What laws apply to the collection and use of individuals’ personal information?
Data privacy laws have become more prominent in recent years. As the amount of personal information available online has grown substantially, there has been an enhanced focus on the processing of personal data, as well as the enforcement of such laws.
Israel has a few key laws and regulations relating to data privacy and security. The Protection of Privacy Law, 1981 (PPL) is the main privacy law in the country, and regulates both privacy in general and privacy in computerized databases. Under the PPL, “knowledgeable consent” is generally the only legal basis for processing personal data. Employers are expected to obtain explicit consent when processing personal employee data, based on case law from the Israeli labor courts.
The associated Protection of Privacy Regulations (Data Security), 2017 (DSR) sets the rules around the level of security required (basic, medium or high) and security measures that must be implemented in computerized databases. HR databases are generally classified as subject to the basic level unless the database includes data relating to 100,000 or more individuals or, if there are 100 or more individuals who have access to the database. The Protection of Privacy Regulations (Transfer of Data to Databases Outside the State’s Borders), 2001 (TR) regulates the international transfer of personal data from Israeli databases.
The Protection of Privacy Authority (PPA) regulates privacy and databases and is responsible for enforcing the PPL, the DSR and the TR. They are also responsible for handling certain privacy related matters, such as biometric data, surveillance cameras, etc. In addition, regulators from other sectors (such as banking and insurance) may set out additional requirements relating to privacy and data protection.
The current authority responsible for enforcement of data privacy law and regulations in Israel is the:
Protection of Privacy Authority (PPA)