We are pleased to provide you with our Group’s newsletter for October, featuring leading Cyber, Privacy and Copyright regulation, case-law and related developments in the United States, Europe and Israel.

This edition features the following items:

  • New Exemptions to the Prohibition on Circumvention of Technological Measures

  • Israeli Security Authority Clarifies Cyber-related Discosure Requirements

  • New North American Trade Agreement Establishes Rules on Privacy, Cyber and Liability of Internet Service Providers

  • Joint Statement by Regulators on Eu-U.S. Privacy Shield

  • Microsoft joins a patent network that protects Linux and open source software programs

October 26, 2018

NEW EXEMPTIONS TO THE PROHIBITION ON CIRCUMVENTION OF TECHNOLOGICAL MEASURES

The US Copyright Office has codified new exemptions to section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits circumventing, technological measure used to prevent unauthorized access to copyrighted works.

Software and its copyright-protected code are an integral part of most devices. Device manufacturers argued that breaking the software locks as part of replacing parts or modifying devices is a violation of the anti-circumvention prohibition. Thus, they prevented consumers from repairing their own devices.

In its new ruling, the US Copyright Office has carved out the following exemptions to address, amongst other things, these practices -

  • Jailbreaking and modifying voice assistant devices;
  • Legally unlocking new phones (as opposed to used phones);
  • Repairing smartphones, home appliances, and home systems;
  • Repairing cars, tractors, and other motorized land vehicles.

These kinds of repairs are also legal for third parties to perform on behalf of the devices’ owners. Yet it is still illegal to market the underlying software tools designed to circumvent these technological measures, even for the sake of repair.

October 21, 2018

ISRAELI SECURITY AUTHORITY CLARIFIES CYBER-RELATED DISCLOSURE REQUIREMENTS

The Israeli Security Authority (ISA) has issued an opinion stating its intention to clarify existing disclosure requirements concerning cyber related risks. The new requirements aim to increase the awareness of publicly traded companies to such risks and their reporting obligations in cases of cyber incidents.

The opinion focuses on disclosure requirements in companies’ Prospectus or Periodic Report, and immediate disclosures during cyber-attacks.

ISA provides that if the company has a significant cyber risk, which is relevant to its activity, it must include a disclosure regarding that risk in its Prospectus and Periodic Reports. Disclosure must also be made if a material incident occurs during the reporting period.

According to ISA, a company is required to examine the nature of cyber attacks and decide whether to disclose them to the public in an immediate report. For this purpose, the company must evaluate the overall effect and potential damage caused by an attack, either directly or indirectly.

An Immediate disclosure of a cyber attack may be appropriate, inter alia, in the following cases:

  • The business activity of the company has been suspended for a period of time;
  • The company’s databases have been breached and that breach affects the company's operations. Disclosure where the databases are also regulated by privacy protection laws must be dealt with separately;
  • The company's computer system is materially damaged, effecting the company’s activity;
  • Following a cyber incident, the company is required to pay ransom in a substantial amount;
  • Private business information has been stolen, the exposure of which could cause material damage to the company; and

When a security breach is discovered in the products or systems produced by the company, for which the company is significantly exposed (as a supplier, producer, etc.).

September 30, 2018

NEW NORTH AMERICAN TRADE AGREEMENT ESTABLISHES RULES ON PRIVACY CYBER AND LIABILITY OF INTERNET SERVICE PROVIDERS

The United States, Mexico and Canada announced a new multinational trade agreement, known as the “USMCA”, replacing the 1990s North American Free Trade Agreement (NAFTA). The USMCA is expected to be signed and come into force in the coming months. It includes an extensive chapter on e-commerce, privacy and cyber, and limitation of liability of internet service providers. Among other things, the agreement requires each of the three countries -

To avoid imposing tariffs on interstate commerce of digital products;

To enable the use of electronic signatures;

To adopt or maintain a legal framework to protect personal information of users of digital trade, applying, inter alia, the principles of limitation on collection of information, choice, data quality, purpose specification, use limitation, security safeguards, transparency, individual participation, and accountability.

To strengthen the cooperation in defense against cyber attacks;

Grant broad immunity to web platforms from legal liability arising from users' content. Echoing the 1996 US Communications Decency Act, Interactive computer services will not be treated as the publishers of content originating from users (however the immunity does not cover Intellectual Property issues). Such service providers may not be required to filter content originating from users.

October 19, 2018

JOINT STATEMENT BY REGULATORS ON EU-U.S. PRIVACY SHIELD

The European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, and the U.S. Secretary of Commerce, Wilbur Ross, issued a joint statement following the Second Annual EU-U.S. Privacy Shield Review, declaring the following:

Since its inception in 2016, nearly 4,000 companies have made legally enforceable commitments to comply with the Privacy Shield framework;

  • The significant growth of the program last year highlights the Privacy Shield's vital importance to transatlantic data protection and commerce;
  • In the wake of recent privacy incidents involving the personal data of Europeans and Americans, the U.S. and EU reaffirm the need for strong privacy enforcement to protect citizens and ensure trust in the digital economy;
  • The Commerce Department will revoke the certification of companies that do not comply with Privacy Shield's vigorous data protection requirements.

October 10, 2018

MICROSOFT JOINS PATENT NETWORK THAT PROTECTS LINUX AND OPEN SOURCE SOFTWARE PROGRAMS

Microsoft joined the Open Innovation Network, an initiative dedicated to protecting Linux and other open source software from patent risk. The Network is comprised of about 2,650 companies, including numerous Fortune 500 enterprises. It is a voluntary system of patent cross-licenses between member companies.

Microsoft’s Corporate Vice President, Erich Andersen, described the decision to join the Open Innovation Network as surprising to some, explaining that “it is no secret that there has been friction in the past between Microsoft and the open source community over the issue of patents”. Nonetheless, Anderson explained that “joining Open Innovation Network reflects Microsoft’s patent practice evolving in lock-step with the company’s views on Linux and open source more generally”.