TMT 2019

Last Updated June 13, 2019

Israel

Law and Practice

Author



Goldfarb Seligman & Co Law Offices is one of Israel’s largest law firms and is the top choice for many international and Israeli TMT corporations operating both in Israel and abroad. The firm handles a wide variety of transactions ranging from private transactions for small and medium-sized companies and individuals to complex corporate transactions and multinational transactions that greatly influence the Israeli market. The firm's attorneys frequently represent clients in M&A transactions in the TMT field, and the TMT practice regularly advises clients engaged in cutting-edge technological developments in the field, including cloud computing, blockchain, big data, AI, machine learning, IoT and more. The firm also handles dozens of capital-raising and investment transactions every year, providing ongoing counsel to a diverse client base ranging from classic TMT companies to investment funds, private investors, entrepreneurs and more.

While there are many benefits to cloud computing, such as efficiency, cost reduction and the sharing of resources, the use of cloud computing may expose corporations to operational problems concerning safeguarding information, cyber safety, business continuity and control over IT assets. These risks are exacerbated by difficulties in protecting information, among other reasons, and especially when there is a single point of failure. Cloud computing in general, is not specifically regulated under any law or regulation in Israel. Though, since cloud computing might require transferring personal information from a database in Israel to a destination abroad, the transfer of such information is, in fact, addressed under the Protection of Privacy (Transfer of Data to Databases Abroad) Regulations, 5761-2001 (hereinafter the 'Transferring Information Abroad Regulations'). The Transferring Information Abroad Regulations require that prior to transfer, the transferring party assess the compatibility of the data protection regulations of the destination country, in comparison to the level of data protection under Israeli law, to ascertain whether it is at an adequate level (at least as protective as Israel’s regulation, being the country of origin). Moreover, such personal information, shall be governed by the following principles:

  • the data shall be gathered and processed in a legal and fair manner;
  • data shall be held, used and delivered only for the purpose for which it was received;
  • data gathered shall be accurate and up to date;
  • the right of inspection is reserved for the data subject; and
  • the obligation to take adequate security measures to protect data in databases is mandatory.

However, the data can be transferred even if such principles are not met if:

  • the data subject has consented to the transfer of his or her information;
  • the transfer of the information is necessary for the health or well-being of the data subject;
  • the data was transferred to an entity which is under the control of the same database owner, and he or she has insured the protection of the data after it has been transferred;
  • the data has been transferred to a person who is bound by an agreement with the owner of the database, that specifies that the data is kept in compliance with law in Israel regarding information that is kept in databases, mutatis mutandis;
  • the data was exposed due to a public inspection of a legal authority;
  • the transfer of such data is essential for public safety or security;
  • the transfer of such information is mandatory according to the Israeli law;
  • the data is being transferred to a country which:
    1. is a party to the European Convention for the Protection of Individuals with Regard to Automatic Processing of Sensitive Data;
    2. has received data from Member States of the European Community, with the same degree of acceptance; or
    3. the Israeli Registrar of Databases (the 'Registrar') has informed in the Israeli Official Government Gazette, that such country has an authority, which the Registrar has established an arrangement for co-operation with such authority.

It should be noted that when transferring data according to the Transferring Information Abroad Regulations, the owner of such database should verify that the recipient of the data shall take the adequate measures to ensure the privacy of the data subjects, by written agreement with the recipient of such information.

In addition to the above-mentioned, in its agreement with the cloud computing provider, the companies must include the provisions set forth in the Outsourcing Guidelines, as described in 5 Challenges with IT Service Agreements.

With regard to banking corporations (including credit card corporations), the Supervisor of the Banks in Israel has published new guidelines recently, 'Cloud Computing' from 13 November 2018 (the 'Cloud Computing Guidelines'), which include a number of conditions for use of cloud computing. According to such guidelines, banking corporations are prohibited from using cloud computing for central operations or systems. They are prohibited from storing, transferring or processing sensitive information in cloud computing outside the borders of Israel, unless they confirm that the cloud service provider fulfils the level of data protection required by the European Union. Banking corporations in Israel must also comply with the Israeli privacy protection regulations’ requirements. They are also obligated to weigh the need for external expert advice on additional means to reduce the risks inherent in the use of cloud computing. The use of cloud computing requires the approval of the board of directors of the banking corporation.

