The International Association of Privacy Professionals (IAPP) – the world’s leading organization for data protection, privacy regulation, and responsible AI governance – has published an important article announcing the entry into force of Amendment 13 to Israel’s Privacy Protection Law.
👉 Read the full IAPP article
Key Highlights of Amendment 13
On 14 August 2025, Israel enacted Amendment 13 to the Protection of Privacy Law, 5741-1981, marking a comprehensive overhaul of the country’s privacy framework. This reform modernizes statutory obligations, expands enforcement powers of the Protection of Privacy Authority (PPA), and signals a decisive shift toward proactive governance and regulatory assertiveness.
A Structural Transformation in Privacy Law
Amendment 13 introduces several major changes:
- Mandatory appointment of privacy protection officers (DPOs) for entities processing sensitive data at scale, public authorities, and data brokers. The officer must operate independently, report directly to senior management, and possess expertise in law, IT, cybersecurity, and organizational operations.
- Enhanced transparency and consent requirements, particularly for sensitive data or AI systems. Consent must be informed, freely given, and in most cases, explicit.
- Obligations for data brokers and direct mailing services, including database registration, records of data transfers, and honoring opt-out requests.
The PPA treats its directives as de facto law, with binding enforcement on consent, disclosure, and other obligations.
Risks and Liabilities
The consequences of non-compliance are significant:
- Administrative orders and fines reaching millions of shekels, with multipliers for large-scale or sensitive data processing.
- Civil litigation, including class actions, and potential criminal liability for breaches of confidentiality, unauthorized processing, or misleading the regulator.
- Statutory damages up to ILS 100,000 without proof of harm, and possible deletion of unlawfully obtained data.
AI and Automated Decision-Making
Amendment 13 explicitly addresses AI systems processing personal data. Entities must:
- Assess impact on individuals
- Ensure transparency, explainability, and fairness
- Implement safeguards against bias and discrimination
These measures reflect global trends and Israel’s proactive stance on AI governance.
Security, Vendor Management, and Data Transfers
Organizations holding large sensitive databases must conduct risk assessments and penetration tests at least every 18 months. They must also:
- Review processors and sign robust data processing agreements
- Conduct annual cybersecurity implementation reporting
- Ensure compliance with trans-border data transfer regulations
The PPA has expanded powers to enforce these requirements, making robust data governance essential.
Legislative History and Regulatory Oversight
Israel’s privacy law, enacted in 1981, underwent piecemeal amendments over the years. Amendment 13 consolidates prior updates and introduces mechanisms for proactive supervision and administrative inquiry. The reform reflects careful consultation with stakeholders and balances innovation, cybersecurity, and individual rights.
The PPA can now issue binding orders, appoint inspectors, and escalate cases to criminal prosecution. Enforcement actions and sectoral audits are published to enhance public accountability and regulatory visibility.
Or-Hof Law Expertise
At Or-Hof Law, we help organizations navigate the complexities of Amendment 13 compliance, providing:
- DPO services and privacy officer advisory
- Privacy and cybersecurity audits
- Consent mechanism and AI governance guidance
- Policy drafting and compliance training
Dan Or-Hof, founder of Or-Hof Law, participated in Bill 13 hearings and preparation. Our team ensures businesses align with Israel’s modernized privacy framework efficiently and effectively.
Take Action Today
Amendment 13 is a pivotal moment in Israel’s privacy journey. Organizations should:
- Conduct gap analyses and update privacy notices
- Appoint qualified DPOs and ensure independence
- Review consent mechanisms
- Implement robust security and documentation protocols
- Prepare for regulatory submissions and audits
Contact Or-Hof Law today to secure compliance, strengthen data governance, and align with global privacy standards. AI governance solutions.
Note on the Source Article
The full article on Israel Privacy Law Amendment 13 is available through the IAPP website for members. For those who are not IAPP members, we would be happy to provide a complete copy upon request.
