2022 was a busy year for all privacy practitioners. This active spirit did not skip over Israel and its citizens


Among the privacy changes some interesting Legislative amendments were proposed to the Israeli Privacy Protection Law (correction number 14) dated January 2022:

  1. In the Bill's Explanatory Notes it is emphasized that the Right to Privacy is a constitutional right.

  2. A proposition to expand the Privacy Protection Authority’s (the organ charged with enforcing the Privacy Protection law) powers and increase the fines it an impose on organizations if they commit violations of the law

  3. A proposition to reduce the obligation to register a database

  4. A proposition to clarify key definitions in the current law such as “information”, “sensitive information” and "Holder of a data base". The purpose: to better meet technological, social and economic developments and the current European regulations (GDPR). The definition of the term "Holder" is proposed to be amended in a manner that will better clarify the distinction between the possessor and the controller on one hand, and to better clarify the distinction between the control of the database and an authorized access entity, on the other hand.

Regulations regarding information transferred to Israel from the European Economic Area

In November 29, 2022, the Israeli Ministry of Justice published a draft of Regulations concerning the protection of privacy (Instructions Regarding Data Transferred to Israel from the European Economic Area).

The regulations are proposed in a response to an examination process currently being carried out by the European Union Commission in relation to Israel, for the purpose of examining the renewal of the adequacy status granted to Israel by the European Union in 2011, as a country whose level of data protection corresponds to the level of personal data protection practiced in the countries of the European Economic Area. The examination process was initiated based on the 2018 GDPR rules and instructions.
The proposed regulations establish 4 obligations that will apply to the owners of a databases in Israel, in relation to information transferred to Israel from the European Economic Area, with the exception of information transferred directly by the subject of the information itself: (1) the obligation to delete information, (2) the obligation to limit the retention of information that is not necessary, (3) the obligation of information accuracy and (4) the obligation to notify.

Guidelines and Recommendations published by the PPA (Israeli Privacy Protection Authority)

2022 was a busy year also in that the PPA t published numerous recommendations and memos. 

Such as the "Recommendations for proper conduct when using applications to pay and validate public transportation services" . The PPA published a memo intended for the general public warning of the consequences of using a data gathering application in public transportation. This is a perfect example of the importance of public education on privacy issues.

Another example is the publication of the ~USD90,000 fine imposed on Data Online (BMC Line Group Ltd.), an Israeli company that illegally traded databases and sold personal information on millions of citizens.

The  PPA's also published a memo which comprehensively reviews the issue of monitoring remote work, the main risks to privacy in such monitoring, as well as the relevant legal provisions.

Several more recommendations and memos were published in 2022 by the PPA but our summary must end here. More on Privacy is to come from Israel, especially these complex days, so keeping our readers in suspense is a must.  


Article provided by INPLP members: Beverley Zabow and Adi Barkan-Lev  (BL&Z Law Offices & Notaries, Israel)



Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)

What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.