As of August 5, Israel has implemented significant changes to its data protection framework, introducing a new law designed to enhance the security and governance of personal data. The reform, which amends the Protection of Privacy Law (PPL), introduces a range of penalties, including administrative fines up to 5% of annual turnover, statutory and exemplary damages, and severe criminal penalties. These changes are aimed at improving the overall security of personal data amidst increasing cyberattacks, particularly in the context of ongoing regional conflicts.
Key Changes in the New Law
The reform includes new definitions for core terms, stricter notice requirements, and mandates for the appointment of Chief Information Security Officers (CISOs) and Data Protection Officers (DPOs). It also introduces specific regulations for data brokers and special provisions for law enforcement and national security agencies. These amendments come after years of discussions and several failed attempts to update the law.
A Long-Delayed Modernization
Israel’s privacy laws date back to 1981, and while they were among the first comprehensive privacy laws globally, they had not kept pace with modern technological and regulatory challenges. After the introduction of the EU’s General Data Protection Regulation (GDPR) in 2018, Israel began to modernize its legal framework, culminating in the passage of Bill No. 13, which took effect in 2025. Over 20 hearings were held in the Knesset, Israel’s parliament, to finalize the law.
Evolution of the Regulatory Landscape
In parallel with the legislative reform, Israel’s Privacy Protection Authority (PPA) has grown in influence, introducing GDPR-like concepts and expanding its supervision over areas like privacy-by-design, smart cities, and AI. The PPA will now have greater enforcement powers to ensure compliance with the updated law.
Alignment with the GDPR
Israel’s new data protection law is partially aligned with the GDPR but also introduces unique provisions, including detailed requirements for information security and the mandatory appointment of officers. It also imposes stricter rules on database management, vendor relationships, and periodic evaluations of data retention practices. While Israel has been recognized by the EU for maintaining an adequate level of data protection, the reform’s additional provisions diverge from the GDPR in key areas.
AI and Data Protection
In addition to the changes to data protection, the Israeli government has also outlined a policy on artificial intelligence (AI) ethics. While not a formal AI regulation, the policy provides a framework for the responsible use of AI, particularly in the collection and processing of personal data. The PPA has already issued guidelines on AI-related data privacy, and the new reform will empower the authority to enforce these guidelines.
Impact on Businesses and Individuals
The new law introduces an extensive range of enforcement mechanisms, including fines, criminal penalties, and civil actions for violations. Notably, the law allows for substantial fines in cases of non-compliance, with a cap set at 5% of annual turnover for businesses. Civil suits can lead to statutory damages, and class actions related to privacy violations have become more common in Israel.
Looking Ahead
The Ministry of Justice has already drafted further amendments to the PPL to continue aligning Israel’s data protection framework with global standards. These future amendments may expand data subject rights and introduce new lawful grounds for processing personal data. However, it remains unclear when or if these amendments will be enacted.
Conclusion
The reform marks a significant shift in Israel’s approach to data protection, placing a greater emphasis on compliance and enforcement. Businesses operating in Israel will need to review their data processing activities to ensure compliance with the new requirements. With heightened risks associated with data breaches and non-compliance, companies will need to allocate additional resources to align with the updated law. As the regulatory landscape evolves, the protection of personal data, particularly in relation to AI and advanced technologies, will be a key area of focus for enforcement.
Your source for supply chain logistics news updates: The Supply Chain Report. Enhance your international trade knowledge at ADAMftd.com.
#IsraelDataProtection #DataPrivacyReform #CyberSecurityLaws #PrivacyRegulations #TechPolicy #DataProtectionLaws #DigitalSecurity
