The International Who’s Who of Internet, e-Commerce & Data Protection Lawyers has brought together three of the world’s leading practitioners to discuss key issues facing internet, e-commerce & data protection lawyers today.
Jonathan Klinger Law Firm
Data Protection Issues
According to sources around the world, tougher regulatory regimes combined with more diligent enforcement have caused clients to place greater emphasis on their data protection mechanisms. To what extent has data protection advisory work increased in your jurisdiction? And has there been an attendant rise in litigation as a result of stricter regulation?
Jonathan Klinger: Israel’s data protection regime faced many interesting challenges over the last year or so, and is viewed from two different, yet similar, approaches. On one hand, there is a pressure for stricter pro-citizen and pro-user regulation against private databases, while on the other hand, governmental databases are growing by the day. Several factors, as I see it, are what caused this to occur.
First, during the last year, two material data breaches occurred in Israel: the first is the hacking by 0xOmar, where a hacker broke into several Israeli websites and posted the contents of their databases, including passwords, e-mails and credit cards, online. This event raised the public’s awareness of use of private information and its dangers; however, not even a year had passed when another hacker revealed the personal information of around 10,000 other Israeli nationals.
These two events, however, are insufficient to raise public awareness of privacy and its importance. During the last year or so, the Israeli Law, Information and Technology Authority (ILITA) also cracked the case of the infamous Israeli census leak which led to criminal charges against the persons involved. However, the damages of the leak remain.
As I see it, most privacy litigation relating to databases is still in the criminal and administrative courses and not the civil courts. The reasons are that though Israel was acknowledged under the article 29 working party, the public’s understanding of privacy remains uneducated and is not enforced enough. For example, in a recent case, ILITA chose to let a company who used the Israeli census for data processing without a fine, following the said company’s obligation to erase the database.
While the private sector’s use of databases is constantly being regulated and provided with recommendations from ILITA, such as barring the use of ID numbers as an identifier or requiring that employee evaluations be available to the employees, the public sector continues to use personal information in a concerning manner.
Israel is currently in the process of establishing a biometric database which is unprecedented in the democratic world. While public organisations such as the Israeli Digital Rights movement and the Israeli Association of Human Rights appealed to the supreme court to quash the act establishing the database (and I had the honour to be a co-counsel in the case alongside Adv. Avner Pinchuck), currently the database moves forwards.
Another concern is the constant utilisation of personal information, such as the inspection of tourists’ computers upon their entrance to Israel.
Having said that, the state of Israeli Privacy Regulation is better than other fields due to a competent head of ILITA, and mostly due to public sector activity, and not the private sector’s actions.
Rainer Knyrim: In Austria, data protection advisory work is increasing from year to year and projects get bigger and bigger. When I started advising in the subject more than a decade ago, I had a handful of small cases. Last year our firm won the public tender for a privacy project, which probably was one of the biggest ever handled in Austria. With up to seven staff from our office we made a full examination of all privacy issues of an electricity company group, from consent clauses in consumer contracts to contracts with group internal and external data processors to necessary notifications.
The update of the notification status in Austria was a big subject this year in general in Austria, as since 1 September 2012, the Austrian data processing register has gone online and is publicly visibly for everybody in the world anonymously and free of charge. In preparation of this, many companies started to update their old notifications and filed new ones to have an up-to-date notification status.
It is expected that there will be more proceedings regarding the notification status due to the easy online access to the register. By now, notification issues mainly have been arising with regard to unregistered CCTV, where companies were fined for non-compliance.
Advisory work in Austria is as well already focusing on new and upcoming law updates, which includes not only the EU General Data Protection Regulation proposal, but as well new local Austrian ordinances and planned updates for the Data Protection Act.
Data Protection litigation will get interesting in particular on 1 Jan 2014: the Austrian Data Protection Commission will be replaced by general administrative courts and currently it is unclear if this will lead to a change in case law and how these – newly established courts – will handle all the other administrative functions a DPA has to fulfil.
Robert Bond: I have been advising on data protection since 1983 and the complexity of laws and regulations seems to increase year on year.
Compliance with data protection laws is no longer an option and the increase in liability and fines makes compliance a major risk management topic for the Board.
Litigation around data security and data loss has increased in the past two years and will increase in the future. Cyber-risk is now a major insurance product too!
Many of the lawyers we spoke to noted that the all-pervasive nature of the internet is leading to greater convergence of legal services under the banner of e-commerce law, and added that the legal departments that are succeeding in the current – highly competitive – marketplace are placing greater emphasis on diversity. To what extent has the interplay between internet and e-commerce work and, for example, telecoms or advertising law, had an impact on your practice? Is it necessary to be a generalist in order to flourish?
Jonathan Klinger: As a private practitioner I have to see myself differently. Telecommunication law, advertising law, as well as administrative law and certain elements of antitrust laws are required when you advise a client. I believe that while specific knowledge has to be appreciated, vast general knowledge (as far as it can be deemed as such) is required when counselling clients.
For example, certain Israeli start-ups involve issues such as e-commerce and banking, even if they are unaware that they do. When advising a social game developer, you have to take into consideration not only the issues concerning copyright and privacy, but also its monetisation funnel, which includes advertisements, affiliate marketing or sometimes even issues like criminal law (if the game is in the grey area of gambling).
