Written by Haim Ravia and Dotan Hammer
The European Commission has officially decided to renew its recognition of Israel’s adequacy status, confirming that Israel’s data protection and privacy regime is essentially equivalent to the European Union’s standards for personal data protection. This adequacy decision is a prerequisite for the seamless transfer of personal data from the EU to Israel.
Originally planned for 2020, the EU Commission’s decision was delayed initially due to the COVID-19 pandemic. Then, the Commission’s decision was pending legislative amendments in Israel and clarifications from the Israeli government. The decision on Israel’s adequacy was issued together with the renewal of recognition for other, previously recognized countries, as per the process mandated by the GDPR, which requires reevaluation every four years.
The key points of the decision include acknowledgment of the elevated protection of personal data codified in the 2023 Privacy Protection Regulations (Provisions Regarding data Transferred to Israel from the European Economic Area), and in the 2017 Privacy Protection Regulations (Data Security).
The Commission was also persuaded by how public agencies in Israel operate under clear, precise, and accessible rules on access and processing of personal data. This framework allows public agencies in Israel to access data transferred from the European Union, primarily for public interest purposes, such as criminal law enforcement and national security.
The European Commission’s decision also urges the Israeli government to leverage Amendment 14 to the Privacy Protection Law, currently under discussion in the Knesset Constitution Committee, to further enhance the data protection regime.
Click here to read the review of the functioning of the adequacy decisions adopted pursuant to Article 25(6) of Directive 95/46/EC.