"Lior Etgar's ability to navigate complex legal matters with clarity and efficiency is instrumental in supporting our operations. His dedication to understanding our organisation’s goals is invaluable."
"The team demonstrates loyalty to the client and true partnership throughout the entire legal process. The insights provided are highly valuable due to the team's deep understanding of the regulatory developments and the broader legal landscape in this area."
Lior heads the data protection, cyber, and technology practice at EBN, providing for expert guidance to a diverse clientele, including global companies, on regulatory compliance, data governance, cybersecurity law, AI governance, and privacy aspects of commercial and corporate transactions. His client base spans publicly traded and private companies, multinational corporations, financial institutions, healthcare and life sciences organizations, technology businesses, and critical infrastructure operators.
Lior appeared before the Knesset’s Constitution, Law and Justice Committee in 2024 as part of the parliamentary hearings on Amendment 13 — Israel’s most significant privacy law reform in four decades, introducing a strengthened enforcement regime and administrative sanctioning powers. He provides ongoing input on regulatory guidance and policy developments, and co-hosts an annual DPO workshop in partnership with the PPA and leading international firms.
His practice covers the full spectrum of data protection work: Amendment 13 readiness programs; compliance program design and implementation; organizational and transaction-level data protection impact assessments; privacy-by-design advisory at the product and feature level; vendor and processor governance; cross-border transfer mechanisms; DPO support and training; and day-to-day regulatory advice. He advises on the Israeli Privacy Protection Law and its implementing regulations, GDPR, UK GDPR, CCPA and CPRA, sector-specific guidance from the Israeli Capital Market Authority, Ministry of Health and Bank of Israel, SEC cybersecurity disclosure requirements under Regulation S-K Item 106, Israeli securities law cyber-incident disclosure obligations, and emerging AI governance frameworks including the EU AI Act – developing “generally acceptable privacy principles.”
Lior serves as data protection and cybersecurity counsel across EBN’s major M&A and capital markets transactions. Working alongside the firm’s corporate and M&A teams, he covers the data protection workstream in substantially all significant deals — including due diligence, regulatory risk assessment, contract negotiation, cybersecurity representation and warranty analysis, AI governance review, and post-transaction integration. As data protection, AI and cybersecurity have become standard transaction requirements in Israeli M&A this embedded cross-firm role reflects the integration of privacy and cyber risk into the deal process itself. Representative transactions include acquisitions and investments in technology, financial services, healthcare, consumer, and critical infrastructure sectors.
Lior represents clients in audits and administrative enforcement proceedings before the Israeli Privacy Protection Authority, including proceedings arising from data security incidents. He advises on breach notification obligations to data subjects and the PPA, coordinates with cyber insurers and incident response firms, and handles the full lifecycle of cybersecurity incidents from containment through regulatory closure. He has assisted publicly listed companies with cybersecurity disclosures and data privacy matters.
Lior is a leading advisor on the legal aspects of artificial intelligence, advising across the full lifecycle of AI deployment — from compliance and governance through to transactional structuring and enforcement risk. His AI practice spans regulatory compliance, including risk classification and conformity assessment obligations; sector-specific AI regulation; AI vendor agreements and licensing, including training data rights, output ownership, and indemnification structures; AI risk assessment in M&A due diligence; and the design of enterprise AI governance frameworks for boards and executive teams. Clients retain him to translate AI activities into concrete legal frameworks and commercial structures.
He has particular depth in several sectors: medical devices and life sciences, including patient data under the Israeli Patients’ Rights Law and Ministry of Health secondary-use guidelines; financial services, including payment card data, investment management, and banking regulation; enterprise SaaS and consumer platforms, including tracking, cookie compliance, and platform-level constraints under app store developer terms; critical infrastructure and logistics; and cybersecurity companies advising on both their own compliance posture and the privacy implications of their products.
Lior speaks regularly at industry conferences, lectures in privacy and AI certification programs, and trains boards and executive teams on data governance and cybersecurity preparedness. He is a member of international privacy law forums and collaborates with foreign counsel on cross-border data protection matters.
Representative Experience
Regulatory Proceedings & Enforcement
Represented Israel Electric Company (IEC), Israel’s dominant electricity provider with 2.8 million customers, in administrative enforcement proceedings before the Israeli Privacy Protection Authority arising from a data security incident. IEC is among the first major Israeli organizations to complete the Amendment 13 readiness program.
