August 15, 2020

Volume X, Number 228

August 14, 2020

Subscribe to Latest Legal News and Analysis

August 13, 2020

Subscribe to Latest Legal News and Analysis

August 12, 2020

Subscribe to Latest Legal News and Analysis

Another Domino Falls on the Data Protection Table re: Israel Privacy Protection Regulations of 2001

As all of our readers know by now, as of October 6, the US-EU Safe Harbor Framework is no more. Safe Harbor was the mechanism on which thousands of US companies (and thousands of companies based in the European Union) legitimized their data transfers from the EU to the US. 

The next domino outside the European Union has toppled. The Israeli Law, Information and Technology Authority (ILITA) has revoked its prior authorization for data transfers from Israel to the US that are based on Safe Harbor. Israel’s privacy law (the Israel Privacy Protection Regulations of 2001) is Euro-centric: it prohibits the transfer of data from a database in Israel to a location outside its borders unless the law of the data importer’s country ensures a level of protection that is equal to or greater than Israeli law. Like the EU DPD, the Israel law contains several “derogations,” including one that authorizes the transfer of personal data from Israel to a country to which the EU permits data transfers. Based on the CJEU decision in the Schrems case, the ILITA announced that companies can no longer rely on this derogation as a basis for transfer.   

This is another imperative for companies to understand their data flows and get a Plan B in place yesterday. Once the data flow is understood, one of the other derogations of the Israeli privacy law may be available to legitimize the transfer. 

The ILITA advises that it continues to assess the Schrems decision and will publish additional information  and other clarifications “if necessary”.

Israel’s data protection law received what is called an “adequacy” determination under the EU Data Protection Directive, ensuring that personal data can be transferred from the EU to Israel without reliance on other methods, such as model contractual clauses. The real question for US companies now is whether other countries such as Argentina, Uruguay, Canada, Switzerland will follow Israel. We continue advise that US companies urgently evaluate their data flows, form a plan for taking remedial measures to supplant Safe Harbor, and start to execute on that plan.

©1994-2020 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume V, Number 295


About this Author

Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm, electronic transactions lawyer
Member / Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...