Amendment 13 to the Privacy Protection Law: A Significant Shift in Data Protection in Israel

Home Page » Professional information » Amendment 13 to the Privacy Protection Law: A Significant Shift in Data Protection in Israel

On August 5, 2024, the Israeli Knesset passed Amendment No. 13 to the Privacy Protection Law, 1981, in its second and third readings. The amendment was published in the official gazette on August 14, 2024, and is set to take effect one year later—on August 14, 2025. This marks the most significant revision to Israel’s Privacy Protection Law since 1996, when a dedicated chapter on data protection in databases was added.The amendment, debated for over a decade in the Knesset and various committees, aims to update Israel’s outdated privacy legislation in line with the modern digital landscape and align it with international standards—particularly the European Union’s General Data Protection Regulation (GDPR).

Objectives of the Amendment

The amendment focuses on two main areas:

Modernizing the legislation for the digital age: Updating and expanding definitions, and adapting reporting and data protection obligations to current technological realities.
Strengthening enforcement powers: Significantly expanding the enforcement tools available to the Privacy Protection Authority and the courts to ensure more effective regulation.

Key Changes Introduced by the Amendment

1. Updated Definitions and Key Terms
The amendment updates and expands several core definitions to align the law with modern technologies and international norms.

2. Reduction in Mandatory Database Registration
A major change involves significantly narrowing the scope of mandatory database registration. Under the new rules, registration will only be required for:

Public bodies
Databases used for direct marketing
Databases used for trading in personal information

However, controllers of databases containing “highly sensitive information” on more than 100,000 individuals will still be required to notify the Privacy Protection Authority, even if registration is not mandatory.

3. Right of Access to Personal Data (Section 13)
The amendment to Section 13 strengthens individuals’ rights to access their personal data. The updated section stipulates that:

Every person is entitled to access the personal data held about them in any database.
This right may be exercised directly or via an authorized representative or legal guardian.
The data controller must refer access requests to any third-party processor holding the data, providing full contact details and issuing a written instruction to allow access.
If a request is made directly to the data holder, the holder must confirm whether they retain personal data and disclose the identity of the data controller.

4. Expanded Notice Obligations
The amendment enhances the requirement to notify individuals when collecting personal data. Privacy notices must now include, in addition to existing elements:

Possible consequences of refusing to provide the data
Details and contact information of the database controller
Information about individuals’ rights to access and correct their personal data under the law

5. Mandatory Appointment of a Data Protection Officer
Certain organizations will now be required to appoint a Data Protection Officer (DPO), who will be responsible for:

Preparing a continuous compliance and oversight plan
Acting as the main contact person with the Privacy Protection Authority
Ensuring adequate information security protocols
Handling data subject inquiries

6. Expanded Enforcement Powers of the Privacy Protection Authority
The Authority will be granted significantly broader administrative enforcement powers, including:

Imposing substantial financial penalties
Expanding its supervisory and audit authority
Issuing cease and desist orders for violations

In addition, the statute of limitations for civil claims under the law will be extended, enhancing private enforcement capabilities.

Implications for Organizations

The amendment requires organizations that handle personal data to reassess and adapt their operations. Key steps include:

Re-evaluating whether existing databases still require registration under the new criteria
Updating privacy notices to include newly required information, including access and correction rights and the consequences of non-consent
Appointing a DPO where applicable
Implementing mechanisms to fulfill data subject rights, especially regarding access and correction
Strengthening information security systems to comply with the new legal standards

Conclusion

Amendment 13 represents a major shift in personal data protection in Israel. It aligns Israeli law with leading global standards, reinforces individuals’ control over their data, and provides the Privacy Protection Authority with more effective enforcement tools.

The one-year grace period until August 2025 is intended to allow organizations to align their policies and practices with the new requirements. Early adopters will be better positioned to ensure compliance and avoid severe enforcement measures.

By aligning more closely with EU standards, the amendment may also enhance Israel’s status internationally as a country with adequate privacy protections—facilitating smoother cross-border data transfers with the EU.

Didn't Find What You
Were Looking For?
Contact Us!

The First Step Starts Here

Professionalism

Our primary asset lies in our human capital, delivering real-time solutions on-site. Therefore, our IT technicians undergo continuous training and certification to ensure top-quality service.

Quality Assurance and Reliability

We implement high-standard quality processes that include clear procedures, documented monitoring, extensive control systems, and thorough inspections.

Availability and Teamwork

We understand the importance of maintaining the continuous operation of our clients' computer systems. Our team ensures full availability to support you whenever needed.

Integrity and Reliability

Integrity and reliability are our guiding principles, serving as a solid foundation for productive and successful collaboration.

Data Protection

T.O.M is committed to maintaining the confidentiality of information and utilizing advanced technological means to safeguard the assets of the organization and, of course, all its clients.