2022 was a busy year for all privacy practitioners. This active spirit did not skip over Israel and its citizens
- In the Bill's Explanatory Notes it is emphasized that the Right to Privacy is a constitutional right.
- A proposition to expand the Privacy Protection Authority’s (the organ charged with enforcing the Privacy Protection law) powers and increase the fines it an impose on organizations if they commit violations of the law
- A proposition to reduce the obligation to register a database
- A proposition to clarify key definitions in the current law such as “information”, “sensitive information” and "Holder of a data base". The purpose: to better meet technological, social and economic developments and the current European regulations (GDPR). The definition of the term "Holder" is proposed to be amended in a manner that will better clarify the distinction between the possessor and the controller on one hand, and to better clarify the distinction between the control of the database and an authorized access entity, on the other hand.
Regulations regarding information transferred to Israel from the European Economic Area
In November 29, 2022, the Israeli Ministry of Justice published a draft of Regulations concerning the protection of privacy (Instructions Regarding Data Transferred to Israel from the European Economic Area).
The regulations are proposed in a response to an examination process currently being carried out by the European Union Commission in relation to Israel, for the purpose of examining the renewal of the adequacy status granted to Israel by the European Union in 2011, as a country whose level of data protection corresponds to the level of personal data protection practiced in the countries of the European Economic Area. The examination process was initiated based on the 2018 GDPR rules and instructions.
The proposed regulations establish 4 obligations that will apply to the owners of a databases in Israel, in relation to information transferred to Israel from the European Economic Area, with the exception of information transferred directly by the subject of the information itself: (1) the obligation to delete information, (2) the obligation to limit the retention of information that is not necessary, (3) the obligation of information accuracy and (4) the obligation to notify.
Guidelines and Recommendations published by the PPA (Israeli Privacy Protection Authority)
2022 was a busy year also in that the PPA t published numerous recommendations and memos.
Such as the "Recommendations for proper conduct when using applications to pay and validate public transportation services" . The PPA published a memo intended for the general public warning of the consequences of using a data gathering application in public transportation. This is a perfect example of the importance of public education on privacy issues.
Another example is the publication of the ~USD90,000 fine imposed on Data Online (BMC Line Group Ltd.), an Israeli company that illegally traded databases and sold personal information on millions of citizens.
The PPA's also published a memo which comprehensively reviews the issue of monitoring remote work, the main risks to privacy in such monitoring, as well as the relevant legal provisions.
Several more recommendations and memos were published in 2022 by the PPA but our summary must end here. More on Privacy is to come from Israel, especially these complex days, so keeping our readers in suspense is a must.
Article provided by INPLP members: Beverley Zabow and Adi Barkan-Lev (BL&Z Law Offices & Notaries, Israel)
Dr. Tobias Höllwarth (Managing Director INPLP)