According to the Cloud Computing Guidelines, banking corporations are required to perform a thorough risk management analysis prior to implementing cloud computing. Before entering an agreement with a cloud computing provider, the corporation must perform due diligence, including concerning the expected financial outcome, professional ability to undertake cloud computing and experience in providing similar services. The risk management analysis should be undertaken periodically during the relationship with the service provider and due to technological, legal, regulatory, business and organisational changes to either the banking corporation or the service provider. The banking corporation is responsible for executing periodic inspections. In addition, the banking corporation should ensure that it has the ability to monitor cyber events and information security that affect either the use of cloud computing or its implementation. If the monitoring is performed through the service provider, the banking corporation must ensure that the tools used are up to the accepted standard and that they allow for integration with the existing monitoring system of the banking corporation. The banking corporation must also safeguard the cloud computing access channels to/from the banking corporation through means that ensure cyber security and information protection and which limit, as much as possible, the use of these channels as a way to hack the banking corporation. Similarly, the banking corporation’s information should be encrypted at the time it is transferred and when it is stored in systems which are multi-tenancy. If it is difficult for the banking corporation to encrypt the information, it should at least encrypt that information which is sensitive and which, if revealed, could harm the banking corporation or its clients. The encryption key should be stored, if possible, with the banking corporation itself.

An agreement with a cloud computing service provider should include a number of specified conditions. The banking corporation must have the unilateral possibility of ending the use of cloud computing or transferring the service to a different provider while the current provider transfers the relevant information within a short time period, erases that information from its system and is obligated to not retrieve the information from its system. The terms concerning receiving information from examinations and inspections done on the service provider should be outlined in the agreement. The banking corporation itself and the bank supervisor should be allowed to perform inspections of the cloud computing service provider, on a risk evaluation basis. In addition, in the event of any change in ownership of the cloud computing service provider, the banking corporation should retest its agreement in order to ensure its obligations in relation to the new owners. Another industry with greater regulation is the industry of the institutional entities. Institutional entities in Israel are the insurance companies, pension funds and provident funds. The Supervisor of the Capital Market, Insurance and Saving Authority in the Israeli Ministry of Finance published guidelines for institutional entities on 31 August 2016 (2016-9-14 'Managing Cyber Theatres in Institutional Entities') (hereinafter the 'Institutional Entities Guidelines') which address, inter alia, the use of cloud computing in institutional entities.

According to the Institutional Entities Guidelines, when an institutional entity considers using cloud computing, it should conduct the following:

  • prior to using the cloud computing system, the institutional entity should perform an evaluation of specific risks and should discuss the potential risks in a steering committee;
  • the institutional entity shall not store sensitive information or client information in a cloud based outside the borders of the State of Israel, unless it has confirmation that the cloud provider fulfils the level of defence required by Transferring Information Abroad Regulations and the European Union Data Protection Directive (which has been replaced by the General Data Protection Regulations (GDPR));
  • in cloud computing outside the borders of the State of Israel, sensitive information must be encrypted;
  • access to the information in the cloud should be performed through authorised addresses only;
  • when an institutional entity’s information is stored in a multi-tenant system, technology such as encryption, data shielding or tokenisation should be used to prevent exposure of sensitive information or client information to unauthorised bodies; and
  • the institutional entity should include in the agreement with the cloud computing provider its control and supervision of the cloud computing provider.

In addition, it should include the possibility of one-sided termination of the use of cloud computing in which the provider must erase the information in its system and is committed to not attempt to retrieve it.

As mentioned above, there are no general regulations regarding cloud computing; however, there are two matters that should be taken into consideration. The first is governing law and venue. Since in many occasions the cloud is not located in the geographical region of the data subjects, the agreement between the company that processes personal data and the cloud company should refer to law and venue, as well as the matters of transfer of data as described above. It should be noted that according to European Commission Decision of 31 January 2011, Israel meets the European Union’s adequate protection standards in regard to automated processing of personal data, and therefore, information from European residents can be transferred to Israel, without an approval. The second matter that should be taken into account is the matter of data security. The company that provides cloud services should implement data security standards and measures to prevent data breach. In Israel, data security of databases which contain personal identifiable information are regulated under the new Israeli Privacy Protection Regulations (Data Security), 5777-2017, which came into effect on 8 May 2018 (the 'Data Security Regulations'). The Regulations regulate databases and aim to adjust Israeli law to some of the provisions of the General Data Protection Regulations (GDPR) that also came into effect in May 2018. The Regulations apply to all databases that contain personal identifiable information, dividing such databases into four categories: High Level Security Database, Medium Level Security Database, Basic Level Security Database and Database that is controlled by an individual. The Regulations impose different obligations on the owner of the database, including, inter alia, monitoring access to the database and to the database computerised systems, identification and access authentication methods, periodical audits, risk assessments, data backups, preparing at least three documents (Database Definitions Document, Security Procedure Document and updated document that maps the database and its systems), documentation of access to the database, maintaining secure and updated computerised systems, secure communications and procedures regarding outsourcing any services relating to the database.

