Israeli legislation giving the Shin Bet security service authority to conduct cellphone tracking to monitor the coronavirus, as well as a European Court of Justice decision striking down a major agreement governing the transfer of EU citizens’ data to the United States, could undermine the ability of Israeli tech companies to do business with the European Union.
“This is going to harm Israeli industry, especially high-tech, which today revolves around big data and personal information. In other words, this has far-reaching international and economic consequences,” said Dr. Tehilla Shwartz Altshuler, head of the Israel Democracy Institute’s Media Reform Program and the Democracy in the Information Age Program.
The court’s decision last week rescinds the EU-U.S. Privacy Shield system, which was the legal foundation that allowed more than 5,300 companies, most of them are small-medium enterprises or start-ups, to transfer, process and store data in the United States. The biggest companies, like Amazon, Google and Microsoft, served as the pipeline for this data movement.
Israeli companies have similarly relied on these big companies for data transfer, mainly through their cloud-computing services. Companies will now have to sign non-negotiable legal contracts drawn up by Europe, which are used in other countries besides the U.S.
Behind the ECJ ruling as the fact that U.S. government bodies, such as the National Security Agency have broad rights to collect data on citizens, including those of EU countries.
The effect of the ruling is to strengthen the EU’s already stringent privacy rules, enshrined in the General Data Protection Regulation, or GDPR, and widens the gap on privacy issues not only the U.S. but with Israel, too.
As it is, Israel Privacy Protection Law is way out of date. It was passed by the Knesset in 1981 and has not been adjusted to reflect the sea changes information technology and communications since then. The law, expected to be cleared by the Knesset this week, giving the Shin Bet formal legal rights to monitor all Israeli cellphones will widen the gap with the EU further, sources said.
- Knesset approves 'restrained' bill on digital tracking in coronavirus fight
- About 60 percent of Israelis' appeals against quarantine based on digital tracking granted
- As criticism mounts, Israeli secret service wants digital coronavirus tracking reexamined
So far, Israel has been protected by a 2011 decision by the EU that Israeli law was in compliance with EU standards. But after the GDPR went into force in May 2018, the matter is up for discussion again. A final decision will be made y the end of this year.
“If he compatibility of privacy protection laws in Israel doesn’t continue to be recoginzed, the transfer of personal information on EU citizens outside its borders will be subject to restrictions that will severely burden many businesses providing services, selling products and processing personal information,” said Shwartz Altshuler.
She said the Shin Bet legislation, which is expected to win Knesset approval by Wednesday, will complicate matters further for Israeli companies. “The EU Commission has made it clear in recent months that monitoring digital contacts in connection with the coronavirus can’t be widespread and compulsory. It recommended they be done with an app on a voluntary basis.”
The Israeli law violates all the EU Commission standards, which has caused some in Brussels to say the EU should no longer recognize Israeli compliance with EU legislation. “The Europe court’s ruling puts Israel in a very problematic situation,” Shwartz Altshuler warned.
It will also cost Israeli companies money, said Gal Omer, an intellectual-property and privacy attorney with the Tel Aviv firm of Amit, Pollak, Matlon & Company.
“Storing data in the U.S. now violates Israeli law because Israel operates in accordance with EU rules. Companies will have to transfer their information to servers in other countries, moving to Europe being the best option,” she said. “But moving to new servers can be expensive, and the time taken completing the transfer will impair the day-to-day functioning of companies,” Omer explained.
If Israeli firms continue to business with U.S. companies for such things as cloud services, they run the risk of running afoul of Israeli privacy rules.
If the EU rejects Israeli standards, any Israeli firm here with data on Europeans will have to take major steps to stay in the EU, Omer said.