Israeli Government Releases Bill...
Israeli Government Releases Bill Amendin...

Israeli Government Releases Bill Amending the Protection of Privacy Law

If passed the Bill would amend the four-decade-old Protection of Privacy Law (PPL) in Israel

clock4 Min Read

Featured Image

On January 6, 2022, the Israeli Government issued a Bill amending the Protection of Privacy Law (PPL). The Bill marks the first major update to the PPL in over 20 years and the Bill has been subject to ongoing discussion in the region for the past 12 months. The Bill would enter into effect six months after its passing in Parliament and would grant the Privacy Protection Authority (PPA) greater enforcement and investigative powers.

In addition to the PPA’s enhanced powers, the Bill seeks to amend the PPL by streaming lining key definitions such as sensitive data, data processor, and data controller as well as amending existing requirements of the PPL. These include the need to register databases with the PPA and including a requirement to appoint a Data Protection Officer (DPO). The Bill also features substantial amendments to enforcement penalties for non-compliance with the PPL.

What Elements of the Protection of Privacy Law will the Israeli Privacy Protection Bill Amend?

The Bill represents the biggest overhaul to the PPL in over two decades and, if passed, will extend several new requirements for organizations to comply with as well as amendments to some of the fundamental language of the law.

The Privacy Protection Bill will update definitions of key terms bringing them more in line with the GDPR, including:

  • Data – The definition of data will be amended to include any type of potentially identifiable information.
  • Data with special sensitivity – The Bill will introduce a category for sensitive personal data.  This would include information about an individual’s political opinions, criminal record, geolocation, biometrics, and consumption habits, among other things.
  • Database Owners, Holders, and Managers – The Bill seeks to amend existing terms that define the relationship that entities have to personal data. The existing terms of ‘database owner’, ‘database holder’, and ‘database managers’ will be replaced by the GDPR-style ‘data controller’ and ‘data processor’.

The Bill will also amend some key compliance areas of the PPL and will introduce new requirements for organizations to implement. These include:

  • DPO RequirementThe Bill will amend an existing requirement under the PPL that requires organizations to appoint an information security officer. If the Bill is passed, organizations will now be required to appoint a DPO in certain instances. It is worth noting, that this is the first time a DPO obligation would be included in Israeli law.
  • Data MappingUnder the amendments set out by the Bill, organizations would no longer be required to register with the data protection authority unless databases contain sensitive data relating to more than 500,000 individuals or the personal data of 100,000 individuals or more collected from third parties.
  • Enforcement – One of the major elements of the Bill is the amendments to the PPA’s enforcement powers and the subsequent penalties that can be issued for non-compliance. The Bill introduces a list of criminal offenses such as collecting data under false pretenses or using data for purposes other than for that it was originally collected all of which may result in fines and prison sentences of up to 5 years.

The Bill will still need to find its way through parliament before being passed into law, however, the amendments laid out in the Bill signal the intentions of the data protection regime in Israel. To keep up to date with developments to the PPL in Israel and other regulatory developments visit OneTrust DataGuidance and request a free trial.

Further resources on the Israeli Privacy Protection Bill:

Follow OneTrust on LinkedIn, Twitter, or YouTube for the latest on the Israeli Privacy Protection Bill.

You Might Also Be Interested In

JANUARY 13, 2023

Addressing UK app Code of Practice requirements with OneTrust

JANUARY 12, 2023

Ultimate guide to the EU CSRD ESG regulation for businesses

JANUARY 11, 2023

Continuous improvement: The leading indicator for successful compliance programs

JANUARY 10, 2023

Build trust, promote your program in the Third-Party Risk Exchange

JANUARY 9, 2023

Building trust in a zero trust world

JANUARY 9, 2023

Consent management by the numbers: 2022 DMA report summary

JANUARY 9, 2023

Navigating the California Privacy Rights Act as a HIPAA-compliant business

JANUARY 6, 2023

US state privacy bills on the horizon in 2023

Onetrust All Rights Reserved