Support Centre

Israel

Summary

Law: Protection of Privacy Law, 5741-1981 (unofficial translation) ('PPL') and Protection of Privacy Regulations (Data Security) 5777-2017 (unofficial translation) ('the Data Security Regulations')

Regulator: Privacy Protection Authority ('PPA')

Summary: In the State of Israel, data protection is mainly governed by the PPL and the Data Security Regulations, as well as by further topic-specific regulations such as the Protection of Privacy Regulations (Transfer of Information to Databases outside of the State's Boundaries), 5761-2001 (only available in Hebrew here). Israel does not have a written constitution, but the right to privacy is considered a fundamental right under the Basic Law: Human Dignity and Liberty, 5752-1992. The PPA (previously the Israeli Law, Information and Technology Authority ('ILITA')), is one of the more active data protection authorities in the Middle East, and has regularly issued detailed non-binding guidelines and reports, some of which are available in English. The head of the PPA also serves as the Registrar of Databases and thus monitors data processing notifications. Israel was granted an adequacy decision by the European Commission.

Insights

On May 7, 2023, the Protection of Privacy Regulations (Provisions Regarding Information Transferred to Israel from the European Economic Area), 5782 - 2023 were published in their final form. The Regulations introduce four specific obligations for Israeli database owners (controllers) in relation to personal information transferred from the EEA to Israel and amend the definition of 'sensitive information' in relation to personal information transferred from the EEA.

Dalit Ben-Israel, Partner at Naschitz, Brandes, Amir & Co., breaks down the main provisions of the Regulations, including main rights and obligations under the same.

This article was updated on September 6, 2023.

On 23 November 2022, the Privacy Protection Authority ('PPA') published a methodology guide ('the Guide') for conducting a Privacy Impact Assessment (also known as a Data Protection Impact Assessment) ('PIA' or 'DPIA')1. Amit Dat and Dr. Omri Rachum-Twaig from FISCHER (FBC & Co.) Law firm, provide an overview of the Guide.

The Privacy Protection Authority ('PPA') recently published a document presenting its position and recommendations on the privacy protection aspects pertinent to waivers of medical confidentiality and disclosures of medical information during the hiring process. Netta Bromberg, Anat Even-Chen, and Karin Kashi, from Barnea Jaffa Lande Law offices, outline the five key aspects that the PPA's document focuses on.

On 25 July 2022, the Privacy Protection Authority ('PPA') published a report1 of the findings of a broad inspection among the nursing company sector. Dan Or-Hof, Founder of Or-Hof Law, provides an overview of the report.

On 31 July 2022, the Privacy Protection Authority ('PPA') issued a final opinion after a public consultation on a draft previously issued, proposing its interpretation to the requirements under Section 11 of the Protection of Privacy Law, 5741-1981 ('PPL') regarding the notification requirement imposed when collecting and using personal information in accordance with Section 11 of the PPL and specifically in relation to the use of algorithms or artificial intelligence ('AI') based decision systems ('the Notification Opinion'). Dalit Ben-Israel, Partner at Naschitz Brandes Amir, provides an overview of the Notification Opinion, specifically discussing areas such as processor notification obligations and the scope of disclosure.

In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Protection of Privacy Law, 5741-1981 (the PPL).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the PPL with the  GDPR.

You can access the latest version of the report here.

Israel is on the verge of a new privacy era. With significant changes that are likely to come into effect during 2022, the privacy landscape will change dramatically. Dan Or-Hof, Founder of Or-Hof Law, discusses seven proposed material changes to Israel's data protection regime that are likely to take effect within less than a year's time.

On 3 January 2022, the Israeli privacy protection authority ('PPA') issued a draft opinion for public consultation, proposing its interpretation of the requirements under Regulation 3 of the Privacy Protection (Transfer of Data to Databases Abroad) Regulations, 5671-2001 ('the Transfer Regulations') regarding onwards data transfer. Dalit Ben-Israel and Efrat Artzi, Partner and Senior Associate respectively at Naschitz, Brandes, Amir & Co., discuss the Transfer Regulations in this article.

2022 may be a turning point for Israeli privacy regulation. Substantial enforcement powers, including the authority to impose severe fines, are at the heart of a bill that the Israeli government and parliament are advancing. If enacted, the bill will reshape risk considerations when doing business in Israel. Dan Or-Hof, Founder of Or-Hof Law, provides an overview of the landscape of Israel's privacy legislation and a discussion of the potential legal reforms.

Feedback