Therefore, without determining anything regarding the claim that in appointing the DPO, the IEC is complying with the provisions of the new Privacy Protection Law after Amendment 13, my position has no cardinal significance for the purpose of approving the arrangement as requested to be called the office holder, whether he is called "information security officer" or "privacy protection officer", as long as the officer complies with the provisions of the arrangement and the provisions of the law.
In addition, the professional sources claim that there is ambiguity as to whether the data transferred by the IEC to Facebook constitutes information as defined inthe Protection of Privacy Law or knowledge of a person's private affairs, and that to the extent that the data meets this definition, the settlement in its current form does not accurately reflect the damage caused to the members of the group. Therefore, the professional bodies argued that there was no reason to apply a court action to the class members, and that the more appropriate outline for the agreements reached by the parties was an outline of withdrawal in accordance with the provisions of section 16 of the Class Actions Law.
I found that in the circumstances of the case, the settlement that includes the steps taken by the IEC following the application for approval and its obligations regarding its conduct as detailed above, as well as the undertakings it undertook to take steps that constitute an excess arrangement beyond its obligations under the law, embody a proper benefit to the class members and reflect proper risk-taking in the glasses of the class members and their interest. This is done without setting any precedents in any matter, taking into account the chances of success in the proceeding and the complexity of conducting such a proceeding; the evidentiary aspects of the case; to the question of whether the Applicants would have been able to prove that the information transferred to third parties constitutes information as defined in the Protection of Privacy Law, and whether it can be used to identify the members of the group; and the question of the existence of damage to the members of the class and a causal connection as required. It should be mentioned without making any precedents in this context that the Applicants' claims regarding the information passed on to third parties and whether it was possible to identify the members of the class through it were made without being supported by a professional opinion. In addition, taking into account the nature of the data transferred to third parties, which was claimed by the parties to the request that it is not sensitive data or data from which financial or medical information can be learned and the like, about IEC customers.