Charting its own path — The new reform in Israeli data protection laws

As of 5 Aug., Israel enters a new era with a unique framework for data protection and governance, shielded by significant penalties.

Following the substantial facelift, the law will include administrative fines of up to 5% of annual turnover, statutory and exemplary damages in civil actions, severe criminal penalties, new definitions for foundational terms, enhanced notice requirements, mandatory appointments of chief information security officers and data protection officers, notification and submissions duties, registration and specific provisions for data brokers and special provisions for law enforcement and national security agencies.

It is a major reform to the Protection of Privacy Law, 5741-1981. Titled Bill No. 13, the reform takes effect a year following its enactment by the Israeli Parliament, the Knesset. It is primarily driven by the need to enhance the protection and security of personal data, especially considering the large increase in cyberattacks amid the current armed conflict in the region.

The new reform is expected to significantly impact the entire market, including public authorities. Everyone will be affected and will need to tune-up personal data practices.

One of the first laws — One of the last to face modernization

The history of privacy laws in Israel started in 1981. Soon after the Organisation for Economic Co-operation and Development published its first set of guidelines, Israel enacted the PPL. At that time, 43 years ago, it was one of the first global attempts to create a comprehensive statutory framework for privacy protection.

Eleven years later, Israel enshrined the right to privacy as a constitutional right in the Basic Law: Human Liberty and Dignity. Four years passed, and in 1996, a comprehensive chapter on data protection was added to the law.