Big Data and Privacy- Risks and Rewards

Adv. Yoheved Novogroder-Shoshan (Hi-tech Partner) and Adv. Miriam Friedmann (Hi-tech Associate)

“Information is the oil of the 21st century, and analytics is the combustion engine.”

Peter Sondergaard.

One of the most significant commodities of our era is data.

The availability and novel methods of processing data has enabled medical practitioners to take tremendous strides in the area of digital health, as troves of health information are mined to predict who will develop disease and tailor personalized medical treatments to the unique attributes of individual patients. Data on human purchasing behavior is a valuable commercial asset that has fueled the development of new industries. Novel fintech tools and cryptocurrencies have arisen to complement the new ways we do business, revolutionizing commercial transactions and even the banking industry. Much of our social interaction takes place on social media platforms. The data revolution has even transformed how nations battle, as cyber attacks have become the next frontier in warfare among nations.

As these technologies take root, we leave deeper and broader digital footprints. This has led to heightened sensitivity surrounding an age-old fundamental human right – the right to privacy.

As more of our lives are conducted in the digital sphere, the risk of compromising accumulated information increases. This risk has spawned a new industry of data security tools devoted to protecting that information. Cyber solutions are increasingly key not only to protecting personal, but also to defending national interests. The Israeli cyber industry is taking the lead in developing these tools; Israel has the second highest level of investment in the cyber industry – second only to the USA – with greater amounts being invested in later stage companies, thus attesting to the maturation of the sector. Israeli cyber companies continue to advance the defensive capabilities of cyber solutions, in particular in the area of internet of things (IoT) systems and connected devices.

As the digital age hurdles forward, law scrambles to keep up. Privacy is arguably – and understandably – the single regulatory field that has evolved most significantly and received the most public attention over the past year. To protect European citizens in a commercial environment that is increasingly global, the European Union’s General Data Protection Regulation (“GDPR”) which came into effect in May 2018 transcends national borders, demanding compliance of all who process data of Europeans, regardless of where they are located. The GDPR provides the European supervisory authorities with the ability to impose administrative fines of up to the higher of 20,000,000 EUR or 4% of the company’s total worldwide annual turnover. Israel too has strengthened its privacy requirements. New Israeli data security regulations which also came into effect in May 2018 establish specific, granular requirements with respect to personal data collected and maintained in databases. A proposed amendment to the Israeli Protection of Privacy Law would exponentially increase the penalties for violations of Israeli privacy laws – up to a maximum amount of NIS 3.2 million, with daily increases of 2% for ongoing uncured breaches. Legal theories which would hold individual officers and directors personally accountable for data breaches have long been the topic of speculation in boardrooms across the globe – in the next few years we expect to see these theories tested in the courtroom. The proposed amendment to Israel’s Protection of Privacy Law, if passed, would expressly impose criminal liability on office holders for certain privacy-related violations.

There is not a single company or industry that is not affected by privacy concerns, be it the privacy of their employee data, customer data, or other personal data collected or processed. But why should businesses care about privacy? Is it only about the risk of penalties? How should companies be thinking about privacy compliance?

It’s clearly important to comply with the law, but regulatory compliance is only part of the story. Privacy is a fundamental business issue, and the reasons businesses should be paying attention to privacy far surpass the risk of penalties. ‘Privacy is the new green’ – consumers are becoming more aware of the value of their data and the attendant privacy risks, and the privacy practices will continue to impact consumer behavior as consumers opt for solutions that are less invasive and more protective of data subjects. Business customers may refuse to do business with entities whose privacy practices are not up to par. A highly publicized data breach may not only yield regulatory penalties, but may spawn lawsuits or generate negative publicity that can compromise a promising business. For emerging companies, privacy compliance is an issue that draws significant attention in investment deals and exits, as prospective investors and acquirers ask tough questions about targets’ privacy compliance, and for data-rich businesses, fundamentally flawed privacy practices may kill a potential transaction.

If they haven’t already done so, all entities, in particular data-rich-businesses, should design their products and services with privacy concerns in mind. Collection of excess data exposes customers to unnecessary legal risks and raises the stakes in the event of a data breach. So while data may be the new oil, when it comes to data, sometimes less is more.

ADDRESS Azrieli Round Tower, Tel Aviv 6702101 TEL 972-3-6087777 FAX 972-3-6087724 E-MAIL [email protected] WEBSITE

ADDRESS Azrieli Square Tower Tel Aviv 6702501 TEL 972-3 6087999 FAX 972-3 6087902

ADDRESS 31 Hilel St., P.O.B. 69, Jerusalem 9458131 TEL 972-2-6239239 FAX 972-2-6239233

ADDRESS 22 Rivlin St., Jerusalem 9424018 TEL 972-2-6239200 FAX 972-2-6239236