See 1.1 Laws and Regulations.

See 1.1 Laws and Regulations.

The main legal challenges, and solutions thereto, when launching or using blockchain technology in Israel’s jurisdiction are discussed as follows. Most of the challenges that have arisen globally exist in Israel’s jurisdiction too. However, technology is advancing much quicker than legislators’ ability to regulate, and there are not many laws or case law regarding virtual currency in Israel. The issues of taxation, risk and liability, data privacy service levels and securities are considered below.

One legal challenge in Israel regarding blockchain is the matter of taxation of blockchain transfers. In 2018 the Israel Tax Authority published the circular 'Taxation of Activity involving a Decentralized Payment Method' (known as 'Virtual Currencies') (05/2018) (the 'Circular'), which addresses specific taxation issues. In the Circular, virtual currencies are identified as assets, as defined under the Income Tax Ordinance [New Version] 5721-1961 (the 'Ordinance'). The Circular addresses the sale of a virtual currency as a sale of an asset, and the income is regarded as a capital gain, which is taxed in accordance with the Ordinance. Further, income from virtual currency mining is regarded in the Circular as a business income, and therefore is taxed as such.

With respect to data privacy issues, due to the fact that blockchain maintains a ledger as part of its validation process, in which personal identifiable information may be recorded, this characteristic of blockchain may conflict with the right to erasure of personal identifiable information, under the Israeli Privacy Law (as defined below), since blockchain cannot be fully erased. Further, the obligation under the Israeli Privacy Law to delete any excessive personal information, for which there is no necessity to maintain, is difficult to abide by since blockchain ledgers cannot be fully deleted.

Another issue raised when using blockchain technology is that, as a decentralised payment system, blockchain lacks the supervision of government and law enforcement bodies. The use of virtual currencies in illegal transactions – for example, in the 'darknet' or other Internet platforms – remains unregulated. Further, if legal disputes arise resulting from the lack of value of virtual coins, or payment in virtual currencies, there are no regulations or precedents governing such matters.

With respect to the status of cryptocurrency in Israel, in March 2018 the Israel Securities Authority published an interim report of 'The Committee to Examine the Regulation of Decentralized Cryptographic Currency Issuance to the Public' (the 'Committee'). The main recommendations of the Committee are as follows: virtual currencies that provide similar rights to the traditional rights securities, such as shares or bonds, will be considered securities. On the other hand, virtual currencies that are being used as method of payment or transactions only, without any further rights and which are not being controlled by a centralised factor, will not be considered securities. In this case, the relevant examination is the examination of the purpose for which the virtual currencies were purchased. The Committee also regarded ICOs (initial coin offerings) and suggested to encourage existing and future channels for raising funds specifically for ICOs. The Committee also regarded the question of whether an issuance of virtual currencies considered securities as an offering to the Israeli public, and determined that it depends on each offering’s specifications, especially in regard to its target audience.

There are no specific laws and regulations in Israel that address big data, machine learning and artificial intelligence. However, with respect to such matters in the medical/health fields, the Israeli Cabinet, on 25 March 2018, approved a five-year national digital-health programme that is designed to personalise medicine, improve medical procedures and keep Israel at the forefront of the medical-tech field (the 'Decision'). As part of this programme the Israeli government will regulate the digitisation and sharing of health data and will promote and finance collaboration with commercial companies focused on digital health. The programme is still in its initial phase, but specialists in Israel are concerned about privacy issues that the programme might raise in the future. This initiative can assist Israel in using big data that health organisation has in Israel, to bring progress and advance medical treatment and public health. Big data of such health organisation can be used for machine learning or artificial intelligence. The Decision states that the Israeli Minister of Health will act to legislate a law or regulation that will implement certain recommendations that were published on January 2018 by the Committee for Implementation of Recommendations for the Secondary Use of Health Data on behalf of the Israeli Ministry of Health. The law has not yet been legislated, but as an intermediate solution, the Ministry of Health has published guidelines that address using health data that was collected from a person or for his or her sake, for any purpose other than for the purpose of granting that person medical treatment. Two main relevant guidelines are: Circular 1/2018 'Secondary Uses of Health Data' and Circular 2/2018 'Collaborations Based on Secondary Use of Health Data', both published in January 2018. The Circulars encourage collaboration between Israeli health organisations and companies engaging in the development of medical technologies.

