Names and Email Addresses Constitute a Database Subject to Israeli Data Protection Law

The Privacy Protection Authority (PPA) – Israel's regulatory and enforcement authority for personal data – has published a public statement laying out the PPA’s interpretation of the Israeli Privacy Protection Law regarding email addresses.

The statement discusses whether a list containing merely names and email addresses is considered a "Database" under the Israeli Privacy Protection Law. The PPA's position is ...

US Securities Commission Requires ICO Companies to Register Tokens as Securities

The United States Securities and Exchange Commission (SEC) has settled charges against two companies for not registering their Initial Coin Offerings (ICO) of digital tokens as securities pursuant to the federal securities laws. 

These settlements are part of the first enforcement proceedings brought by the SEC that impose civil penalties on companies solely for ICO securities registration violations. Previous ...

Data Protection and Privacy Annual Review - 2018

Haim Ravia contributed this Israeli chapter in Data Protection & Privacy Laws Annual Review 2018, a publication by Financier Worldwide that covers numerous jurisdictions around the world.

Haim’s commentary analyzes companies' understanding of their privacy and data proteciton duties, outlines recent legal and regulatory developments in Israel on data privacy matters, regulatory enforcement, and offers advice to companies on data protection risk ...

UK Privacy Regulator Issues Guidelines on Passwords and Encryption under GDPR

The UK Information Commissioner’s Office (ICO) – the UK privacy regulator – issued new information security guidelines on encryption methods and passwords, within its guide to the General Data Protection Regulation (GDPR). 

The GDPR does not particularize what security measures organizations are required to implement in order to comply with the obligation to process personal data securely. The ICO’s ...

New Exemptions to the Prohibition on Circumvention of Technological Measures

 The US Copyright Office has codified new exemptions to section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits circumventing technological measures used to prevent unauthorized access to copyrighted works. 
Software and its copyright-protected code are an integral part of most devices. Device manufacturers argued that breaking the software locks as part of replacing parts or modifying devices ...

GDPR Notice and Consent Compliance Implications on the AdTech Industry and Beyond

The French data protection authority (Commission Nationale de l'informatique et des Libertés – CNIL) recently published a warning it issued to the French AdTech company Vectaury, that collects and processes geolocation data for targeted advertising purposes through an SDK that is integrated into third party mobile applications.

The CNIL’s warning to Vectaury reveals detailed information about the EU privacy regulators’ ...

Draft Guidelines on the Extra-Territorial Scope of the GDPR

The European Data Protection Board (EDPB) – the panel of EU privacy regulators – has published long-awaited guidance on the territorial scope of the General Data Protection Regulation (GDPR). The draft guidelines explain that according to Article 3 of the GDPR, the GDPR’s applicability is triggered into effect on one of two criteria – the “establishment” criterion and the “targeting” ...