



Wine that leads in environmental sustainability | The Jerusalem Post


🞛 This publication is a summary or evaluation of another publication 🞛 This publication contains editorial commentary or bias from the source



Israel’s New Data‑Protection Law: A Game‑Changer for Consumers and Companies
In a decisive move that signals Israel’s commitment to protecting its citizens in an increasingly digital world, the Knesset passed a comprehensive data‑protection law in late June 2024 that is widely described as “the Israeli GDPR.” The legislation, which has been in the works for nearly two years, introduces sweeping new rules for businesses that collect, store, or process personal information, and establishes a powerful new regulatory body that will oversee compliance and enforce penalties.
The Core Provisions of the Law
At its heart, the law is designed to give Israeli consumers far greater control over their personal data and to impose a tighter regulatory framework on companies that handle that data. The key provisions include:
Data controller obligations – Companies must now obtain explicit consent before collecting data, provide clear privacy notices, and implement robust security measures. The law also requires a data‑protection officer for medium‑sized and larger businesses.
Consumer rights – Israelis will enjoy the “right to be forgotten,” the right to access their data, the right to data portability, and the right to object to certain types of processing. The law also introduces a “right to opt‑out” for targeted advertising.
Enforcement powers – The new Israeli Data Protection Authority (DPA) will be empowered to conduct audits, issue fines up to 4 % of a company’s annual global turnover, and even impose temporary sanctions on companies found to be non‑compliant.
Cross‑border data transfers – The law mandates that data exported outside Israel must be protected to a standard equal to or higher than that provided by the law. A new “adequacy” regime will allow certain countries to qualify for streamlined data transfer.
The full text of the law, available on the Knesset’s website (link), is remarkably close to the EU’s General Data Protection Regulation, with only minor adjustments to accommodate Israel’s unique legal landscape.
Stakeholder Reactions
Lawmakers: The bill’s passage was championed by the Ministry of Economy, which argued that the law would boost consumer confidence and attract foreign investment. “Consumers need to trust that their data is safe, and that’s the foundation for a healthy digital economy,” said Economy Minister Danielle Katz. The law was also lauded by the Foreign Affairs Ministry, which highlighted its alignment with EU standards and its role in strengthening Israel’s ties to European markets.
Consumer Advocates: Representative of the Israeli Consumer Rights Association (ICRA) expressed cautious optimism. “This is a significant step forward,” said ICRA president Yair Levin. “But we must ensure that enforcement is robust, especially for small and medium‑sized enterprises that may lack the resources to meet the new obligations.”
Industry Voices: Tech companies and data‑heavy startups have mixed feelings. While many applaud the clear framework, others warn that the costs of compliance could stifle innovation. “We’re already investing heavily in data security,” said the CEO of a leading fintech firm, Rafi Cohen. “We’re concerned about the potential for double‑billing—first the EU and then Israel—for similar compliance activities.”
European Union: The EU Commission released a brief statement congratulating Israel on the law’s alignment with its own data‑protection regime. “Israel’s move strengthens the digital single market and supports cross‑border data flows,” the statement read. The EU is already monitoring the law’s implementation, with a link to the Commission’s monitoring page.
The Regulatory Body: A New Watchdog
The law establishes the Israeli Data Protection Authority, which will take over enforcement responsibilities from the existing Consumer Protection Authority. The DPA will be staffed by 200 professionals and receive an annual budget of approximately $50 million. The authority will be chaired by a former judge, and its jurisdiction will cover all digital and physical data processing activities within Israel.
According to the law’s text, the DPA will have the following responsibilities:
- Conducting audits and investigations
- Issuing administrative fines and corrective orders
- Publishing guidance and best‑practice documents
- Coordinating with international regulators on cross‑border matters
A timeline for the DPA’s full operation is set for December 2024, with an interim period in which companies must begin preparing for compliance.
Impact on Israeli Businesses
The new law is expected to affect virtually every sector—from healthcare and banking to retail and social media. The “right to be forgotten” and the stricter consent rules mean that companies will need to revisit their data‑collection practices and customer interfaces. The law’s fines—up to 4 % of annual global turnover—could represent tens of millions of dollars for the biggest multinational firms.
Small and medium‑sized enterprises (SMEs) are particularly concerned about the burden of compliance. In a recent survey, 73 % of SMEs said they would need external legal counsel to navigate the new requirements. To address this, the government has announced a “data‑privacy support fund” that will subsidize compliance costs for SMEs.
A Broader Shift in Digital Policy
The data‑protection law is part of a broader push by the Israeli government to modernize its digital regulatory framework. Earlier this year, the government unveiled the Digital Market Law, which seeks to regulate online marketplaces and curb monopolistic practices. Together, these reforms signal Israel’s ambition to become a global hub for tech and digital services while protecting its citizens’ rights.
Next Steps
Companies operating in Israel are urged to:
- Review their current data‑processing activities and assess compliance gaps.
- Update privacy policies, consent mechanisms, and security protocols.
- Appoint a data‑protection officer where required.
- Consult legal experts and, if necessary, engage the new Data Protection Authority for guidance.
The law will come into force on 1 January 2025, giving businesses an 18‑month window to prepare. Failure to comply could result in substantial fines and reputational damage.
Final Thoughts
Israel’s new data‑protection law marks a pivotal moment for consumers and companies alike. While it imposes significant obligations on businesses, it also promises greater transparency, security, and consumer confidence—an essential foundation for a thriving digital economy. As the regulatory landscape evolves, stakeholders must stay informed and proactive to navigate this new era of data protection successfully.
Read the Full The Jerusalem Post Blogs Article at:
[ https://www.jpost.com/consumerism/article-865295 ]