There are not any relevant laws or regulations in Israel with respect to Internet of Things (IoT) projects. However, the Israeli Privacy Protection Authority (the PPA) has recently published a few guidelines that might indicate its growing interest in IoT. On 10 December 2018, the PPA published its guidance on 'Privacy in a Smart City'. The guide addresses the risks that a municipality should take into account when considering transforming its city into a 'Smart City'. The guide also suggests ways to mitigate such risks. Another paper which has been published recently (20 December 2018), giving an indication of the PPA’s growing interest in IoT, is a draft of guidelines with respect to privacy issues in the use of drones, which the PPA opened for public consultation until 3 February 2019.

Many Israeli organisations outsource their IT services, and therefore are obligated to comply with the 'Guidelines on the Use of Outsourcing Services of Processing Personal Information' (Guideline 2/2011) dated 10 June 2012 ('Outsourcing Guidelines'). The Outsourcing Guidelines specify various recommendations to such an organisation in connection to its engagement with service providers that access and/or process personal information (the 'Service Provider'), such as:

  • a recommendation that the Service Provider should not receive a copy of the database, but instead get access to the databases;
  • a recommendation that the organisation should enter an agreement with the Service Provider, that specifies the purpose, the scope and the term of such processing. Such agreement should also address who is allowed to access such data and that the transfer of data is only allowed to the extent that is serves the purpose defined in the agreement. In cases where the Service Provider collects the data directly from the data subject, then the organisation should make sure that the Service Provider complies with all applicable privacy laws (retention of data, notification, correction rights, etc);
  • a recommendation to appoint data security officers at both the organisation’s and Service Provider’s facilities;
  • a recommendation that the organisation should perform audits at the Service Provider’s offices to ensure compliance.

Furthermore, the Outsourcing Guidelines also require compliance with the Data Security Regulations. With respect to restrictions on data storage location, refer to section 1. Cloud Computing above. There are no price revision restrictions under the Israeli law and regulations.

No response provided.

There are a few core rules regarding data protection in Israel:

  • Lawful basis for processing – one can only process personal identifiable information if it has lawful basis; usually the lawful basis is consent. The Israeli Protection of Privacy Law, 5741-1981 (hereinafter, the 'Privacy Law') states that any use of personal identifiable information should be after an informed consent. That means that a data subject should receive sufficient information to decide whether he or she wants to consent to such use, and for which purpose the personal information is used.
  • Transparency – the Privacy Law states when requesting from a data subject to use or store its information in a database, the request should include the following: whether such information is based on legal requirement, or on the data subject’s consent; the purpose for which such personal information is collected; who are the recipients of such information, and for what purposes.
  • Purpose Limitation – the Privacy Law specifically states that a database owner cannot use or process personal identifiable information of the data subject for different use than for the purpose which such personal information was originally collected.
  • No Excess Information – a database owner should not retain the personal information or parts of, if it is not in use by it.
  • Proportionality – the database owner should make sure that the collection of the personal identifiable information is not too excessive and check whether there are less intrusive measures that could have been taken instead.
  • Retention – the database owner shall not retain any personal identifiable information for longer period than needed to carry out the purpose which such personal information was collected for, unless the database owner is required to do so by applicable law.

Israeli law and regulations do not differ between companies and individuals; rather, they differ between a database owner and an individual. Under the Privacy Law, a database which is not solely for personal use of the database owner should be registered with the Database Registrar, a unit of the PPA, if such database contains:

  • Information (as defined below) regarding more than 10,000 data subjects;
  • Sensitive Information (as defined below);
  • data which has been collected from third parties, without the data subject’s consent or knowledge;
  • Information used for direct marketing services; or
  • Information in a public sector database.

As opposed to the GDPR, the system is based on registration of databases and a database owner’s obligation, as opposed to controllers’ obligations.

The Privacy Law divides information into two categories: Information and Sensitive Information. The term 'Sensitive Information' is defined to include details concerning an individual’s personality, intimate relations, health condition, financial condition, opinions and religious belief. This definition is effectively identical to the term 'Information' except for two categories: 'personal status' and 'vocational qualifications', which appear only in the definition of the latter term.

