- Latest available (Revised)
- Point in Time (31/01/2011)
- Original (As adopted by EU)
Commission Decision of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data (notified under document C(2011) 332) (Text with EEA relevance) (2011/61/EU)
You are here:
- Decisions originating from the EU
- 2011 No. 61
- Whole Decision
- Previous
- Next
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
More Resources
Revised version PDFs
- Revised 17/12/20160.15 MB
Legislation originating from the EU
When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.
This item of legislation originated from the EU
Legislation.gov.uk publishes the UK version. EUR-Lex publishes the EU version. The EU Exit Web Archive holds a snapshot of EUR-Lex’s version from IP completion day (31 December 2020 11.00 p.m.).
Changes over time for: Commission Decision of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data (notified under document C(2011) 332) (Text with EEA relevance) (2011/61/EU)
Version Superseded: 17/12/2016
Alternative versions:
Status:
Point in time view as at 31/01/2011.
Changes to legislation:
There are currently no known outstanding effects for the Commission Decision of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data (notified under document C(2011) 332) (Text with EEA relevance) (2011/61/EU).
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
Commission Decision
of 31 January 2011
pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data
(notified under document C(2011) 332)
(Text with EEA relevance)
(2011/61/EU)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data,(1) and in particular Article 25(6) thereof,
After consulting the European Data Protection Supervisor,
Whereas:
(1) Pursuant to Directive 95/46/EC, Member States are required to provide that the transfer of personal data to a third country may take place only if the third country in question ensures an adequate level of protection and if the Member States’ laws implementing other provisions of the Directive are complied with prior to the transfer.
(2) The Commission may find that a third country ensures an adequate level of protection. In that case, personal data may be transferred from the Member States without additional guarantees being necessary.
(3) Pursuant to Directive 95/46/EC the level of data protection should be assessed in the light of all the circumstances surrounding a data transfer operation or a set of data transfer operations and giving particular consideration to a number of elements relevant for the transfer and listed in Article 25 thereof.
(4) Given the different approaches to data protection in third countries, the adequacy assessment should be carried out, and any decision based on Article 25(6) of Directive 95/46/EC should be made and enforced in a way that does not arbitrarily or unjustifiably discriminate against or between third countries where like conditions prevail, nor constitute a disguised barrier to trade, regard being had to the European Union’s present international commitments.
(5) The State of Israel’s legal system has no written constitution but constitutional status has been conferred on certain ‘Basic Laws’ by the Supreme Court of the State of Israel. Those ‘Basic Laws’ are complemented by a large body of case law, as the Israeli legal system adheres to a great extent to common law principles. The right to privacy is included in the ‘Basic Law: Human Dignity and Liberty’ under section 7.
(6) The legal standards for the protection of personal data in the State of Israel are largely based on the standards set out in Directive 95/46/EC and are laid down in the Privacy Protection Act 5741-1981, lastly amended in 2007 in order to establish new processing requirements for personal data and the detailed organization of the supervisory authority.
(7) That data protection legislation is further complemented by governmental decisions on the implementation of the Privacy Protection Act 5741-1981 and on the organisation and functioning of the supervisory authority, largely based upon recommendations formulated in the Report to the Ministry of Justice by the Committee for the Examination of Legislation relating to Databases (Schoffman Report).
(8) Data protection provisions are also contained in a number of legal instruments regulating different sectors, such as financial sector legislation, health regulations and public registries.
(9) The legal data protection standards applicable in the State of Israel cover all the basic principles necessary for an adequate level of protection for natural persons in relation to the processing of personal data in automated databases. Chapter 2 of Privacy Protection Act 5741-1981, which lays down the principles for the processing of personal data, does not apply to the processing of personal data in non-automated databases (manual databases).
(10) The application of the legal data protection standards is guaranteed by administrative and judicial remedies and by independent supervision carried out by the supervisory authority, the Israeli Law, Information and Technology Authority (ILITA), which is invested with powers of investigation and intervention, and which acts completely independently.
(11) Israeli data protection authorities have provided explanations and assurances as to how the Israeli law is to be interpreted, and have given assurances that the Israeli data protection legislation is implemented in accordance with such interpretation. This Decision takes account of these explanations and assurances, and is therefore conditional upon them.
(12) The State of Israel should therefore be regarded as providing an adequate level of protection for personal data as referred to in Directive 95/46/EC with regard to automated international transfers of personal data from the European Union to the State of Israel or, where those transfers are not automated, they are subject to further automated processing in the State of Israel. Conversely, international transfers of personal data from the EU to the State of Israel whereby the transfer itself as well as the subsequent data processing is carried out exclusively through non-automated means should not be covered by this Decision.
(13) In the interest of transparency and in order to safeguard the ability of the competent authorities in the Member States to ensure the protection of individuals as regards the processing of their personal data, it is necessary to specify the exceptional circumstances in which the suspension of specific data flows may be justified, notwithstanding the finding of adequate protection.
(14) The adequacy findings pertaining to this Decision refer to the State of Israel, as defined in accordance with international law. Further onward transfers to a recipient outside the State of Israel, as defined in accordance with international law, should be considered as transfers of personal data to a third country.
