Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Jenny David
Oct. 22 — Israel's data protection authority Oct. 19 revoked its prior authorization for data transfers from Israel to the U.S. based on the U.S-EU Safe Harbor Program certification.
The move by the Israeli Law, Information and Technology Authority (ILITA) comes in the wake of the Oct. 6 European Court of Justice decision to invalidate the Safe Harbor Program.
Consequently, Israeli companies will need to find an alternative legal basis for transferring personal data to the U.S., and could experience an “uncomfortable transition period,” Limor Shmerling, ILITA's director of licensing and inspection, told Bloomberg BNA Oct. 21.
“It's too early to tell how the market will be affected and how practices may need to be changed,” she said, adding that the authority is “considering the implications of the new legal status and will further address the subject accordingly.”
According to a statement by the U.S.-based International Association of Privacy Professionals (IAPP), “the decision could pose a significant barrier to data flow from Israel's surging technology sector,” including large local operations of multinationals such as Intel Corp., Microsoft Corp., Google Inc., Facebook Inc. and Hewlett-Packard Co., as well as Israeli “unicorns” such as Waze, Wix and ironSource.
Israel's Privacy Protection Law states that a citizen's personal data cannot be exported to a country with a lesser level of protection than that guaranteed by Israel. The 2001 law does, however, include ten derogations under which Israeli companies can self-assess whether a data transfer to an overseas country could be considered “safe.”
The European Court of Justice held that the U.S.-EU Safe Harbor Program failed to provide adequate protection for EU citizens.
“Since the Safe Harbor arrangement is currently invalid under European law, and as long as there is no other valid arrangement or another formal decision of the European Union (EU) with respect to the transfer of data from Europe to destinations in the United States, database owners who wish to transfer personal data from Israel to entities in the United States are therefore required to assess whether they can base the data transfer on another of the derogations determined in the regulations,“ the ILITA said in its decision.
The EU's recognition of U.S. Safe Harbor certification, combined with its 2011 granting of “adequacy” status to Israel under the EU Data Protection Directive, allowed personal data to flow freely between the EU and Israel, and on to U.S. companies on the Safe Harbor certification list.
The Safe Harbor system has been widely used to legitimize the outsourcing of services by EU-based companies and their commercial partners to U.S.-based cloud or software-as-a service (SAAS) providers, and to facilitate intra-group data-sharing among entities with both U.S. and EU operations
But the ECJ held that Safe Harbor doesn't in fact provide an adequate level of data protection because it is unable to prevent access by U.S. intelligence agencies to data transferred from Europe, and is therefore invalid.
The ruling undercut the legal basis for such transfers, and subjected data transfers to the U.S. to the same restrictions placed on transfers to non-EU-member states, and countries that don't have a valid legal arrangement for the receipt of data originating in the EU.
The Yigal Arnon & Co. Law Firm, one of Israel's largest and oldest, said the invalidation could actually create an opportunity for Israeli companies. Since the European Commission's 2011 decision remains in effect, the ECJ decision “may therefore create a competitive advantage to companies conducting processing or storage activities in Israel, as these companies can continue to receive data from Europe without the uncertainty now inherent in EU-US data transfers,” it said in an Oct. 6 statement.
It added, however, that current Israeli business models could be affected, including Israeli companies with European affiliates that previously relied on the Safe Harbor arrangement to transfer data to the U.S., as well as Israeli companies outsourcing storage or processing activities to U.S. service providers or affiliates that include information on European customers, in which case they may need to amend their customer agreements to include authorization for the transfers.
To contact the reporter on this story: Jenny David in Jerusalem at firstname.lastname@example.org
To contact the editor responsible for this story: Jimmy H. Koo at email@example.com
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)