Israeli legislation has yet to expressly address restrictions on employers in the process of collecting information about employees. The main requirements of the employer are similar to the general rules of privacy in Israel, pursuing a legitimate purpose with proportionality, restriction of the purpose and good faith mandate that the collection of information from an employee be done solely for legitimate purposes, which has to relate to the employment relations, and determine if the monitoring of the employer is not too excessive and whether there are less intrusive measures that could have been taken instead.

However, the issues of employee monitoring and limiting use by employees of company computer resources have been addressed in the general collective bargaining agreement that was registered in 2008 (the CBA) which governs the obligations and rights of employees and employers with respect to computer use and rules of conduct for the workplace, wherein the employee uses the employer’s computer. The CBA balances between the rights of the employer and the employee. According to the CBA, generally, the employee shall use the computer for work use and may, in accordance with the general rules of the CBA and the law, use the computer for personal use as well, but with proportionality and only for a reasonable duration of time.

In addition, the issue has been addressed in case laws, such as L.A. (National) 8/90 Tali-Iskov Inbar v the State of Israel – the Commissioner of Women’s Labor et al ('Iskov'), where the National Labour Court discussed for the first time the issue of employees using an employer’s computers, information technologies and e-mail correspondence in the workplace and the employees’ right to privacy in the context of such use. The ruling thereunder established the rights and duties of the employer and employee with respect to computer and e-mail use in the workplace and balanced the employee’s right to privacy and the employer’s right to manage its business as it deems fit, while protecting its property. It was ruled, inter alia, that an employer shall set a clear policy on the permitted and prohibited computer uses at the workplace according to legal rules, including the duties of good faith, loyalty and fairness and in view of principles of transparency, proportionality, legitimacy and adherence to the purpose.

In Iskov, it was noted that an employer should implement a clear policy with respect to the allocation of virtual space in a computer in the workplace. In setting the policy on allocation of private virtual space in the workplace, considerations such as the following may be taken into account: the nature of the workplace, its character, its operations and special needs in general; the type of work performed by the employee; and the character of the position she or he fills and the nature thereof. There may be cases in which use of information technologies for personal purposes is completely banned from the workplace, if there are legitimate interests of the employer’s, such as considerations of security and data protection, which stem from the nature of the workplace and the nature of the employee’s occupation or position.

The employer must inform the employees of the policy on use of the technologies available to the employees for work purposes. In the framework of the policy practised at the workplace and subject to the principle of transparency, the employer may prohibit the employees from accessing certain websites, set a time frame for surfing websites, or/and forbid uploading of external data. Furthermore, the employer may put technologies in place for blocking improper computer use by employees. Such employer’s instructions and guidelines to the employees shall be subject to the principles of good faith, disclosure, transparency, legitimacy, proportionality and adherence to the purpose.

In a different case, L.D (Tel-Aviv) 2909-05-12 Anna Gorlik v the State of Israel, the Regional Labour Court ruled that in the event that an employer was exposed to employee’s correspondence on the employee’s Facebook page, although the employee left the Facebook’s website open on the computer at work, the employer is not allowed to print, share or copy such information. In such a case, the Labour Court determined that the employer who collected information through the employee’s Facebook page and shared it, has breached the employee’s right to privacy.

In M.C.M. 2250/01 Guri v the City of Ramla, the Labour Court ruled that an employee who “surfed” the Internet for multiple hours for private purposes, in contrast with the instructions of his supervisors, entered improper websites and conducted surveys online for personal purposes, committed a severe disciplinary violation. The Court deemed that by such acts the employee harms the workplace. Furthermore, the fact that other employees at the same workplace behave in the same manner does not constitute an adequate defence for the employee. In M.I. 3125/08 Suhil Halon v the Fund for Medical Research, Infrastructure Development & Health Services near the Rambam Medical Center (dated 18 December 2008) (the 'Suhil'), it was ruled that surfing on the Internet for private purposes rather than for work purposes constitutes a clear disciplinary offence. However, the Court ruled that the proportionality of the penalty should be examined according to the circumstances, including the extent of the surfing, the rules on surfing at the workplace, the damage incurred by the employer as a result of the surfing and the balance of the interests of the employee and the employer. Suhil is the leading precedent that determined the rules for the monitoring of employees’ e-mails by their employer. The Court drew a material distinction between two main types of virtual e-mail accounts that are available for the employee’s use: an account owned by the employer and an account owned by the employee. Insofar as an e-mail account is owned by the employer, this can be divided into:

  • a professional account designated solely for work purposes and where personal use is forbidden for the employee; and
  • dual and personal accounts allotted by the employer for the personal needs of the employee at the workplace.

