European companies can now send personal data to Israel, after the European Commission deemed its data protection laws on a par with those of the European Union.
Following publication of the decision in the Official Journal of the European Union last week, E.U. companies can now transfer data to Israeli companies without seeking any additional guarantees. Justice Commissioner Viviane Reding ruled last October that "the legal data protection standards applicable in Israel cover all the basic principles necessary for an adequate level of protection in relation to the processing of personal data in automated databases."
Only six other entities enjoy this status with the E.U. -- Switzerland, Argentina, Guernsey, the Isle of Man, Jersey and Canada. Data can also be sent to organizations in the U.S. if they subscribe to the U.S. Department of Commerce's Safe Harbor Privacy Principles.
Data protection and privacy in Israel is overseen by the Israeli Law, Information and Technology Authority (ILITA), and independent supervisory body, which can investigate and intervene in any case where breaches are suspected.
European countries may also withhold information if "there is a substantial likelihood that the standards of protection are being infringed, the continuing transfer would create an imminent risk of grave harm to data subjects and the competent authorities in the Member State have made reasonable efforts in the circumstances to provide the party responsible for processing established in the State of Israel with notice and an opportunity to respond."
This new ruling only applied to automated databases and Europe's Article 29 Working Party on data protection has encouraged Israeli authorities to adopt further provisions that would extend legislation to manual databases.
E.U. member states now have three months to comply with the decision.