Author: Eddie Powell
On 1 February 2011 The European Commission formally accepted Israel as a country which provides an “adequate level of protection” for the purposes of determining whether it is safe to transfer personal data to it from Europe. Israel’s laws and practice are therefore recognised as meeting the EU’s standards for protection of the rights of individuals.
What this means in practice is that the formalities which companies need to go through in order to move personal data (which could include customer or contact information, employee data or any other database of individuals’ details) to Israel, will be greatly reduced. Businesses looking to set up offices in Israel or to use Israeli service providers will no longer be taking a risk that they will fall foul of the prohibition of export personal data outside the EEA.
Where a non-European country is not recognised in this way, it will be a breach of UK data protection law to send personal data to it, or even allow access to data stored in the UK by staff based in that country, unless safeguards have been put in place (normally by entering into contracts in a prescribed form).
Israel joins a select club of countries (Andorra, Argentina, Canada, Switzerland and companies in the US who subscribe to the Safe Harbor Scheme) where these safeguards are not required.
However, any UK business which is looking to enter into arrangements which involve third parties receiving or even having access to personal data, wherever they are located, should make sure that they have robust terms in place to ensure that they are complying with all the other requirements that data protection law imposes.
For further information please contact Eddie Powell, Partner, Fladgate LLP on +44 (0)20 3036 7362 or firstname.lastname@example.org