The employer may monitor communications data and enter content data when dealing with a professional account solely for work purposes, including the professional e-mail correspondence therein. However, even if the employee has exchanged personal correspondence in the professional account in contrast with the policy of the workplace, the employer may not enter the content data of such personal correspondence. This can only be done where exceptional conditions justify accessing such content data in view of the principles of legitimacy, proportionality and applicable law, and insofar as the employer sought and received in advance the explicit informed voluntary consent of the employee thereto.

The employer may make an account available to the employee that is meant to serve his or her personal needs and personal correspondence. In this context, the employer may allow the employee to exchange personal correspondence in the account made available to him or her for work purposes in general - such account being referred to as a dual account. Another option is to allocate a separate account to the employee, in which he or she is able to exchange personal correspondence, which is not related to the work and is not for work purposes - such account being referred to as a personal account. The employer may not monitor personal correspondence exchanged by the employee, either in a personal account or a dual account. In addition, the employer is prohibited from accessing the contents of the personal correspondence, other than in exceptional circumstances.

The employer must seek and receive the employee’s explicit, informed and voluntary consent to the general policy concerning the employer’s access to the personal or dual account and the personal correspondence contained therein. Furthermore, insofar as accessing a dual account is concerned, the employee’s specific consent is required for any act of the employer’s which enters the contents of his or her personal correspondence, as distinguished from his or her professional correspondence in the same account.

In a recent ruling, LC (Hi.) 6017-09-16, Mikhail Zochovizki v Hamechadesh Ta’asiyot Ltd. (dated 25 December 2018), the Regional Labour Court awarded damages of approximately the equivalent of USD5,400 to an employee on the basis of invasion of privacy after the company he worked for entered his e-mail account without his permission. The employee used the e-mail for his personal needs as well as for work. In addition, the employee claimed that during his last few months of employment, the company tracked his e-mails to the inbox which they provided him for work, even though he used it for personal needs as well. Therefore, he sought damages for approximately the equivalent of USD27,040 because of pain and suffering caused by the serious invasion of his personal space, without his permission to do so. The employee stressed that there was no set policy regarding e-mails in the company, that he signed no agreement regarding e-mails and that he never allowed anyone to read his e-mails. To strengthen his claims, the employee added a screenshot of his e-mail inbox at work to prove that he used that e-mail for personal reasons as well.

The company claimed in defence that it neither monitored the employee’s e-mails nor tracked him. Rather, the company acted only to keep up continuous contact with the relevant contacts at work and with clients who were in contact with the employee. The company only diverted messages that were relevant and necessary for the sake of sound management in the company, at a time when the employee already had one foot out the door.

Due to the employee’s past position as chief executive officer, and his knowledge of the importance of e-mails to ensure continuous business activity, the Labour Court ruled that his request for damages in the amount approximately the equivalent of USD27,040 was exaggerated and instead awarded him USD5,400 due to the pain and suffering caused by the intrusion of privacy.

There are two types of technologies that currently deem to fall within the scope of local telecommunications rules. The first are wireless communication products.

The law refers to wireless communication products as 'wireless telegraph' under the Ordinance of the Wireless Telegraph 5733-1972 (the 'Wireless Telegraph Ordinance') and defines it as any method of communication through devices which transmit or receive information, communications messages or other signals through the use of electromagnetic wavelengths and without the help of a connector wire between the receiver and transmitter. The creation, maintenance, activation and installation of wireless devices requires a licence under the law. The Minister of Communications may establish exemptions to the need for a licence. The Director of Radio Wavelengths in the Ministry of Communication is allowed, in a written document, to approve an exemption from the licence requirement for a wireless device if he or she believes that a licence would be unreasonable under the circumstances, as long as it does not disrupt or disturb the use of other wireless devices.

Not every type of wireless communication product may be imported to Israel. Those which may be imported, per the Wireless Telegraph Ordinance, and which are not exempt, require approval, either a 'Suitability Approval' or 'Type Approval', as follows:

  • Suitability Approval means that the wireless product meets the conditions set by the Ministry of Communications for wireless devices. These conditions involve defined assigned frequency bands and specific MHz output. Suitability Approval can also be used to release certain wireless devices from customs for a set time period (usually five years).
  • Type Approval means approval from the Ministry of Communications for certain wireless devices which enable efficient utilisation of radio frequencies and which do not disrupt or disturb the use of other wireless devices. One condition to market equipment which receives this approval type is that who receives the device has a valid licence to activate the equipment. This approval can also be used to release certain wireless devices from customs for a set time period (usually five years). Approval type does not allow activation, storage or sale of the equipment - these require separate licences from the Ministry of Communication.

