Legal expert: EU regulation changed how businesses view privacy worldwide

Companies around the world doing business with Israeli companies can be on the hook with how Israeli companies use the shared data.

August 31, 2018 11:58
4 minute read.
A picture illustration shows a Facebook logo reflected in a person's eye

A picture illustration shows a Facebook logo reflected in a person's eye. (photo credit: REUTERS/DADO RUVIC/ILLUSTRATION/FILE PHOTO)


Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analysis from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief


The EU’s General Data Protection Regulation (GDPR), which went into effect in May, has changed the way businesses worldwide view privacy and will continue to do so, an Israeli legal expert told The Jerusalem Post.

Public records have indicated that multiple social media giants currently face multi-billion dollar lawsuits in the EU – and some mega companies have blamed the GDPR for causing them to lose millions of users.

In an interview this week, Adam Snukal, Shareholder in Technology and Intellectual Property at Greenberg Traurig, Israel, discussed the overall picture, telling the Post that the writing had been on the wall.

“Leading up to May 25, I had described the GDPR as the beginning of a wave of new privacy regulations,” he said, adding with a dose of seriousness and humor that now this has been “manifested globally – it is a global reality… my ‘prophecy’ has very much come to fruition.”

He said that since the GDPR went into effect, new privacy laws have been unveiled in Japan, Brazil and the US, and many other countries are seriously discussing new laws.

There is still a significant difference between the EU and most other countries, he said. In the EU, privacy is a fundamental right of its citizenry whereas there is no such right in Japan, the US, Canada or other countries.

The EU will continue to be the leader on privacy issues which will only continue to expand in their impact, he said.

However, across the globe, “the GDPR is laying the foundation for a new era in which privacy is coming to the forefront of all aspects of our lives,” he proclaimed.

SNUKAL SAID that since the May 25 deadline to comply with the regulation passed, he is “seeing greater attention and efforts made than before… to become GDPR compliant. We are getting calls from companies that didn’t do anything before May 25.”

“There has still been a relatively low number of companies adopting and trying to be GDPR” compliant for three main reasons. “One is a lack of education among small and medium size companies. Two is the great deal of uncertainty people have regarding the regulations, how they will be interpreted… and implemented. It is still sort of a black box that no one has cracked,” he stated.

He said that in this area, even the largest companies are “no smarter than a start-up company about how the law will be enforced.

Many companies are taking the position that they will do the absolute minimum or stand on the sidelines until there is more direction… about how the GDPR fits into their company’s essence.”

The third issue is the lack of enforcement.

“What drove thousands of companies to implement GDPR programs was the fear…of penalties – whether 2% or 4% of revenue or 20 million euros – this was the greatest motivator.” For big companies, he said some were worried that violations could literally end their company.

But after all of this fear, “we have seen very little enforcement” according to what has been disclosed publicly. Snukal said that one of the major reasons for lack of enforcement could be that the EU privacy commission is understaffed and under-resourced.

And yet there are crucial exceptions where enforcement has captured the headlines.

TWO DIFFERENT groups of lawsuits by private citizens, one coming from citizens in Belgium and one from citizens in Austria, which are moving forward against some of the major social media giants despite the EU privacy commission’s lackluster enforcement.

Both groups hope that at some point the EU will jump on their bandwagon, but legally they can initiate suit on their own.

According to public records, the maximum total these plaintiffs could be awarded against the social media giants could run up to a game-changing $9.3 billion. Even if they win a lower amount, any fine in that range would motivate much greater GDPR compliance across a variety of industries.

In terms of Israel, Snukal said that the GDPR along with new Israeli privacy law regulations, which went into force in May, have companies generally taking local privacy laws more seriously than ever before.

He now gets “questions on a regular basis about how to comply with Israeli privacy laws” since they now “believe Israeli authorities are taking the laws more seriously, monitoring markets and looking to hand out fines.” He added that, with big lawsuits and headlines about social media giants and privacy in the news, there is generally just a much more elevated “awareness and concern about privacy.”

Moreover, “companies around the world, especially if they are tuned into the GDPR and privacy generally, realize they are not merely liable for their own actions, but are also liable for actions of third parties who they do business with.”

This means companies around the world doing business with Israeli companies can be liable how Israeli companies use the shared data.

Continuing, he said, “A ‘data controller’ is responsible not only for its actions, but also for its service providers, vendors and contractors. Israel for the most part is service providers and vendors. That includes smart video, big data, cybersecurity, [and] enterprise software.”

Finally, he said that companies are realizing that at some point they are “likely to get audited. You cannot throw things together overnight when you get audited,” without risking breaching contracts and being reported to EU regulators. “It could have a significant material adverse effect on your stock performance.”

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

Adv. Shmulik Zysman
July 18, 2019
Israeli high-tech companies raise record amount in first half of 2019


Cookie Settings