Insights & News / Ben Norman

Uber’s insufficiently clear privacy protection policy and lack of transparency about the collection of personal information on its employees resulted in a heavy fine.

Israel’s government has drafted new regulations in the wake of Operation Swords of Iron, due to the increase in the scope and quality of cyberattacks against civilian entities.

The new arrangement for transferring information about EU citizens to the United States offers European and foreign companies a simpler mechanism to enable their privacy protection procedures to be recognized as GDPR-compliant.

Who is responsible for protecting the privacy of the information AI technologies collect? A new class action in California joins a series of AI-related lawsuits that may clarify this question.

An EUR 1.2 billion fine was imposed on Meta after the EDPB ruled the company was systematically transferring the personal data of millions of Facebook users from the European Union to servers in the United States in violation of the European GDPR.

The regulations grant several new rights to the relevant data subjects, when the database contains information transferred from the European Economic Area (EEA) to Israel, including the data subject’s right to delete information and a broader right of review.

A few months after ChatGPT became a popular tool for millions of users, users began filing lawsuits alleging violations of users’ privacy and data security breaches. The conclusions from these lawsuits are relevant to all companies engaging in the development and assimilation of AI technologies.

Israeli cyber companies operating in Europe are exposed to the GDPR even though they are registered in Israel, and even if the information they collect is not processed or stored in Europe.

New privacy protection regulations drafted by the Israeli Ministry of Justice will obligate Israeli entities to protect data reaching Israel from the European Economic Area, i.e., from EU member states and Iceland, Norway, and Liechtenstein.

The Israeli Privacy Protection Authority has published a document containing a series of recommendations that address the use of ordinary and non-designated applications for sharing information among a variety of parties.

The Israeli Privacy Protection Authority issues instructions to report data breach events or concerns of data breach events immediately.

The publication presents the PPA’s position on the duty to inform on the collection and use of personal data (as derived from the Privacy Protection Law), specifically highlighting the duty to inform when using algorithm-based or AI-based decision-making systems.

At the end of March 2022, the Israeli Ministry of Justice published a draft amendment to the Prohibition on Money Laundering Law.

The proposed amendment seeks to grant supervisory authority to the Israel Money Laundering and Terror Financing Prohibition Authority (IMPA), comparable to that of the Capital Market, Insurance and Savings Authority (CMISA), over financial service providers for aspects of the prohibition on money laundering and terror financing.

The Israeli Privacy Protection Authority has published recommendations that organizations and companies in all sectors of the economy should appoint data protection officers, along with an instruction kit in this regard. The document was published at the end of January 2022 as part of Privacy Protection Week.

The draft bill is an important step toward achieving the objectives set by the Privacy Protection Authority and the government to increase privacy protection.