The second are dual-use equipment. Products which include dual-use technologies are equipment and materials which are, in essence, meant for civilian use but which may also be used for military use and require a licence if such equipment is intended to be exported. Circular 3.5 of the Ministry of Economy and Industry, 'Supervision on Export of Goods, Services and Dual-Use Technologies', clarifies the issue of licensing these exports.

The issue of licensing exports in dual-use technologies is based upon the end-user. If the end-user is military, then the approval of the licence falls under the responsibility of the Ministry of Defence, specifically the department overseeing defence exports. The law relevant to all Israeli citizens, Israeli residents and Israeli corporations who market or export defence products, is the law of Defence Export Control Law 5767-2007. Those who fall under the category of defence exporter require a licence. Defence exporters are those who market or export one of the following:

  • defence equipment - this category includes fighting equipment according to the 24 categories set forth in the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-use Goods and Technologies (which include, but are not limited to, firearms, missiles and aircraft), dual-use equipment (advanced methods, including sensors, microchips, electronic equipment, etc) and missile equipment (MTCR);
  • defence knowledge - this category includes information required to create or develop defence equipment or its use (including planning, assembly, improvements, changes, maintenance, operation etc). In addition, the law defines defence information for exporters as all information that relates to the defence forces, fighting methods, security and instructions in the area of defence; and
  • defence services - this category includes services provided by an Israeli citizen or company to a foreign person or body, either outside the country or within its borders, and which deal with defence equipment, including planning, development, creation, assembly, operation, etc.

However, if the end-user is civilian, the approval falls under the jurisdiction of the Ministry of Economy and Industry. If the end-user is unknown, then if the export is to a country which is a member of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-use Goods and Technologies, the exporter will be required to provide an international import certification, which will be provided by the destination country. A licence will not be approved for exports to a country which is not a member of the Wassenaar Arrangement.

In order to broadcast satellite television, which is primarily intended for the public in Israel or to part thereof, a licence from the Minister of Communications (the 'Minister') is required, unless the person requesting to broadcast is permitted under law to carry out such broadcast. This matter is regulated under the Israeli Communication Law (Telecommunications and Broadcastings), 5742-1982 (the 'Communication Law'). Under the Communication Law, there are several preliminary minimal requirements that need to be met in order to receive a satellite broadcasting licence. First, the applicant needs to be an Israeli citizen or an Israeli resident or a corporation registered in Israel. Second, the applicant has not been convicted of an offence that due to its severity or circumstances he or she is not adequate to receive a licence. In the case of a corporation, none of its directors or interested parties have been convicted of such offence.

According to the Communication Law, when considering whether to grant a satellite broadcasting licence, the Minster shall take into account the following considerations: first, the Israeli government’s policy with respect to telecommunication and broadcasting to the public; second, public welfare considerations; third, the suitability of the licence applicant to broadcast satellite broadcasts; and forth, the contribution of granting the licence to the competition in the field of telecommunication and broadcasting, as well to its diversity and the service levels.

The fees for a broadcasting satellite licence, according to the Communication Regulation (Telecommunication and Broadcasting) (Television Broadcasting via Satellite) (Licence Fee and Royalties) are approximately the equivalent of USD8,177,707.

There are several additional general laws that regulate broadcasting, such as Classifying, Marking and Prohibiting Harmful Broadcasts, 5761-2001, which regulates the obligation to classify and mark television broadcasts which are not appropriate for children and teenagers. Another law that regulates broadcasting in general is the Television Broadcast Law (subtitles and sign language), 5765-2005, which regulates the integration of subtitles and sign language for the benefit of the deaf and the hearing impaired. The obligations under this law are imposed gradually. Another general law is the Law to Limit the Volume in Commercials, Trailers and other Broadcasts, 5768-2008, which regulates the volume levels allowed to be used in such broadcasts as mentioned above.

The requirements mentioned above are not applicable to companies with online video channels. The latter have yet to be regulated under Israeli law, although the current minister has proposed to regulate some aspects of online video channels.

