Home

About us

What we do

The team

Knowledge center

Insights & News

Doing business in Israel

Barnea Blog

Join us

Contact

© All rights reserved to Barnea Jaffa Lande Law offices

Home · practice areas · Latest Updates

Latest Updates / Privacy Law

May 8, 2025

Israel’s Privacy Authority Sets Strict AI Rules

In a recent op-ed in Israel Hayom, Dr. Avishay Klein from our firm comments on the draft guidelines issued by Israel’s Privacy Protection Authority to regulate the use of AI in organizations. The guidelines, set to take effect with Amendment 13 to the Privacy Protection Law in August 2025, introduce strict requirements—including a ban on using personal data without prior consent and heavy penalties for violations. While establishing clear AI standards is a positive step, the one-sided emphasis on privacy—without addressing technological complexity and business needs—may create significant challenges. Organizations are urged to begin managing technological and regulatory risks in tandem.

See full article >

May 8, 2025

Israeli Privacy Authority Targets AI: Business Implications Ahead

The Israeli Privacy Protection Authority (PPA) published a draft directive recently to clarify its position about how businesses and organizations should apply the provisions of the Privacy Protection Law and the privacy regulations to artificial intelligence systems.

See full article >

April 24, 2025

New EDPB Draft Guidelines: Personal Data on the Blockchain

Earlier this month, the European Data Protection Board (EDPB) issued draft guidelines on the processing of personal data through blockchain technologies.

See full article >

April 10, 2025

Installing surveillance cameras in the workplace: balancing between employees’ rights and employers’ legitimate security measures

A recent ruling by the National Labor Court establishes that placing cameras near an employee’s workstation does not necessarily constitute a substantial deterioration in working conditions.

See full article >

March 24, 2025

Pay Attention: Clearview AI to Pay Landmark Amount for Collecting Biometric Data Without User Consent by Scraping

Recently, a US District Court in Illinois has granted final approval to a settlement in the Clearview AI consumer privacy litigation, concerning the company’s controversial practices of collecting and storing biometric facial recognition data. This should serve as a reminder that US state privacy laws are as relevant as ever and that their violation may lead to significant penalties.

See full article >

March 2, 2025

Significant Shift in the Israeli Privacy Protection Authority’s Definition of Consent

The Israeli Privacy Protection Authority has issued a new statement introducing a significant change in the interpretation of the law and in the required methods for obtaining consent to the collection and processing of personal data. While the dry wording of the law enabled reliance on tacit or tacit consent, the PPA now clarifies that explicit, informed and free consent must be prioritized.

See full article >

December 24, 2024

New EDPB Opinion on Personal Data Protection in AI

Several days ago, the European Data Protection Board (EDPB) adopted an opinion addressing key data protection concerns arising from the use of Artificial Intelligence (AI) models. The opinion specifically focuses on how GDPR principles apply to AI, emphasizing issues such as anonymization of data within AI models, the legal basis for processing personal data during AI development and deployment, and the consequences of unlawful data processing in AI systems.

See full article >

December 15, 2024

Expansion of Privacy Protection Regulations regarding data from the EEA

As of January 1, 2025, the Israeli Privacy Protection Regulations (Instructions for data being transferred to Israel from the European Economic Area) will also apply to data being stored or processed in Israel or in other countries, such as the US and the UK, if these databases also contain data transferred from Europe. In other words, this means that as soon as a database in Israel or another country also contains personal information transferred from Europe, all data in the database must comply with the regulations’ requirements – not just the data that came from Europe, but also the local data or data that came from other countries.

See full article >

December 9, 2024

Cybersecurity Regulation Enforcement Tightens in NY, Highlighting a Broader Trend

Recent fines issued in New York are part of a wider trend of stricter state-level enforcement on cybersecurity in the U.S. Israeli companies operating in the U.S. are required to stay informed.

See full article >

September 17, 2024

Board of Director’s responsibility for data security in a company

The Privacy Protection Authority has issued a mandatory guideline holding the board of directors fully responsible for information security, with heavy fines for violations. The guideline requires the board to oversee compliance with regulations and develop organizational policies, particularly for entities processing sensitive personal data.

See full article >

August 21, 2024

Artificial Intelligence Platforms and Copyright law: is the Legal Belt Tightening?

The U.S. court is hearing artists' lawsuits against AI platforms for copyright infringement. The decision could lead to new regulations and insights into the impact of using protected works for training.

See full article >

July 23, 2024

Israel: Significant Changes in Privacy Protection Law

The recent reform of the Privacy Protection Law aligns Israel's privacy regulations more closely with European standards.

See full article >

July 17, 2024

Israel: New Limitations on Transfers of Personal Data

Israel’s Privacy Protection Authority has published a draft opinion clarifying its interpretation regarding transfers of personal data from Israel to other countries. According to this interpretation, such transfers of personal data are generally permitted only if the receiving country ensures a level of data protection equivalent to that of Israel.

See full article >

July 11, 2024

AI, Data Privacy, and Technology for the Modern Legal Counsel

Our firm organized a unique four-part course in collaboration with Microsoft, TrustIZ, and Taylor Wessing UK. Designed for legal advisors, the course covered critical topics including AI regulation, drafting and negotiating privacy aspects of AI agreements, and managing data breach events. The final session took place at our offices yesterday, marking the completion of this comprehensive and valuable series.

July 8, 2024

Federal District Court Vacates Rule under HHS's HIPAA Tracking Technologies Guidance

Until now, the HHS guidance provided a very broad interpretation of what constituted "protected health information" (PHI). This interpretation severely restricted data analytics service providers' ability to cater to hospitals and for hospitals to manage their digital assets, in addition to exposing them to class action lawsuits. A federal court's ruling to vacate the guidance is expected to facilitate both service providers and hospitals.

See full article >

May 13, 2024

The Netherlands: New Data Scraping Guidelines

The Dutch Data Protection Authority strictly interprets GDPR regarding data scraping, stating that data scraping will almost always be illegal.

See full article >

May 6, 2024

Using a Name without Permission: Privacy Infringement

An Israeli court ordered the McDonald’s fast food chain to pay ILS 40,000 to Maayan Parti, a consumer reporter for Israel’s Channel 12 News, after McDonald’s used the reporter’s name without her consent in an advertising campaign for the chain’s ice cream.

See full article >

May 1, 2024

Bipartisan Federal Privacy Act Proposed in US

Developed for over two years, the American Privacy Rights Act proposes establishing a nationwide standard for privacy and data security, to empower individuals to control their personal information, as part of their right to privacy.

See full article >

March 26, 2024

GDPR – Company Fined for Improper Data Collection

The French Data Protection Authority (CNIL) fined a corporation for violation of the GDPR due to flaws in its personal data collection and user consent practices, even though the data was collected by a third party.

See full article >

March 4, 2024

New Workplace Guidelines on Privacy Protection: Dr. Avishay Klein’s Guide for Employers Published on Mako

Israel’s Privacy Protection Authority has published new guidelines on the collection of biometric information in the workplace. In response, Dr. Avishay Klein, the head of our firm’s Privacy, Data Protection and Cyber Department, has compiled a practical guide for employers on the subject The guide was published on Mako.

See full article >

1 2 3 … 6 Next