January 11, 2022
Israeli Government Releases Bill Amending the Protection of Privacy Law
4 Min Read
On January 6, 2022, the Israeli Government issued a Bill amending the Protection of Privacy Law (PPL). The Bill marks the first major update to the PPL in over 20 years and the Bill has been subject to ongoing discussion in the region for the past 12 months. The Bill would enter into effect six months after its passing in Parliament and would grant the Privacy Protection Authority (PPA) greater enforcement and investigative powers.
In addition to the PPA’s enhanced powers, the Bill seeks to amend the PPL by streaming lining key definitions such as sensitive data, data processor, and data controller as well as amending existing requirements of the PPL. These include the need to register databases with the PPA and including a requirement to appoint a Data Protection Officer (DPO). The Bill also features substantial amendments to enforcement penalties for non-compliance with the PPL.
What Elements of the Protection of Privacy Law will the Israeli Privacy Protection Bill Amend?
The Bill represents the biggest overhaul to the PPL in over two decades and, if passed, will extend several new requirements for organizations to comply with as well as amendments to some of the fundamental language of the law.
The Privacy Protection Bill will update definitions of key terms bringing them more in line with the GDPR, including:
- Data – The definition of data will be amended to include any type of potentially identifiable information.
- Data with special sensitivity – The Bill will introduce a category for sensitive personal data. This would include information about an individual’s political opinions, criminal record, geolocation, biometrics, and consumption habits, among other things.
- Database Owners, Holders, and Managers – The Bill seeks to amend existing terms that define the relationship that entities have to personal data. The existing terms of ‘database owner’, ‘database holder’, and ‘database managers’ will be replaced by the GDPR-style ‘data controller’ and ‘data processor’.
The Bill will also amend some key compliance areas of the PPL and will introduce new requirements for organizations to implement. These include:
- DPO Requirement – The Bill will amend an existing requirement under the PPL that requires organizations to appoint an information security officer. If the Bill is passed, organizations will now be required to appoint a DPO in certain instances. It is worth noting, that this is the first time a DPO obligation would be included in Israeli law.
- Data Mapping – Under the amendments set out by the Bill, organizations would no longer be required to register with the data protection authority unless databases contain sensitive data relating to more than 500,000 individuals or the personal data of 100,000 individuals or more collected from third parties.
- Enforcement – One of the major elements of the Bill is the amendments to the PPA’s enforcement powers and the subsequent penalties that can be issued for non-compliance. The Bill introduces a list of criminal offenses such as collecting data under false pretenses or using data for purposes other than for that it was originally collected all of which may result in fines and prison sentences of up to 5 years.
The Bill will still need to find its way through parliament before being passed into law, however, the amendments laid out in the Bill signal the intentions of the data protection regime in Israel. To keep up to date with developments to the PPL in Israel and other regulatory developments visit OneTrust DataGuidance and request a free trial.
Further resources on the Israeli Privacy Protection Bill:
- OneTrust DataGuidance News: Israel: Privacy Protection Bill laid on Parliament table for first reading
- Read more: Official text of the Bill (only available in Hebrew)
- Israel National Legislative Database: Privacy Protection Bill (Amendment No. 14), 5722-2022