The Protection of Privacy Law, 5741-1981, provides a complex fines structure for various statutory obligations. Each obligation comes with a specific penalty, which the PPA may reduce by up to 70% based on certain considerations defined in the Protection of Privacy Law, 5741-1981, such as a first-time violation. Examples of fines include:
Maximum Fine. All fines are capped at 5% of the business’s annual turnover.
Processing Without Permission. For example, a processor can be fined ILS40 million (about 10 million euros) for processing personal data without the controller’s permission in a database with 5 million customers (ILS8 per customer). Similar fines apply to other violations, such as failing to provide a privacy notice or disobeying a PPA order to stop processing personal data.
Data Security Regulations Violations. For example, violation of a provision under the Data Security Regulations will cost ILS320,000 (about 80,000 euros) if the database contains personal data about a million individuals. Reduced fines apply to smaller databases.
Small and Micro Businesses. Fines for small and micro businesses are capped at ILS140,000 (about 35,000 euros) per annum.
Please note: The information provided in this content is for informational purposes only and does not constitute legal advice. It is not intended to create an attorney-client relationship. If you have any questions, please contact us at: [email protected]
