EU confirms Israel's adequacy

The EU Commision published the much-anticipated announcement on the adequacy of data protection in Israel. Published on January 31st, the decision adopted by the commission determines that Israel provides and adequate level of protection for personal data transferred from the EU, however only in relation to automated international data transfers and to automated processing of data in Israel.

The decision introduces a variety of findings that served as grounds for declaring data protection in Israel to be in conformity with EU standards. The Commission favorably mentions the semi-constitutional status of the right to privacy under the Human Dignity and Liberty basic law; the similarity in standards between the EU Data Protection Directive and the Privacy Protection Act; the existence of data protection provisions in legislation related to the financial, health and public sectors; the availability of administrative and judicial remedies and the independency of the Israeli Law Information and Technology Agency (ILITA).

The Article 29 Working Party's favorable opinion on the level of adequacy under Israeli law, contributed to the adoption of the decision, as well.  

The decision will make it easier for EU entities to transfer personal information to entities in Israel.. On a practical level, EU and Israeli entities will not need to sign agreements based on standard contractual clauses, and presumably, EU entities will not need to have their Israeli counterparts attest their adherence to EU data protection legislation.

Article 3 of the decision indicates that DPAs in member states may exercise their power to suspend data flows to Israel, inter-alia, if they suspect that ILITA does not act properly to protect personal data and that the continuing data transfer will likely cause grave harm to the data subjects.

The head of ILITA, Adv. Yoram Hacohen, said that the establishment and activities of ILITA played a substantial role in the adequacy assessment procedure, and that ILITA will continue developing the privacy protection regime under the understanding of the need for an independent and active regulator to protect privacy.

Click here to read The commission's full decision.

For further details contact Dan Or-Hof, CIPP, at Pearl Cohen Zedek Latzer.