3) assess whether the destination country (i.e., the United States) will

GT’s Carsten Kociok, Gretchen A. Ramos, and David A. Zetoony will present the webinar “The Next Generation of Cross Border Transfers: How the New Standard Contractual Clauses Will Change Contracting” on Tuesday, June 22 from 1:00 – 2:00 p.m. EST. Almost every company that transfers personal information out of Europe has relied upon

On 12 November 2020 the Commission of the European Union (EU) published two draft implementing decisions – one containing a draft new set of standard contractual clauses for transfers of personal data from the EU to third countries (the Cross-Border SCCs), and one containing a draft of new standard contractual clauses for certain clauses in

The Court of Justice of the European Union (CJEU) declares invalid a decision of the European Commission which attested that the EU-U.S. Privacy Shield provided adequate protection to personal data transferred from the EU to the U.S., if the receiving party had self-certified its adherence to the Privacy Shield Principles. At the same time, the