See also the words of the Honorable Justice Grosskopf regarding the nature of a settlement agreement in a class action and its examination of its fairness and reasonableness:
"It is also worth mentioning that a compromise is the fruit of balances and mutual concessions. On the one hand, it guarantees a quick and certain remedy and saves time and costs. On the other hand, it does not reflect the maximum or optimal benefit for the group members. As I mentioned before:
'A settlement arrangement, even when we are dealing with a class proceeding, embodies the buying of risks by both parties, and therefore, naturally, it includes mutual concessions. Buying the risk can refer to a disputed fact or legal question, as well as possible future developments. Hence, a 'proper, fair and reasonable' settlement is 'one that offers the group a benefit or compensation that faithfully reflects the chances and risks inherent in the proceeding from the perspective of each of the parties... Therefore, even when it is a class proceeding, there is generally no justification for rejecting a proposed arrangement just because it does not guarantee the class members compensation at the maximum rate that would have been awarded in their favor if the class action had been accepted in full' (CAM 2744/19 Acre Municipality v. Brill Shoe Industries Ltd., para. 16 [Nevo] (March 10, 2021))."
See: LCA 2957/17 Supergas Israeli Gas Distribution Company v. Schwartzman (paras. 24-25) [Nevo] (March 17, 2024), (hereinafter: "the Schwartzman case"), LCA 1394/24 Halperin Optics Ltd. v. Kochav Ziss [Nevo] (April 24, 2025)
- I am of the opinion that the settlement achieves a proper and proportionate benefit in the circumstances of this matter to the members of the class and to the public. In the arrangement, the IEC undertook to update its privacy policy document and to display it on its website in an accessible and clear manner even for those who lack high digital literacy; The IEC has uploaded a "banner regarding the use of cookies" to the website and an opt-in mechanism has been set for the use of "cookies", whereby users will be able to choose to use the IEC website without "cookies" that are not necessary for its operation; the IEC will appoint a functionary designated by the parties as an information security officer - DPO who will operate in accordance with the principles of the European Data Protection Regulation (GDPR), this is in addition to its obligations under the law today and without derogating from its obligations to uphold the law even after the entry into force of Amendment No. 13 to the Protection of Privacy Law. In accordance with the arrangement, the officer will be responsible for compliance with the provisions of the relevant law for the protection of privacy; Conducting risk surveys and auditing information security and privacy protection; advising the company's management on all matters related to the provisions of the law; and will serve as the company's liaison vis-à-vis the relevant authorities. In addition, the arrangement stipulates that the IEC will conduct penetration tests for the reservoir's systems to examine their resistance to risks more frequently than prescribed by law. It was also determined that the IEC will send its customers information on privacy and cyber protection for a period of one year, along with the invoice.
- According to the professional sources, the settlement should be amended so that instead of an "information security officer", a "privacy protection officer" will be appointed and his job description will be updated in accordance with the statutory duties set forth in Amendment No. 13 to the Protection of Privacy Law, since insofar as an "information security officer" is in fact an "information security officer" that the IEC is obligated to appoint in any case under the law currently in force, as stipulated in section 17B of the Privacy Protection Law.
In this regard, I found it necessary to accept the argument of the parties that there is no need to intervene in the designation of the office holder chosen by the parties and in the description of his position as set out in the arrangement. In accordance with the arrangement, the IEC undertook to appoint an information security officer or "DPO" whose duties in accordance with the arrangement include supervising the implementation of the provisions of the Protection of Privacy Law, ensuring the conduct of periodic risk surveys, ongoing control of the information systems, and subjecting the information processing processes to the provisions of the law. The IEC clarified in its response that the intention was not to appoint an "information security officer" in accordance with section 17B of the Privacy Protection Law, which already exists at the IEC, and that the appointment of the DPO is not intended to replace the company's information security officer, but rather to add an additional layer of protection and protection of the privacy of the company's customers. In addition, according to the IEC, in appointing the DPO, it is already implementing the requirements of section 17b(1)-(3) after the amendment to the Protection of Privacy Law and is preempting its entry into force. Approval of the arrangement by me does not constitute an opinion regarding the IEC's compliance with an amendment to the law that has not yet come into effect.