On July 10, 2023, the European Commission adopted its adequacy decision on the EU-U.S. Data Privacy Framework (“DPF”). The decision, which took effect on the day of its adoption, concludes that the United States ensures an adequate level of protection for personal data transferred from the EEA to companies certified to the DPF. This blog summarizes the key findings of the decision, what organizations wishing to certify to the DPF need to do and the process for certifying, as well as the impact on other transfer mechanisms such as the standard contractual clauses (“SCCs”), and on transfers from the UK and Switzerland.
Diana Lee is an associate in the firm's London office and a member of the Data Privacy and Cybersecurity Practice Group. Diana's practice focuses on regulatory, enforcement, and litigation matters relating to electronic surveillance, law enforcement access to digital evidence, and data privacy and cybersecurity. Before rejoining the firm, she clerked for Judge Victor A. Bolden, United States District Judge for the District of Connecticut.
Diana is a member of the Bars of New York and the District of Columbia.