EU Confirms Adequacy of Data Protection in Israel, Simplifies Personal Data Transfers

Dan Or-Hof, a privacy and technology partner at the Israeli law firm Pearl Cohen Zedek Latzer is reporting that the EU Commission published the much-anticipated announcement on the adequacy of data protection law in Israel. Published on January 31, 2011, the decision adopted by the Commission determines that Israel provides an adequate level of protection for personal data transferred from the EU, however only in relation to automated international data transfers and to automated processing of data in Israel.

The decision set out a variety of findings that served as grounds for declaring data protection in Israel to be in conformity with EU standards. The Commission favorably mentions the semi-constitutional status of the right to privacy under the Human Dignity and Liberty basic law; the similarity in standards between the EU Data Protection Directive and Israel's Privacy Protection Act; the existence of data protection provisions in legislation related to the financial, health and public sectors; the availability of administrative and judicial remedies; and the independence of the country's data protection authority - the Israeli Law Information and Technology Agency (ILITA).

The Article 29 Working Party's favorable opinion on the level of adequacy under Israeli law, contributed to the adoption of the decision, as well.  

The decision will make it easier for EU entities to transfer personal information to entities in Israel. On a practical level, EU and Israeli entities will not need to sign agreements based on standard contractual clauses, and presumably, EU entities will not need to have their Israeli counterparts attest their adherence to EU data protection legislation.

Article 3 of the Commission's decision indicates that data protection authorities in EU member states may exercise their power to suspend data flows to Israel, inter-alia, if they suspect that ILITA does not act properly to protect personal data, and that the continuing data transfer will likely cause grave harm to the data subjects.

The head of ILITA, Yoram Hacohen, noted that the establishment and activities of ILITA played a substantial role in the adequacy assessment procedure, and that ILITA will continue developing the privacy protection regime under the understanding of the need for an independent and active regulator to protect privacy.