Federica De Santis

Federica De Santis is an associate in the firm’s Technology group and Data, Privacy & Cybersecurity practice. She has extensive experience advising businesses on all aspects of data protection, privacy and cybersecurity in Europe, the UK, and the rest of the world. In particular, she counsels clients across all industry sectors on compliance with the General Data Protection Regulation and marketing regulations, global privacy and data transfer strategies, data breach response, data protection impact assessments, employee privacy, clinical trials and privacy and cybersecurity issues in the context of investments, mergers and acquisitions. 

She is designated as a Certified Information Privacy Professional/Europe (CIPP/E) and United States (CIPP/US) by the International Association of Privacy Professionals.

Federica’s representative experience includes:

• Provided strategic counsel to numerous clients across sectors on compliance with the GDPR and UK data protection law, including a US-based funds manager and other participants in the funds ecosystem, leading SaaS providers, a provider of intelligence services for a video content delivery platform, a marketing management service provider, a global provider of voice recognition technology
• Advised a US-based cloud services provider on data protection compliance and negotiation of data processing agreements with customers and third party sub-processors
• Advised a leading ad-server-platform provider on data protection and e-Privacy compliance
• Provided advice to numerous clients on European marketing requirements
• Assisted several US businesses with obtaining Privacy Shield certification
• Advised major healthcare companies on European privacy compliance issues relating to the roll out of clinical trials, including with respect to international data transfers, informed consent forms, agreements with study centers and research organizations
• Lead multi-jurisdictional data protection compliance projects for major fashion brands*
• Advised a top producer of medical supplies on data privacy compliance in the context of internal investigation procedures*
• Advised a major internet service provider on data privacy and communications law matters concerning US legally binding orders in connection with EU personal data*
• Advised several multi-national companies on the implementation of whistle-blowing hotlines*
• Assisted a multi-national company with the implementation of Binding Corporate Rules for the international data transfers in connection with obtaining authorization from the Italian data protection authority*
• Advised a major credit card company on privacy and regulatory issues relating to the roll out of biometric authentication*
• Advised a US company on copyright issues arising out of the operation of cloud based nPVR and catch-up TV*
• Advised a major US entertainment company on copyright and licensing issues relating to the launch and operation of a video on demand service in Italy*

* Denotes experience prior to joining Goodwin.

• Co-Author, “New Jersey Privacy Law Helps Expand US Consumer Privacy System,” Bloomberg Law, January 24, 2024
• Co-Author, “Delaware Personal Data Privacy Act: What Businesses Need to Know,” PLI, December 6, 2023
• Co-Author, “Ruling Shows Barriers Remain For Kids' Privacy Regulation,” Law360, October 10, 2023
• Co-Author, “Conducting Privacy Impact Assessments State-By-State,” Law 360, June 2023
• Co-Author, “Broader State Scrutiny of Consumer Health Data Tests Companies,” Bloomberg Law, June 2, 2023
• Co-Author, “Takeaways From Washington's Sweeping Health Privacy Bill,” Law360, May 9, 2023
• Co-Author, “States Race After Utah on Minors’ Privacy Despite Legal Threats,” Bloomberg Law, April 14, 2023
• Co-Author, “Navigating the New Privacy Frontier Post-Roe Challenges and Takeaways for FemTech Companies,” Practising Law Institute, January 2023
• Federica has published articles on privacy and cybersecurity for key industry publications such as Data Protection Law & Policy, the International Comparative Legal Guide to: Data Protection (Italian Chapter), the IAPP Privacy Tracker.
• Contributor, “Modeling the liability of internet service providers: Google vs. Vividown. A constitutional perspective,” Egea, 2013