Led PPA audit responses for multiple clients, completing the process and implementing structured remedial compliance programs.
Provides ongoing advice to multiple clients on mandatory breach notifications to the Israeli PPA, coordinating with cyber insurers and incident response firms. Has reported multiple significant incidents to the PPA on behalf of clients, including in the logistics, healthcare, and technology sectors.
Healthcare & Life Sciences
Acts as ongoing privacy counsel to Medtronic (NYSE: MDT) across its Israeli operations, advising on Israeli privacy law, Ministry of Health guidelines on health data, and GDPR requirements applicable to its EMEA operations. Advises on commercial transactions with multiple medical centers in connection with medical devices such as robotic surgical assistant platforms.
Advises AstraZeneca Israel on all data protection matters, including patient support programs, clinical research activities with Israeli healthcare providers, Ministry of Health informed consent requirements, and cybersecurity readiness with the company’s global security office. Advises on the intersection of global corporate privacy policies and local Israeli regulatory requirements.
Acted as ongoing privacy and compliance counsel to SHL Telemedicine (Nasdaq/SIX: SHLTN), Israel’s largest telemedicine provider.
Financial Services & Fintech
Acts as privacy advisor to IBI Investment House (TASE: IBI), one of Israel’s largest investment groups offering financial products and services to clients in Israel and abroad. Advising on Amendment 13 compliance across a group of more than a dozen subsidiaries with shared databases and infrastructure, each subject to Capital Market Authority licensing requirements. Advises on anti-spam obligations and privacy-by-design for new financial products including the IBI SMART investment application and a pension platform for agents and end-clients.
Advises Bank Yahav and Isracard Group (TASE: ISCD) on data protection matters in connection with financial services regulation under the Bank of Israel.
Advises I.D.I Insurance, WeCheck and others on regulatory compliance matters under Capital Market Authority guidance.
Advises Pluxee Israel (Cibus) on data protection aspects of a commercial collaboration with a credit card issuer, involving the handling of financial and cardholder data of cardholders.
Technology & SaaS
Acts as ongoing privacy counsel to Guesty Inc., an international property management SaaS platform, advising its DPO and legal team on GDPR, CCPA, and Israeli law compliance across operations in multiple jurisdictions and its financing rounds. Conducts periodic organizational DPIAs, and provides privacy-by-design review at product feature launch level.
Advises ZIM Integrated Shipping Services (NYSE: ZIM), a top-20 global carrier headquartered in Israel, on Israeli privacy law and GDPR compliance, DPAs, AI and machine learning privacy assessments, cross-border data transfers to affiliates, employee data governance, and Amendment 13 readiness.
Advises Dream Security, an AI cybersecurity company, on data protection aspects of its financing rounds, coordinating with Bryan Cave Leighton Paisner on U.S. aspects.
Advises Arbe Robotics (Nasdaq: ARBE), a semiconductor and 4D imaging radar company for autonomous vehicles with operations in multiple jurisdictions on privacy compliance in an autonomous vehicle data environment, generative AI governance policies, and cybersecurity disclosures under SEC Regulation S-K, coordinated with U.S. securities counsel.
Advised on data protection aspects of the acquisition of 365Scores, an Israeli sports data platform, by Entain Plc (LSE: ENT), one of the world’s largest sports betting and gaming groups, for aggregate consideration of USD 160 million. Work included pre-signing DPIA, GDPR, Israeli law, and LGPD gap remediation, and negotiation of data processing agreements with betting industry partners.
Advised Cyabra (Nasdaq: CYAB), a social threat intelligence company providing disinformation detection and social media analysis services to governmental and enterprise clients, on GDPR and Israeli privacy compliance in a complex environment involving large-scale data scraping and AI-generated content analysis.
Advises Fortellix, a simulation-based autonomous vehicle testing company, on privacy and AI governance aspects of its technology and commercial agreements.
Advises DataRails on data protection compliance across its financial planning and analysis SaaS platform.
Advises Waterfall Security Solutions on data protection matters in connection with its OT/ICS cybersecurity products and commercial agreements.
Critical Infrastructure & Logistics
Acts as ongoing privacy and IT counsel to Maman Cargo Terminals (TASE: MMAN), one of Israel’s largest logistics and aviation services conglomerates, advising its General Counsel and CIO across the group’s subsidiaries. Advises on complex IT procurement agreements and is conducting an organizational DPIA across the group.
