EU Adeuqacy renews for Israel and 10 more countries

Today, the European Commission decided to renew its decision regarding the adequacy of Israel’s data protection regime, as offering a level of data protection essentially equivalent to the laws in the European Union. This continued recognition allows the free flow of personal data from the EU to Israel. This decision has an immediate impact on every company organization, institution, and other entity in the Israeli economy that receives personal data from any of the member states of the European Union. Consequently, organizations in Israel can continue to receive personal data that is subject to the GDPR without the need for any special contractual, legal, technological, or administrative steps to legitimize the transfer – steps that would have required time, money, and managerial overhead.

The EU’s General Data Protection Regulation (GDPR) restricts cross-border transfers of personal data to countries whose data protection laws do not rise to the elevated requirements of the EU. Since 2011 the European Commission has recognized Israel as an ‘adequate’ country for data protection purposes. The entire Israeli economy gained from this recognition, particularly the high-tech sector, given the ability to receive personal data that arrives from the EU almost seamlessly.

The European Commission has been re-evaluating Israel’s adequacy in recent years. The decision was originally planned for 2020, but was delayed because of the COVID pandemic, and later once again in anticipation of legislative amendments in Israel and clarifications from the Israeli government. Today’s decision about Israel is bundled with renewed adequacy recognitions of all countries recognized to date. Under the GDPR, the European Commission must re-evaluate the adequacy once every four years.

The key elements of the decision are the following:

  • The European Commission “welcomes the developments in the Israeli legal framework”, and specifically highlights the Privacy Protection Regulations (Provisions Regarding Information Transferred to Israel from the European Economic Area), 2023, and the Privacy Protection Regulations (Information Security), 2017.
  • The European Commission concluded that Israel public agencies are “subject to clear, precise and accessible rules under which such authorities can access and subsequently use for public interest objectives, in particular for criminal law enforcement and national security purposes, data transferred from the EU”.
  • The European Commission recommends that Israeli codify in legislation the protections that have been developed at case law. It proposes to leverage amendment number 14 to the Privacy Protection Law now being deliberated at the Knesset’s Constitution, Law and Justice Committee.

For additional information, please contact Haim Ravia ( or Dotan Hammer (, from Pearl Cohen’s Cyber, Privacy, and Copyright Practice Group.