Kristy Gouldsmith comments on viability of EU-US data transfer framework in Compliance Week

Kristy Gouldsmith
26 July 2023

With the European Commission giving the green light for the new EU-U.S. Data Privacy Framework (DPF), allowing safe transfer of personal data between U.S. and EU organisations that sign up to the scheme, an article in Compliance Week looked into the viability of the new arrangements. 


The new scheme was negotiated between the US and the EU and is aimed at bolstering trade between the EU and the US by making data transfers easier. 


However, there are a number of experts and privacy campaigners who do not believe that the framework provides adequate data privacy provision, including one campaigner, Max Schrems who has already ensured that the last two transatlantic data transfer agreements were struck down, stating that the new framework still does not meet the standards determined by the Court of Justice of the European Union (CJEU). 


Asked by Compliance Week whether the scheme would work in the long term, Data Protection, Privacy and Cybersecurity Partner Kristy Gouldsmith said; “Companies shouldn’t tear up their transfer safeguard agreements as they may need them in the future,” further stating that there are two main obstacles that could impede the framework: 


  • The lack of a U.S. federal law governing how organisations process personal data means there is no country-wide equivalent of the GDPR: and 


  • Efforts by individual U.S. state to enact their own legislation means variances in data protection. 



Many organisations send data to the USA. If you need help with making sure that you are compliant, contact Kristy Gouldsmith at

Kristy Gouldsmith
Partner - Data Protection, Privacy and Cybersecurity
Kristy Gouldsmith is a Partner Solicitor at Spencer West. She has years of experience in advising a wide variety of organisations across all sectors, including SaaS platforms, retailers, manufacturers, schools, care homes, financial services, law firms and property developers.