Reshumot
4notify Israel · Official Records
OFFICIAL · PPA · Protection of Privacy Law
Record No
RSH-IL-005
Date
2026-05-27
Status
In force
Category
Privacy

The Privacy Protection Authority, the Protection of Privacy Law and consent: the permission framework for transactional and commercial delivery

The Privacy Protection Authority (PPA) enforces the Protection of Privacy Law, 5741-1981. Commercial communication requires consent, sensitive data has reinforced protection, and Amendment 13 (in force from August 2025) sharpened enforcement powers and breach-notification duties. 4notify records the processing basis and verifies consent at the API edge, on every delivery.

EmailSMSWebhook
Preamble

Section 1 — By virtue of the authority vested by the Protection of Privacy Law, 5741-1981 and its regulations, the present Record is issued concerning consent management in electronic delivery.

Legal basis
Protection of Privacy Law, 5741-1981

Processing bases, the data subject's rights and the competence of the Privacy Protection Authority.

Protection of Privacy Law — Amendment 13 (2025)

Enhanced PPA enforcement powers, administrative fines and breach-notification duties.

Privacy Protection (Data Security) Regulations, 5777-2017

Database security obligations of the controller and processor.

Implementation
01

Processing-basis recording per delivery

Each envelope carries one of the Protection of Privacy Law bases (consent, contract, legal duty, legitimate interest); it is pinned to the template record.

02

Commercial-consent verification

On commercial messages consent is verified at the envelope level; deliveries without permission are blocked at the API edge.

03

Erasure right within 30 days

Erasure requests propagate within 24 hours through 4notify; the suppression list updates across the four operators and the email gateway.

04

Breach-notification webhook

Any envelope-level incident raises a webhook to the data controller in under 1 hour, supporting the Amendment 13 notification duty.

Delivery envelope
json
{
  "event": "delivery.consent_envelope",
  "controller_id": "IL-CTRL-12345",
  "processing_basis": "consent",
  "consent": {
    "registry": "PPA-2026-001234",
    "consent_date": "2025-09-14",
    "opt_out_link_present": true
  },
  "delivery": { "channel": "email", "template": "promo_v2" },
  "suppression_check": "approved"
}
Sample message
EmailSubject: We updated your marketing preference

Dear customer, As of today your marketing permission is revoked. You will no longer receive promotional emails, but you will still receive transactional notices (order confirmations, delivery alerts). To exercise your further rights under the Protection of Privacy Law: [email protected]

Compliance checklist
  • Database registration with the PPA in force where required
  • Data controller configured
  • Consent retained for each commercial delivery
  • Breach-notification webhook reachable
The 4notify difference

4notify is the only A2P provider that retains the Protection of Privacy Law processing basis in every envelope, propagates erasure in under 24 hours across the four operators and raises a breach webhook for every incident, supporting Amendment 13.

Frequently asked questions
Does consent apply to SMS as well?

Yes — the Protection of Privacy Law and the anti-spam provisions cover all commercial communication with personal data: SMS, email, messaging. All require a valid processing basis.

What if the controller never registered the database with the PPA?

4notify blocks commercial delivery at the API edge until valid registration exists; transactional delivery (contractual basis) remains available.

Published
4notify Operations Department
2026-05-27 · RSH-IL-005

Start free

14 days, no card. English support on weekdays.

Other records in this edition