(15) The Working Party on the protection of individuals with regard to the processing of personal data established under Article 29 of Directive 95/46/EC has delivered a favourable opinion on the level of adequacy as regards protection of personal data in relation to automated international transfers of personal data from the European Union or, whether they are non-automated they are subject to further automated processing in the State of Israel. In its favourable opinion, the Working Party has encouraged the Israeli authorities to adopt further provisions which extend the application of Israeli legislation to manual databases, which expressly recognise the application of the proportionality principle to personal data processing in the private sector and which interpret the exemptions in international data transfers as in accordance with the criteria set out in its ‘Working document on a common interpretation of Article 26(1) of Directive 95/46/EC’(2). This opinion has been taken into account in the preparation of this Decision(3).
(16) The Committee established under Article 31(1) of Directive 95/46/EC did not deliver an opinion within the time limit laid down by its Chairman,
HAS ADOPTED THIS DECISION:
Article 1U.K.
1.For the purposes of Article 25(2) of Directive 95/46/EC, the State of Israel is considered as providing an adequate level of protection for personal data transferred from the European Union in relation to automated international transfers of personal data from the European Union or, where they are not automated, they are subject to further automated processing in the State of Israel.
2.The competent supervisory authority of the State of Israel for the application of the legal data protection standards in the State of Israel is the ‘Israeli Law, Information and Technology Authority (ILITA)’, referred to in the Annex to this Decision.
Article 2U.K.
1.This Decision concerns only the adequacy of protection provided in the State of Israel, as defined in accordance with international law, with a view to meeting the requirements of Article 25(1) of Directive 95/46/EC and does not affect other conditions or restrictions implementing other provisions of that Directive that pertain to the processing of personal data within the Member States.
2.This Decision shall be applied in accordance with international law. It is without prejudice to the status of the Golan Heights, the Gaza Strip and the West Bank, including East Jerusalem, under the terms of international law.
Article 3U.K.
1.Without prejudice to their powers to take action to ensure compliance with national provisions adopted pursuant to provisions other than Article 25 of Directive 95/46/EC, the competent authorities in Member States may exercise their existing powers to suspend data flows to a recipient in the State of Israel in order to protect individuals with regard to the processing of their personal data in the following cases:
(a)where a competent Israeli authority has determined that the recipient is in breach of the applicable standards of protection; or
(b)where there is a substantial likelihood that the standards of protection are being infringed, there are reasonable grounds for believing that the competent Israeli authority is not taking or will not take adequate and timely steps to settle the case at issue, the continuing transfer would create an imminent risk of grave harm to data subjects and the competent authorities in the Member State have made reasonable efforts in the circumstances to provide the party responsible for processing established in the State of Israel with notice and an opportunity to respond.
2.The suspension shall cease as soon as the standards of protection are assured and the competent authority of the Member States concerned is notified thereof.
Article 4U.K.
1.Member States shall inform the Commission without delay when measures are adopted on the basis of Article 3.
2.The Member States and the Commission shall inform each other of cases where the action of bodies responsible for ensuring compliance with the standards of protection in the State of Israel fails to secure such compliance.
3.If the information collected under Article 3 and under paragraphs 1 and 2 of this Article provides evidence that any body responsible for ensuring compliance with the standards of protection in the State of Israel is not effectively fulfilling its role, the Commission shall inform the competent Israeli authority and, if necessary, present draft measures in accordance with the procedure referred to in Article 31(2) of Directive 95/46/EC with a view to repealing or suspending this Decision or limiting its scope.
Article 5U.K.
The Commission shall monitor the functioning of this Decision and report any pertinent findings to the Committee established under Article 31 of Directive 95/46/EC, including any evidence that could affect the finding in Article 1 of this Decision, that protection in the State of Israel is adequate within the meaning of Article 25 of Directive 95/46/EC and any evidence that this Decision is being implemented in a discriminatory way. In particular, it shall monitor the processing of personal data in manual databases.
Article 6U.K.
Member States shall take all the measures necessary to comply with the Decision within three months of the date of its notification.
Article 7U.K.
This Decision is addressed to the Member States.
Done at Brussels, 31 January 2011.
For the Commission
Viviane Reding
Vice-President
ANNEXU.K.
Competent supervisory authority referred to in Article 1(2) of this Decision:
The Israeli Law, Information and Technology Authority
The Government Campus
9th floor
125 Begin Rd
Tel Aviv
Israel
Mailing address:
PO Box 7360
Tel Aviv, 61072
Tel. + 972-3-7634050
Fax + 972-2-6467064
E-mail: ILITA@justice.gov.il
Website: http://www.justice.gov.il/MOJEng/RashutTech/default.htm
(2)
Document WP114 of 25 November 2005. Available at http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2005/wp114_en.pdf
(3)
Opinion 6/2009/EC on the level of protection of personal data in Israel. Available at http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2009/wp165_en.pdf
Options/Help
Print Options
PrintThe Whole Decision
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
Point in Time: This becomes available after navigating to view revised legislation as it stood at a certain point in time via Advanced Features > Show Timeline of Changes or via a point in time advanced search.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Timeline of Changes
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
The data on this page is available in the alternative data formats listed:
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.