In order to satisfy the European Commission that Israel will continue to protect data about Europeans according to the European standards prescribed in the European General Data Protection Regulation (GDPR) as the data enters Israel, the Israeli Ministry of Justice has published draft regulations focusing on the protection of personal data that reaches Israel from the European Economic Area. This area includes EU member states as well as Iceland, Norway, and Liechtenstein. This new draft focuses primarily on the obligations that will apply to Israeli database owners that receive data originating from the European Economic Area.
The Ministry of Justice is proposing to add four main obligations to the currently existing ones:
- The obligation to erase data upon request.
- Restrictions on retaining unnecessary data.
- The obligation to ensure data accuracy.
- An obligation to inform data subjects of the processing of data about them.
If these draft regulations are not enacted, the Ministry of Justice asserts the European Commission’s 2011 decision, which ruled Israel’s privacy protection regime provides an adequate level of protection, could be rescinded. The Ministry of Justice is also presenting possible alternatives on the need to maintain Israel’s recognition as an adequately conforming country.
Maintaining Israel’s Adequacy Status with Regard to Protection of Data
The Israeli Ministry of Justice initiated the draft regulations in light of a review process the European Commission is conducting for the purpose of considering if to reaffirm its 2011 decision that Israel’s level of data protection is consistent with the accepted level in countries in the European Economic Area. This recognition enables Israeli entities to receive data in Israel from the European Economic Area without any restriction on the transferor or the recipient of the data. This recognition has broad economic significance and is considerably important for Israel’s foreign relations.
If the draft regulations in their proposed format are accepted, many businesses receiving data about Europeans will need to assimilate mechanisms into their operations to ensure compliance with the four obligations the regulations impose on them. They will also need to employ mechanisms enabling them to identify if the data came from the European Economic Area.
The draft regulations are open to public comments until December 20, 2022.
[View source.]