The Advisory Committee for Regulation of Audiovisual Services (the 'Filber Committee'), convened in October 2015, published recommendations advancing bureaucracy relief and competition in the Israeli broadcasting market. The Filber Committee encouraged entrance of new players into the Israeli broadcasting market, by implementing regulations differentiated according to size and market share of the audiovisual providers in the broadcasting market. So far, the recommendations have not been translated into laws and regulations.

No response provided.

In Israel, the State regulates use of encryption items through the Order Governing the Control of Commodities and Services (Engagement in Encryption Items) 5734-1974 (hereinafter, the 'Order'). In order to regulate engagement in this field, the Ministry of Defence has instituted a system of control and licensing for items of encryption.

The Order tries to balance between the needs of the individual and the industry while keeping the essential requirement of the State of Israel to maintain adequate control over the dissemination of means of encryption in Israel and abroad, so that such technologies will not fall into the wrong hands, such as countries recognised as supporting terrorism, terrorist organisations or criminal elements, and therefore be used for harmful purposes.

'Encryption' is defined under the Announcement on the Governing the Control of Commodities and Services (Engagement in Encryption Items) 5734-1974 as: preventing apprehending information, either entirely or partially, by changing the information or its transfer, either by using mathematical formulas, or algorithms formulas, whether with encryption keys or not, and in ways that enable restoring the original information or part of; or co-ordination of encryption keys.

In order to either develop, manufacture, convert, modify, improve, add or subtract features from an encryption device after a combination, acquire, use, posses, transfer from a location to a different location, import, distribute, sale or negotiate export in writing or in orally, in any means of communication and without connection to the results, or export of means of encryption, the export of knowledge and/or training and/or training relating to the engagement in means of encryption, including to an Israeli corporation controlled by a person who is not an Israeli resident, is subject to a licence. It should be noted that the Ministry of Defence exempts personal use of engagement in encryption items, whether personal use is of a person, a company, an organisation, etc, as long as they do not transfer it to a third party.

There are three categories of licences for engaging in encryption items:

  • 'Restricted Licence', which is a licence that imposes restrictions on engagement in encryption items. These restrictions may also apply to permissible forms of engagement in encryption items, or to the nature of permissible sales (eg, restriction on selling to certain countries and sectors). As a rule, a restricted licence is valid for one year.
  • 'Special Licence', which is a licence for specific engagement; generally involving sales to clients who do not fall under the restrictions imposed on an applicant for a Restricted Licence. As a rule, a Special Licence is valid for one year.
  • 'General Licence', which is a licence for a particular encryption item which allows the licence-holder free use of that item (other than modifications or integration that essentially create a new item for which a separate licence is required). The sale of such items of encryption is decontrolled and not subject to reporting procedures. Such general licences are issued with no time limit to their validity.

There is also a concept of 'Free Means', which means a type of encryption that the Director-General of the Israeli Ministry of Defence has declared to be decontrolled. A periodically revised list of encryption items which have been declared 'decontrolled' is published in the Official Gazette of the Government of Israel.

This chapter was authored by Adv. Sharon Gazit, Head of the Corporate and Technology Department, together with Adv. Yael Edell Rosenmann and Adv. Judy Amidor.

Adv. Gill Nadel, Chair of the Import, Export and International Trade Law Practice wrote the Scope of Telecommunications Regime section (8) and the Encryption Requirements section (10), and Adv. Revital Shprung – Levy, Partner, Labor and Employment Department wrote the Monitoring & Limiting of Employee use of Computer Resources section (7).

No response provided.

Goldfarb Seligman & Co.

Ampa Tower
98 Yigal Alon Street
Tel Aviv 6789141
Israel

+972 3608 9999

+972 3608 9909

info@goldfarb.com www.goldfarb.com
Author Business Card

Law and Practice

Author



Goldfarb Seligman & Co Law Offices is one of Israel’s largest law firms and is the top choice for many international and Israeli TMT corporations operating both in Israel and abroad. The firm handles a wide variety of transactions ranging from private transactions for small and medium-sized companies and individuals to complex corporate transactions and multinational transactions that greatly influence the Israeli market. The firm's attorneys frequently represent clients in M&A transactions in the TMT field, and the TMT practice regularly advises clients engaged in cutting-edge technological developments in the field, including cloud computing, blockchain, big data, AI, machine learning, IoT and more. The firm also handles dozens of capital-raising and investment transactions every year, providing ongoing counsel to a diverse client base ranging from classic TMT companies to investment funds, private investors, entrepreneurs and more.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.