Israel’s Privacy Protection Authority (PPA) has published a draft directive clarifying how the country’s Privacy Protection Law applies to artificial intelligence (AI) systems, marking the government’s most significant step yet toward regulating the use of AI technologies that process personal data.
The draft guidance, titled “Application of Privacy Law to Artificial Intelligence Systems,” provides organizations with interpretive direction on their obligations when using AI tools that process, analyze, or infer personal data — whether through training or operational use. The directive follows a wave of AI-related regulatory actions around the world and is designed to align with Israel’s evolving legal landscape, including the upcoming enforcement of Amendment 13 to the Privacy Protection Law, which takes effect in August 2025.
The PPA asserts that any AI system that stores, processes, or infers personal data — including through predictive analytics or behavioral profiling — falls under the scope of privacy law, even if such data was not explicitly provided by the individual. Inferences, classifications, or predictions about identifiable individuals are to be treated as personal data and protected accordingly.
Among the directive’s key requirements are lawful processing bases for all personal data used in AI systems, transparency through clear and informed user consent, and risk-based obligations depending on the sensitivity of data and the AI system’s potential impact. Organizations developing or deploying high-risk AI applications — especially those involving biometric data, profiling, or decision-making with legal consequences — are encouraged to appoint dedicated privacy officers and conduct Data Protection Impact Assessments (DPIAs).
The guidance also raises concern over the use of generative AI and scraping tools, stressing that collecting personal data from social media and other online sources without clear, lawful consent may constitute a violation of privacy law.
Finally, the PPA recommends enhanced accountability measures, including internal audits, algorithmic explainability, and robust cybersecurity controls to prevent misuse or data breaches involving AI systems.
Public consultation on the draft guidance is open, and the final directive is expected to influence the legal use of AI across Israel’s public and private sectors.
Need Help?
If you have questions or concerns about any global guidelines, regulations and laws, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight, and ensure you’re informed and compliant.
