Adv. Masha Yudashkin from our Privacy, Cyber & AI Department delivered a presentation at the 2025 Privacy Protection Conference in Tel Aviv, which focused on the new era of personal data protection following Amendment 13 to the Privacy Protection Law. The conference included a comprehensive overview of the new legal requirements and expected enforcement, practical tools for implementing organizational obligations, risk management strategies, and guidance on appointing a data protection officer (DPO).
Search by Practice
Insights & News / Masha Yudashkin
Privacy Protection Conference 2025: Amendment 13 and Organizational Preparedness
Categories:
Privacy Law
Amendment 13 to the Israeli Privacy Protection Law: Guidance for Insurance Agents and Agencies
Amendment 13 to the Israeli Privacy Protection Law significantly strengthens the PPA’s enforcement powers, requiring insurance agencies to ensure strict compliance in handling personal and sensitive data. Agencies must implement robust data security, transparency, and control measures to avoid substantial fines and regulatory sanctions.
Amendment 13 to the Israeli Privacy Protection Law is Here! Are You Ready?
Amendment 13, which significantly updates privacy laws in Israel, has come into effect! If you still don't know what to do to comply with the requirements, we've prepared a guide to help you address the main issues (not all of them) right now! In this guide, you can find simple tips to implement in your organization to improve compliance with Israeli privacy law requirements.
A Practical Guide to Board Responsibility and DPO Appointment Under Amendment 13
Amendment 13 to the Israeli Privacy Protection Law is expected to come into effect in mid-August 2025. The amendment prescribes, inter alia, organizations’ obligation to appoint a data protection officer. The Privacy Protection Authority recently published a draft directive on implementing this obligation. The draft is not final and is open for public comments.
Israeli Privacy Authority Targets AI: Business Implications Ahead
The Israeli Privacy Protection Authority (PPA) published a draft directive recently to clarify its position about how businesses and organizations should apply the provisions of the Privacy Protection Law and the privacy regulations to artificial intelligence systems.
New EDPB Draft Guidelines: Personal Data on the Blockchain
Earlier this month, the European Data Protection Board (EDPB) issued draft guidelines on the processing of personal data through blockchain technologies.
Israeli Women in Tech Compliance Conference with Microsoft
The conference on technology regulation and compliance challenges in the age of artificial intelligence was held under the leadership of our firm, in collaboration with Microsoft Israel. The event focused on the impact of artificial intelligence on legal strategy and the evolving regulatory landscape. We extend our sincere thanks to the organizers, speakers, and participants for their valuable contributions and insightful discussions, and for advancing a meaningful and in-depth dialogue on these cutting-edge topics. The conference was led by Dr. Avishay Klein and Adv. Masha Yudashkin from our firm's Privacy, Cyber and AI Department.
Pay Attention: Clearview AI to Pay Landmark Amount for Collecting Biometric Data Without User Consent by Scraping
Recently, a US District Court in Illinois has granted final approval to a settlement in the Clearview AI consumer privacy litigation, concerning the company’s controversial practices of collecting and storing biometric facial recognition data. This should serve as a reminder that US state privacy laws are as relevant as ever and that their violation may lead to significant penalties.
New EDPB Opinion on Personal Data Protection in AI
Several days ago, the European Data Protection Board (EDPB) adopted an opinion addressing key data protection concerns arising from the use of Artificial Intelligence (AI) models. The opinion specifically focuses on how GDPR principles apply to AI, emphasizing issues such as anonymization of data within AI models, the legal basis for processing personal data during AI development and deployment, and the consequences of unlawful data processing in AI systems.
Cybersecurity Regulation Enforcement Tightens in NY, Highlighting a Broader Trend
Recent fines issued in New York are part of a wider trend of stricter state-level enforcement on cybersecurity in the U.S. Israeli companies operating in the U.S. are required to stay informed.
Call For Public Comment: A Report on AI Use in the Financial Sector
This month, an interim report on artificial intelligence (AI) in the financial sector was published for public comment. The report was written by the Ministries of Justice and Treasury, the Competition Authority, the Securities Authority, the Capital Market Authority, and the Bank of Israel.
