Client updates /  Privacy

Amendment 13 to the Israeli Privacy Protection Law is expected to come into effect in mid-August 2025. The amendment prescribes, inter alia, organizations’ obligation to appoint a data protection officer. The Privacy Protection Authority recently published a draft directive on implementing this obligation. The draft is not final and is open for public comments.

At the end of June 2025, the Northern California District Court issued two precedent-setting rulings addressing the legal question: Is it lawful to use copyrighted works for machine training of AI-based large language models (LLMs)?

Earlier this month, the European Data Protection Board (EDPB) issued draft guidelines on the processing of personal data through blockchain technologies.

A recent ruling by the National Labor Court establishes that placing cameras near an employee’s workstation does not necessarily constitute a substantial deterioration in working conditions.

As of January 1, 2025, the Israeli Privacy Protection Regulations (Instructions for data being transferred to Israel from the European Economic Area) will also apply to data being stored or processed in Israel or in other countries, such as the US and the UK, if these databases also contain data transferred from Europe. In other words, this means that as soon as a database in Israel or another country also contains personal information transferred from Europe, all data in the database must comply with the regulations’ requirements – not just the data that came from Europe, but also the local data or data that came from other countries.

Until now, the HHS guidance provided a very broad interpretation of what constituted “protected health information” (PHI). This interpretation severely restricted data analytics service providers’ ability to cater to hospitals and for hospitals to manage their digital assets, in addition to exposing them to class action lawsuits. A federal court’s ruling to vacate the guidance is expected to facilitate both service providers and hospitals.

Uber’s insufficiently clear privacy protection policy and lack of transparency about the collection of personal information on its employees resulted in a heavy fine.

2023 trends are expected to continue in 2024, including the constantly evolving regulation of AI tools and new privacy protection and data security issues, as well as attempts by Israeli and global authorities to keep up with the pace at which technology is evolving and changing the face of the business world.

The Regional Labor Court in Tel Aviv has recognized an employee’s resignation as tantamount to dismissal under the law due to the employer’s use of surveillance cameras around the employee’s workstation in a manner inconsistent with the Privacy Protection Authority’s guidelines and the court’s position in such matters.

The EU Data Act will supervise companies that manufacture and supply smart devices (IoT devices) and companies that handle data collected by these devices, as well as enact a series of regulations designed to protect consumer privacy.