Advises Med-1 (MedOne), Israel’s primary data center interconnection hub — hosting all Israeli ISPs, infrastructure providers, and all submarine cable landings — on cybersecurity preparedness, incident response drills and procedures, and Amendment 13 compliance implications for a critical infrastructure operator.
Advises Israel Natural Gas Lines on data protection and privacy compliance matters.
Consumer, Retail & Loyalty Programs
Advises Sano-Bruno’s Enterprises (TASE), Israel’s leading manufacturer and distributor of hygiene, paper and cosmetics products, on privacy compliance including a full organizational DPIA, e-commerce privacy, anti-spam and email marketing obligations, and internal security camera procedures.
Advises Sonol Israel, one of Israel’s four leading fuel companies, on a comprehensive DPIA, privacy compliance program development, board and senior management training, and ongoing advice on marketing technology and anti-spam obligations relating to its mobile application.
Advises Alon Blue Square Holdings (TASE: BSI), one of Israel’s largest retail conglomerates, on data protection aspects.
AI Governance
Advises multiple organizations on generative AI governance frameworks, including internal-use policies, vendor due diligence for AI providers, IP and privacy risk assessments, and workforce monitoring considerations — clients include Taavura Holdings, Arbe, Guesty, ZIM, IEC, and Maman.
Provide guidance on AI-related matters, including due diligence and contractual representations and warranties, contractual undertakings, and assessing the legal risk in developing, implementing, and deploying AI-based technologies.
Cross-Border & International
Acted as Israeli counsel to multinational players in connection with projects involving the processing of personal data, AI-based technologies, and general data protection aspects, requiring analysis of applicable privacy law compliance requirements.
Advised Bizzabo, a global event technology platform, on e-Privacy regulation and initial compliance considerations arising from the EU Digital Services Act and Digital Markets Act.
Advised Anecdotes AI on data protection compliance across its GRC automation platform serving enterprise clients in multiple jurisdictions.
Regulatory Proceedings & Enforcement
Represented Israel Electric Company (IEC), Israel’s dominant electricity provider with 2.8 million customers, in administrative enforcement proceedings before the Israeli Privacy Protection Authority arising from a data security incident. IEC is among the first major Israeli organizations to complete the Amendment 13 readiness program.
Led PPA audit responses for multiple clients, completing the process and implementing structured remedial compliance programs.
Provides ongoing advice to multiple clients on mandatory breach notifications to the Israeli PPA, coordinating with cyber insurers and incident response firms. Has reported multiple significant incidents to the PPA on behalf of clients, including in the logistics, healthcare, and technology sectors.
Healthcare & Life Sciences
Acts as ongoing privacy counsel to Medtronic (NYSE: MDT) across its Israeli operations, advising on Israeli privacy law, Ministry of Health guidelines on health data, and GDPR requirements applicable to its EMEA operations. Advises on commercial transactions with multiple medical centers in connection with medical devices such as robotic surgical assistant platforms.
Advises AstraZeneca Israel on all data protection matters, including patient support programs, clinical research activities with Israeli healthcare providers, Ministry of Health informed consent requirements, and cybersecurity readiness with the company’s global security office. Advises on the intersection of global corporate privacy policies and local Israeli regulatory requirements.
Acted as ongoing privacy and compliance counsel to SHL Telemedicine (Nasdaq/SIX: SHLTN), Israel’s largest telemedicine provider.
Financial Services & Fintech
Acts as privacy advisor to IBI Investment House (TASE: IBI), one of Israel’s largest investment groups offering financial products and services to clients in Israel and abroad. Advising on Amendment 13 compliance across a group of more than a dozen subsidiaries with shared databases and infrastructure, each subject to Capital Market Authority licensing requirements. Advises on anti-spam obligations and privacy-by-design for new financial products including the IBI SMART investment application and a pension platform for agents and end-clients.
Advises Bank Yahav and Isracard Group (TASE: ISCD) on data protection matters in connection with financial services regulation under the Bank of Israel.
Advises I.D.I Insurance, WeCheck and others on regulatory compliance matters under Capital Market Authority guidance.
Advises Pluxee Israel (Cibus) on data protection aspects of a commercial collaboration with a credit card issuer, involving the handling of financial and cardholder data of cardholders.
