Israel’s Privacy Protection Authority recently announced that Privacy Shield can no longer be relied on for data transfers between Israel and the United States. Israel did not have a direct Privacy Shield arrangement with the U.S., instead permitting the many Israeli companies that exchange data with their American counterparts to rely on a provision of its Privacy Protection Regulations that allows for transfers of data to any country that receives data from the EU under the same terms of such transfer.
In light of Israel’s reliance on the EU’s use of Privacy Shield, it is not surprising that Israel has followed suit in stating that Privacy Shield could no longer be relied upon for data transfers. The announcement does mention that standard contractual clauses that are approved by the EU are acceptable under the Israeli Privacy Protection Regulations.
This builds on the fallout from the Schrems II decision, which we have previously discussed. Companies relying on Privacy Shield will need to look to alternative methods for these data transfers, which could include consent or contractual clauses.
Putting it Into Practice: Israel joins the EU in forcing to continue to adapt to the fallout from the Schrems II decision. Alternative mechanisms for data transfers from Israel to the US will need to meet Israel’s Privacy Protection Regulations.