On January 5, 2010, the EU Article 29 Data Protection Working Party published an opinion finding that Israel provides an "adequate" level of data protection under the EU Data Protection Directive. Should the European Commission ("EC") adopt the Article 29 Working Party’s recommendation (and there is no reason to think that it would not), Israel will join the ranks of the select few countries that the EU has deemed to have an "adequate" level of data protection, such as Argentina, Canada, and Switzerland (notably, the United States is not on this list).
A determination that Israel provides an adequate level of protection means that a company transferring personal data from the EU to Israel does not need to enter into the "model contractual clauses" that the EC has ratified with an Israeli data importer, or develop "binding corporate rules" to transfer EU personal data.
The Article 29 Working Party analyzed Israel’s data privacy framework, with particular emphasis on the Israeli Privacy Protection Act ("PPA"). It found that the PPA provided data subjects with sufficient rights to access their personal data and avenues to rectify it if they believed it to be erroneous. The Article 29 Working Party also concluded that in several places where the statutory language of the PPA fell short of the rights provided under the EU Data Protection Directive, Israeli courts had developed a robust body of case law that had interpreted the PPA to provide for the protection of the privacy rights of data subjects.
Israel is not the only country whose privacy laws the Article 29 Working Party recently found to have an adequate level of protection; on January 5, it also published an opinion finding that Andorra satisfied the EU’s stringent requirements.