Privacy & Information Security Law Blog

On January 21, 2016, the Israeli Law, Information and Technology Authority (“ILITA”) announced that it would postpone for the time being any review or enforcement actions on data transfers from Israel to the United States that are based on the U.S.-EU Safe Harbor framework.

This contradicts an earlier statement by ILITA in October 2015 that it would not permit such data transfers following the Schrems decision by the Court of Justice of the European Union that declared the Safe Harbor framework invalid.

Israel’s privacy regulations permit the transfer of personal data outside of Israel under certain circumstances, including transfers made “to a country to which the European Union permits transfers.” Because of this, Israel relied on the Safe Harbor framework as a legal basis that enabled data transfers from Israel to the U.S. The Article 29 Working Party and others have urged regulators to adopt a new legal framework by January 31, 2016, to permit the transfer of personal data from the EU to the U.S. that complies with the requirements of the Schrems decision. It is not clear whether the impending deadline will be reached, so ILITA has decided that the best course of action will be to postpone any potential Safe Harbor-related enforcement until there is more clarity on this issue.