Businesses that relied previously on the EU’s Safe Harbor exception to transfer data from Israel to the United States have had that authorization revoked by the Israeli Law, Information and Technology Authority (ILITA).
It’s part of the ongoing ripple effect caused by the invalidation of Safe Harbor.
Now that Safe Harbor is off the table, businesses must rely on standard contractual clauses, binding corporate rules or other legal strategies, to transfer data out of the EU, and now Israel.
Israel is not an official member of the so-called “Euro Data Zone,” but it was granted an exception in 2011 under the EU Data Protection Directive, allowing data to be transferred out of the EU to Israel without requiring companies to use standard contractual clauses or binding corporate rules.
Israel’s 2001 Privacy Protection Regulations permitted moving data from Israel to a database outside the country if the transferee country had laws regulating data protection that were at least as strict as Israeli law. It included an exception for companies located in countries with inadequate legal protections by allowing data transfers to nations to which the EU allows data transfers.
In effect, that allowed Safe Harbor compliant U.S.-based companies to transfer data out of Israel.