In a new development demonstrating the ripple effect of the European Court of Justice (ECJ) Schrems decision, the Israeli Law, Information and Technology Authority (ILITA) revoked yesterday its prior authorization to transfer data from Israel to the U.S. that rely on Safe Harbor. The announcement, which under a previous court ruling has authoritative weight, will present a significant barrier to data flows from Israel’s surging technology sector, which comprises large local operations of global powerhouses such as Intel, Microsoft, Google, Facebook and HP, as well as Israeli “unicorns” such as Waze, which was acquired by Google for more than $1 billion, Wix and ironSource.
Israeli technology companies typically work closely with—and often have large offices in—Silicon Valley. Similarly, U.S. technology leaders have large research and development centers as well as manufacturing plants in Israel.
In 2011, Israel became one of a handful of countries to obtain “adequacy” status under the EU Data Protection Directive. This has meant that personal data of European individuals could flow freely from the EU to Israel without relying on legal mechanisms such as standard contractual clauses or binding corporate rules. As part of its data protection regime, Israel restricts data transfers to third countries that are not part of the EU or receive data from the EU under a valid legal arrangement. In the past, ILITA opined that these provisions authorized data transfers to Safe Harbor companies in the U.S. Yet the invalidation of Safe Harbor by the ECJ has undercut the legal basis for such transfers.
The decision attempted to avoid rupturing the borders of the Euro “data zone,” which Israel effectively belongs to under its adequacy decision. At the same time, the adequacy of Israel’s regime itself may be called into question, together with other adequacy mechanisms, based on the reasoning of the ECN.
The full decision can be found here.
photo credit: Israel Flag via photopin (license)