On July 10, 2023, the European Commission adopted its long-awaited adequacy decision on the EU-U.S. Data Privacy Framework (the “Framework”) thereby concluding that the United States ensures an adequate level of protection for personal data that are transferred from the European Union to companies in the U.S. that participate in the Framework.

The

The impetus to conduct a Data Transfer Impact Assessment (TIA) comes from three legal authorities: (1) the European Court of Justice’s recommendation in Schrems II that the parties to a transfer verify on a case-by-case basis whether the “law of the third country of destination ensures adequate protection . . . of personal data transferred