Board of Director’s Responsibility for Data Security in a Company
The Privacy Protection Authority has issued a mandatory guideline holding the board of directors fully responsible for information security, with heavy fines for violations. The guideline requires the board to oversee compliance with regulations and develop organizational policies, particularly for entities processing sensitive personal data.
Israel: Significant Changes in Privacy Protection Law
The recent reform of the Privacy Protection Law aligns Israel's privacy regulations more closely with European standards.
Federal District Court Vacates Rule under HHS's HIPAA Tracking Technologies Guidance
Until now, the HHS guidance provided a very broad interpretation of what constituted "protected health information" (PHI). This interpretation severely restricted data analytics service providers' ability to cater to hospitals and for hospitals to manage their digital assets, in addition to exposing them to class action lawsuits. A federal court's ruling to vacate the guidance is expected to facilitate both service providers and hospitals.
The Netherlands: New Data Scraping Guidelines
The Dutch Data Protection Authority strictly interprets GDPR regarding data scraping, stating that data scraping will almost always be illegal.
Bipartisan Federal Privacy Act Proposed in US
Developed for over two years, the American Privacy Rights Act proposes establishing a nationwide standard for privacy and data security, to empower individuals to control their personal information, as part of their right to privacy.
GDPR – Company Fined for Improper Data Collection
The French Data Protection Authority (CNIL) fined a corporation for violation of the GDPR due to flaws in its personal data collection and user consent practices, even though the data was collected by a third party.
Europe: AI Act to Supervise the Development of AI Technologies
The AI Act applies, similar to other European legislation, to companies not based in the European Union but have activity in the Union. Therefore, it may also affect Israeli companies offering services in Europe.
California Privacy Regulations Come into Effect
The court's decision to start enforcement proceedings, in addition to the provisions of the California Consumer Privacy Act (CCPA) already being enforced, is expected to lead to a significant increase in enforcement against companies that fall in the scope of the CCPA.
Privacy and AI in Israel and worldwide: a look to 2024
2023 trends are expected to continue in 2024, including the constantly evolving regulation of AI tools and new privacy protection and data security issues, as well as attempts by Israeli and global authorities to keep up with the pace at which technology is evolving and changing the face of the business world.
Legal Guide for Implementing AI Tools in Organizations
While AI tools offer significant contributions to businesses, even non-technological ones, it's crucial to understand the potential exposures these tools may present. This guide emphasizes the importance of conducting examinations and implementing AI tools in a legal and transparent manner.
Surveillance Cameras in Workplaces and Employment Conditions
The Regional Labor Court in Tel Aviv has recognized an employee’s resignation as tantamount to dismissal under the law due to the employer’s use of surveillance cameras around the employee’s workstation in a manner inconsistent with the Privacy Protection Authority’s guidelines and the court’s position in such matters.
EU Data Act Regulating the Use of Data from Smart Devices (IoT)
The EU Data Act will supervise companies that manufacture and supply smart devices (IoT devices) and companies that handle data collected by these devices, as well as enact a series of regulations designed to protect consumer privacy.
Israeli Court Criticizes the Israel Police over its Use of AI Tools
A man who entered Israel with drugs in his possession sought to expose the Israel Police’s use of AI tools that resulted in his inclusion in a list of suspected drug couriers. The court’s criticism of the police’s tactics clarifies that even if the AI system leads to correct identification or to accurate decisions, its mechanisms must be transparent, explainable and auditable.
UK Increases Child Safety Online
The new UK Online Safety Act is part of a wave of European legislation seeking to protect children from online age-inappropriate content, exploitation, and other online dangers.
US President Signs Executive Order on Safe Use of AI
The United States is looking to institute rules for the safe development and use of artificial intelligence, to regulate government use of AI, and to establish its leadership in the AI field.
Privacy and Data Protection during Remote Work from Home
The state of emergency the State of Israel has declared in recent days requires us all to contend with a unique and complex situation. As part of this struggle, many companies and organizations have instructed their employees to shift to working from home, thus requiring such employers to clarify their privacy and business data protection procedures.
Privacy Protection Obligations: Boards of Directors’ Role
The Israeli Privacy Protection Authority recently published a draft directive that imposes the responsibility for fulfilling certain obligations on the board of directors, including the obligation to appoint an officer responsible for compliance with the Privacy Protection Regulations