We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

The EU officially has recognized Israel as having adequate protection for personal data, permitting cross-border transfers

07 February 2011

The European Data Protection Directive 95/46/EC contains certain restrictions on the export of personal data to a country outside the European Economic Area (“third country”). Whether personal data may be transferred from the EU to a data importer located in a third country has to be assessed on the basis of a two-step test. First, the transfer must be justified on the basis of an explicit legal permission or the data subjects’ consent. Second, the third country where the data importer is located must ensure an adequate level of data protection.

With decision of 31 January 2011 (2011/61/EU), Israel – in addition to Argentina, Canada, Guernsey, Isle of Man and Switzerland – has now formally been recognized by the European Commission as a country which provides an adequate level of protection of personal data. The Israeli Law, Information and Technology Authority ("ILITA") will be the responsible supervisory authority.

Without such formal recognition a data transfer to a third country may only take place on specific conditions or where additional adequate safeguards are adduced (e.g. the conclusion of an appropriate transfer agreement based on the EU standard contractual clauses for the transfer of personal data to third countries).

Against this background, Israel’s formal recognition by the European Commission as a country providing an adequate level of data protection will help to reduce legal uncertainties and administrative efforts. However, before transferring data from the EU to Israel, data exporters should still be aware that the formal recognition only fulfills the second prerequisite of the two-step test outlined above. In any case, the data transfer itself requires a legal justification.

The EU Commission’s decision is available at the Commission's website.

Future-Proofing Privacy: New and Stronger Rights

The Regulation aims to strengthen the rights of individuals. It does so by retaining rights that already exist under the Data Protection Directive and introducing the new rights of data...

06 June 2016
Loading data