While the October 6, 2015 European Court of Justice (ECJ) decision invalidating the U.S.-EU Safe Harbor continues to have implications for transatlantic data transfer, the repercussions of the decision have now traveled to Israel. In late October, the Israeli Law, Information and Technology Authority (ILITA) revoked its prior authorization for data transfers from Israel to the United States based on the U.S.-EU Safe Harbor. Israel's privacy law, the Privacy Protection Regulations of 2001 (the "2001 Regulations"), largely followed EU law and prohibited the transfer of data from Israel to a location that did not ensure a level of protection equal to or greater than that required by Israeli law. In fact, Israel is one of the few countries recognized as having an "adequate" level of protection as defined by the EU Data Protection Directive.
The 2001 Regulations recognize certain permissible data transfers, including transfers to countries that receive information from Member States of the European Union and European Economic Area in accordance with the requirements under European data protection law. Prior to the ECJ ruling, Israel had recognized transfers to entities certified under the Safe Harbor as also meeting the requirements for lawful transfers under Israeli law. In light of the ECJ decision, the ILITA has revoked this prior authorization for data transfer. At present, ILITA has not publicly addressed whether other methods of data transfer recognized by EU Member States, such as model contracts, are valid under Israeli law.