Israeli Government Releases Bill...
Israeli Government Releases Bill Amendin...

Israeli Government Releases Bill Amending the Protection of Privacy Law

If passed the Bill would amend the four-decade-old Protection of Privacy Law (PPL) in Israel

clock4 Min Read

Featured Image

On January 6, 2022, the Israeli Government issued a Bill amending the Protection of Privacy Law (PPL). The Bill marks the first major update to the PPL in over 20 years and the Bill has been subject to ongoing discussion in the region for the past 12 months. The Bill would enter into effect six months after its passing in Parliament and would grant the Privacy Protection Authority (PPA) greater enforcement and investigative powers.

In addition to the PPA’s enhanced powers, the Bill seeks to amend the PPL by streaming lining key definitions such as sensitive data, data processor, and data controller as well as amending existing requirements of the PPL. These include the need to register databases with the PPA and including a requirement to appoint a Data Protection Officer (DPO). The Bill also features substantial amendments to enforcement penalties for non-compliance with the PPL.

What Elements of the Protection of Privacy Law will the Israeli Privacy Protection Bill Amend?

The Bill represents the biggest overhaul to the PPL in over two decades and, if passed, will extend several new requirements for organizations to comply with as well as amendments to some of the fundamental language of the law.

The Privacy Protection Bill will update definitions of key terms bringing them more in line with the GDPR, including:

  • Data – The definition of data will be amended to include any type of potentially identifiable information.
  • Data with special sensitivity – The Bill will introduce a category for sensitive personal data.  This would include information about an individual’s political opinions, criminal record, geolocation, biometrics, and consumption habits, among other things.
  • Database Owners, Holders, and Managers – The Bill seeks to amend existing terms that define the relationship that entities have to personal data. The existing terms of ‘database owner’, ‘database holder’, and ‘database managers’ will be replaced by the GDPR-style ‘data controller’ and ‘data processor’.

The Bill will also amend some key compliance areas of the PPL and will introduce new requirements for organizations to implement. These include:

  • DPO RequirementThe Bill will amend an existing requirement under the PPL that requires organizations to appoint an information security officer. If the Bill is passed, organizations will now be required to appoint a DPO in certain instances. It is worth noting, that this is the first time a DPO obligation would be included in Israeli law.
  • Data MappingUnder the amendments set out by the Bill, organizations would no longer be required to register with the data protection authority unless databases contain sensitive data relating to more than 500,000 individuals or the personal data of 100,000 individuals or more collected from third parties.
  • Enforcement – One of the major elements of the Bill is the amendments to the PPA’s enforcement powers and the subsequent penalties that can be issued for non-compliance. The Bill introduces a list of criminal offenses such as collecting data under false pretenses or using data for purposes other than for that it was originally collected all of which may result in fines and prison sentences of up to 5 years.

The Bill will still need to find its way through parliament before being passed into law, however, the amendments laid out in the Bill signal the intentions of the data protection regime in Israel. To keep up to date with developments to the PPL in Israel and other regulatory developments visit OneTrust DataGuidance and request a free trial.

Further resources on the Israeli Privacy Protection Bill:

Follow OneTrust on LinkedIn, Twitter, or YouTube for the latest on the Israeli Privacy Protection Bill.

You Might Also Be Interested In

JUL 12, 2022
Third-Party Risk

Supply Chain Scrutiny: What You Need to Know About the Uyghur Forced Labor Prevention Act (UFPLA)

FEB 04, 2021
Third-Party Risk

Third-Party Risk Exchange Demo

JUL 07, 2022
Third-Party Risk

Become a Trusted Brand: 7 Ways to Promote Your Security, Privacy, Ethics and ESG Programs

JUN 17, 2022
Ethics and Compliance

Anti-Retaliation Checklist for Compliance Programs

AUG 24, 2022
Privacy Management

US Privacy Laws & Regulations: Answering Your Biggest Questions

AUG 11, 2022
Privacy Management

Utah and Connecticut: Latest Additions to the US Privacy Landscape

JUN 16, 2022
Ethics and Compliance

EU Whistleblower Directive Checklist

JUL 26, 2022
Consent and Preferences

How to Drive Enhanced Marketing & CX Campaigns Through Trusted Data Use

Onetrust All Rights Reserved