Clients updates / Privacy Law

The United States Court of Appeals for the Ninth Circuit (in California) recently held that the scraping of data from public websites without any prior consent is lawful, even if it contradicts the provisions of a website’s terms of use.

The Hellenic Data Protection Authority (HDPA) recently imposed a EUR 150,000 fine on the international consulting firm PwC for its violations of the new European data protection regulations (the General Data Protection Regulations, or GDPR).

July 2019 brought an escalation in the enforcement of privacy infringements by companies around the world. These events underscore the trend that began with the GDPR taking effect and should lead any business entity coming across personal information.

Eight months after the European Union’s General Data Protection Regulations came into force, the French regulator issued Google a EUR 50 million fine, the highest fine issued so far under the GDPR.

The Israeli Privacy Protection Authority recently published a pronouncement whereby a collection of email addresses and the names of their owners also constitutes a database.

Recently, the UK Information Commissioner’s Office decided to take action against a non-European entity following an alleged breach of the GDPR.

Both Brazil and India have recently passed new privacy protection laws. These laws may also apply to Israeli companies doing business in the countries.

Over the last few days, the Privacy Protection Authority has begun sending in-depth questionnaires to various business entities for the purpose of examining these entities’ compliance with the Privacy Protection Regulations (Data Security) that came into effect on May 8, 2018.

California recently passed a sweeping consumer privacy law that significantly increases the protection provided to people whose personal information is being collected.

Recently, the Knesset approved a private bill that expands the scope of the “Spam Law.” The amendment is aimed at preventing the phenomenon whereby messages not necessarily commercial in nature are being sent to the general public, mainly through a robo-call system. 

On February 2018, the Knesset passed Amendment 66 to the Communications Law. The legislative amendment, colloquially known as “the Spam Law”, prescribes that when an ongoing transaction is terminated, a dealer will be prevented from continuing to send advertisements to the former customer, even without the consumer being required to send notice that he is opting out.

At the end of October 2017, the Privacy Protection Authority published a guideline about the use of surveillance cameras in the workplace and within the framework of employment relations. This guideline does not come as a surprise, as a draft of it was already published last year for public comments.

On October 18, 2017, the EU Commission published its report on the review of the functioning of the EU-US Privacy Shield, which was established to allow the transfer of personal data from the European Union to the United States.

The Ministry of Economics and Industry recently published a draft bill for an amendment to the Consumer Protection Law. This draft bill proposes placing restrictions on telemarketing.

Apple is set to introduce a new feature in the Safari browser that will significantly reduce advertisers’ ability to collect and use personal data. The new feature, called Intelligent Tracking Prevention (ITP), imposes a 24-hour time limit on third party tracking cookies and a 30-day time limit on first party cookies.

The New York Circuit Court of Appeals ruled recently that when a new user confirms the “terms of service” and “privacy policy” on an application’s registration screen, even without perusing the legal documents provided through these links, such approval suffices to raise the user’s legal engagement with the company to the standing of a binding contract.

The Spanish Data Protection Authority slapped Facebook with a USD 1.4 million fine over three instances in which Facebook collected information on ideology, sex, religious beliefs, personal tastes, and browser history without properly notifying users what such information was being obtained for.

In a case recently brought before the European Court of Justice (ECJ), the Advocate General provided an opinion according to which a candidate’s examination script, as well as the comments made on the script by the examiner, is personal data the candidate is entitled to receive.

The Supreme Court of India recently ruled that the right to privacy is an integral part of the right to life and personal liberty enshrined in the Indian constitution, and as such is entitled to the same legal protection.

Israel’s government recently set forth a decision approving the key points of a national “safe identification” policy. The purpose of this policy is to define how a person’s identity is to be verified when receiving government services in a digital mode, in order to improve the services being provided to residents, and to simplify the access to these services.