Technology & SaaS
Acts as ongoing privacy counsel to Guesty Inc., an international property management SaaS platform, advising its DPO and legal team on GDPR, CCPA, and Israeli law compliance across operations in multiple jurisdictions and its financing rounds. Conducts periodic organizational DPIAs, and provides privacy-by-design review at product feature launch level.
Advises ZIM Integrated Shipping Services (NYSE: ZIM), a top-20 global carrier headquartered in Israel, on Israeli privacy law and GDPR compliance, DPAs, AI and machine learning privacy assessments, cross-border data transfers to affiliates, employee data governance, and Amendment 13 readiness.
Advises Dream Security, an AI cybersecurity company, on data protection aspects of its financing rounds, coordinating with Bryan Cave Leighton Paisner on U.S. aspects.
Advises Arbe Robotics (Nasdaq: ARBE), a semiconductor and 4D imaging radar company for autonomous vehicles with operations in multiple jurisdictions on privacy compliance in an autonomous vehicle data environment, generative AI governance policies, and cybersecurity disclosures under SEC Regulation S-K, coordinated with U.S. securities counsel.
Advised on data protection aspects of the acquisition of 365Scores, an Israeli sports data platform, by Entain Plc (LSE: ENT), one of the world’s largest sports betting and gaming groups, for aggregate consideration of USD 160 million. Work included pre-signing DPIA, GDPR, Israeli law, and LGPD gap remediation, and negotiation of data processing agreements with betting industry partners.
Advised Cyabra (Nasdaq: CYAB), a social threat intelligence company providing disinformation detection and social media analysis services to governmental and enterprise clients, on GDPR and Israeli privacy compliance in a complex environment involving large-scale data scraping and AI-generated content analysis.
Advises Fortellix, a simulation-based autonomous vehicle testing company, on privacy and AI governance aspects of its technology and commercial agreements.
Advises DataRails on data protection compliance across its financial planning and analysis SaaS platform.
Advises Waterfall Security Solutions on data protection matters in connection with its OT/ICS cybersecurity products and commercial agreements.
Critical Infrastructure & Logistics
Acts as ongoing privacy and IT counsel to Maman Cargo Terminals (TASE: MMAN), one of Israel’s largest logistics and aviation services conglomerates, advising its General Counsel and CIO across the group’s subsidiaries. Advises on complex IT procurement agreements and is conducting an organizational DPIA across the group.
Advises Med-1 (MedOne), Israel’s primary data center interconnection hub — hosting all Israeli ISPs, infrastructure providers, and all submarine cable landings — on cybersecurity preparedness, incident response drills and procedures, and Amendment 13 compliance implications for a critical infrastructure operator.
Advises Israel Natural Gas Lines on data protection and privacy compliance matters.
Consumer, Retail & Loyalty Programs
Advises Sano-Bruno’s Enterprises (TASE), Israel’s leading manufacturer and distributor of hygiene, paper and cosmetics products, on privacy compliance including a full organizational DPIA, e-commerce privacy, anti-spam and email marketing obligations, and internal security camera procedures.
Advises Sonol Israel, one of Israel’s four leading fuel companies, on a comprehensive DPIA, privacy compliance program development, board and senior management training, and ongoing advice on marketing technology and anti-spam obligations relating to its mobile application.
Advises Alon Blue Square Holdings (TASE: BSI), one of Israel’s largest retail conglomerates, on data protection aspects.
AI Governance
Advises multiple organizations on generative AI governance frameworks, including internal-use policies, vendor due diligence for AI providers, IP and privacy risk assessments, and workforce monitoring considerations — clients include Taavura Holdings, Arbe, Guesty, ZIM, IEC, and Maman.
Provide guidance on AI-related matters, including due diligence and contractual representations and warranties, contractual undertakings, and assessing the legal risk in developing, implementing, and deploying AI-based technologies.
Cross-Border & International
Acted as Israeli counsel to multinational players in connection with projects involving the processing of personal data, AI-based technologies, and general data protection aspects, requiring analysis of applicable privacy law compliance requirements.
Advised Bizzabo, a global event technology platform, on e-Privacy regulation and initial compliance considerations arising from the EU Digital Services Act and Digital Markets Act.
Advised Anecdotes AI on data protection compliance across its GRC automation platform serving enterprise clients in multiple jurisdictions.
Biography
Bar Admissions
Israeli Bar Association
Education
LLB, (Cum Laude), The Interdisciplinary Center Herzliya
BA, Business Administration, (Cum Laude), The Interdisciplinary Center Herzliya