I think that defining e-commerce is not that simple, but it should be separate. The large Israeli firms’ hightech and internet departments sometimes deal only with corporate law, where most of their work is related to the peripheral legal work; where the actual legal work (privacy, copyright, etc) is sometimes outsourced to boutique offices.
Rainer Knyrim: There actually is a need for diversity as often, client advice is a mixture of different legal areas. A typical example would be that a pharmaceutical company would like to collect contact data through its web platform to send out pharmaceutical information via e-mail. This would involve e-commerce, data protection, advertising and telecoms law as well as pharmaceutical law. Having more than 20 legal staff in our office, we are happy to cover all these subjects with different specialists that work together to give advice. Nevertheless, each of us needs to have an overview over different legal subjects to know which specialists he should involve to cover every area of law.
Robert Bond: When the area of internet and e-commerce law became a speciality I remember saying at a conference in 1996 in London that by specialising in e-commerce law I had become a generalist again.
Lawyers cannot advise on internet and e-commerce without having a general knowledge of international trade law, commercial law, insurance law, marketing and advertising law, company law, tax, IP and IT!
Law Firm Responses
Lawyers also identified gaps in the legal marketplace, with an increasing proportion of private practitioners moving in-house and larger full-service firms struggling to maintain strong e-commerce teams due to lower returns. Has the make-up of the legal marketplace changed in your jurisdiction over the past year? Is there a particular firm model that is best suited to the current conditions?
Jonathan Klinger: As I see it, some pricing models offered by lawyers are undergoing changes to fit the competition. Israel has the world’s highest number of lawyers per capita, which drives competition in two directions: The mom-and-pop offices with between one and ten partners, associates and employees have substandard rates that have to compete for every client. Recent surveys show that there’s a major difference between the salaries in the big firms and the small ones. The big firms, on the other hand, charge rates that are similar to the global ones, where the associates and partners are required to give more and more of their time.
Most clients who require the assistance of a legal firm or team do not need, or cannot afford full-time counsel. However, in some cases, the corporate in-house client is used as a liaison with the legal firms retained, each for its specialty.
As far as I can tell, this only benefits the in-house counsel, who can rely on a professional team, and the law firms (mostly big ones) who can either provide affordable services (such as debt collections) but where specific specialty or knowledge is required, they are not always the best place to go to.
Rainer Knyrim: Austrian lawyers seem to be moving in-house from larger full-service firms. The last months have seen some examples of colleagues doing this. In my opinion, a legal area can only flourish in a law firm if there is one partner with an outstanding reputation in his area concentrating solely on it.
Robert Bond: As others have already commented, it is clear that many talented lawyers are going in-house to fulfil their career aspirations. Law firms that do not support e-commerce and data protection teams as more than mere “service groups” will lose out.
Law firms would be well advised to look at the consultancy and advisory opportunities that can be of value to clients as well as just the legal advice.
The potential legal liability of internet intermediaries for IP breaches has generated debate in numerous jurisdictions during this research period. Have their been any developments in the regulations or enforcement actions applicable to intermediaries where you are?
Jonathan Klinger: In research I published alongside Dr. Nimrod Kozlovski and Adv. Uria Yarkoni and Adv. Netanel Davidi as a part of the Access to Knowledge group, we found out that one of the reasons for Israeli innovation is the lenient copyright laws. However, 2011-2012 marked an attempt to change it.
Israel saw its fair share of IP litigation in the last year or so. The Israeli organisation ZIRA (Copyright over the Internet) seized several websites who allegedly infringed on copyright. The decision (which was granted in 2009, but only executed early 2012) marked the beginning of a new approach against file sharing in Israel.
But blocking file sharing sites (which sometimes were no more than digital lockers such as rapidshare) is not the only action. Recently, in parliamentary discussions that were held relating to a new bill, the Israeli copyright industry showed its approach to fair use and intermediary liability.
During the discussion on the bill to allow courts to identify anonymous downloaders and bloggers, the Israeli Copyright Federation and Collection Societies requested the chair of the parliamentary committee, MK Ronit Tirosh, to allow them exparte disclosure in copyright cases; their approach was that there was no right for anonymous fair use, and that even if there is such right, then the court, exparte, shall be wise enough to inspect it.
But this was only one part of their attempt; while trying to change the law, copyright organisations attempted (unsuccessfully) to convince courts into ruling that protections similar to the DMCA’s article 512 and CDA’s 230 are null and should not be considered possible in cases where the website is run by persons who are aware that general infringement occurs in their vicinity.
The atmosphere here is that more than before, websites with innovative technologies that attempt to provide new, unique and interesting business models are coerced into litigation, sometimes without actual fault, only to reduce the competition on innovation.
Rainer Knyrim: IP and internet litigation in Austria is still very much focused on the question whether static and dynamic IP addresses need to be disclosed by internet providers. Beside this, it seems that more and more litigation is starting regarding postings on websites and social media platforms that are disclosing personal information or are defamatory. The balance between these issues and the freedom of speech will need to be found in this litigation.