Last week the European Commission formally approved Israel’s data protection laws as being adequate for the purposes of the Data Protection Directive (see link to the Commission’s decision here). Data protection and privacy in Israel is overseen by the ILITA (the Israeli Law, Information and Technology Authority) which has the power to investigate and intervene in cases where it suspects a breach of data protection and privacy laws has occurred.
Formal approval effectively confirms a decision made by the EU back in October 2010 (see Datonomy’s previous post here) to add Israel to the list countries whose data protection laws have been deemed by the EU to be sufficiently strong enough to protect personal data to a level that is equivalent to protection afforded by EU Member States. Prior to the decision the only countries that had been approved by the EU were Switzerland, Argentina, the Bailiwick of Guernsey, the Isle of Man, the Bailiwick of Jersey and Canada.
It should be noted however that the decision applies only to automated processing of personal data (e.g. computerized processing) and NOT manual processing.
The decision is likely to be popular with Israeli businesses as it allows European businesses to transfer personal data to Israel without the need to implement formalities such as EU model contracts. European organisations keen to establish offices in Israel or to engage Israeli service providers will no longer be at risk of violating the EU’s prohibition on the of export personal data outside the EEA by moving such data to Israel.