ERM advises Eliran Solar Ltd. on the sale of 75% shares by Tadiran group for 45 million shekels.
Nimrod Rosenblum, Partner and Head of ERM’s Corporate and M&A practice, acted for Eliran solar Ltd. together with associates Eitan Lahyani.
For more information on the acquisition, click here.
The European Data Protection Board (the Board) has recently published practical guidance on how organisations should approach international data transfers of personal data of EU residents. This guidance includes recommendations on supplemental measures that can be adopted to help protect such personal data from access of governmental authorities outside of Europe. The guidance follows the Court of Justice of the European Union’s landmark Schrems II decision (more information here).
The following provides an overview of the recommendations that Israeli companies that regularly process personal data of EU residents and are therefore subject to the GDPR should take to heart when conducting international data transfers.
The Board’s recommendations (the Recommendations) outline six steps that organisations should take to assess whether their global data flows comply with EU law or whether they need to take supplementary measures to ensure sufficient protection of personal data.
The data exporters should record and map all international transfers of personal data.
The data exporter must identify the transfer tool on which the data transfer relies. The tools currently practically relevant are: an adequacy decision by the European Commission, standard contractual clauses, binding corporate rules, or one of the limited derogations such as consent.
While Israel currently enjoys the status of an “adequate jurisdiction”, it is worthwhile for Israeli companies to be aware of the further recommended steps: Often, Israeli companies work with service providers outside of Israel and the EU and have to rely on another transfer tool to enable data flow. In addition, Israel’s adequacy status is currently under review by the European Commission. Should this review find that Israeli laws do not adequately protect EU residents’ personal data and the adequacy decision be revoked, Israeli organisations will have to rely on alternative transfer tools.
The Recommendations clarify that simply relying on an “appropriate safeguard” such as the standard contractual clauses may not be enough. Instead, businesses should assess whether the transferred personal data would be subject to a level of protection that is essentially equivalent to that guaranteed in the EU.
This means that the data exporter must assess if there is anything (!) in the law or practice of the third country that may decrease the effective protection of personal data. This is especially the case if public authorities of the recipient country may access the transferred data in a manner which “goes beyond what is necessary and proportionate in a democratic society”.
If the “appropriate safeguard” adopted is not effective on its own, businesses must consider supplementary measures. The Board provides a list with several practical recommendations of (1) contractual, (2) technical, and (3) organizational measures that can be implemented. These supplementary measures are particularly significant, as they are the only way in which data transfers from the EU to the US or other countries whose privacy laws do not offer an “equivalent” level of protection can continue.
Businesses should monitor, on an ongoing basis, developments in the jurisdiction to which they have transferred personal data that could affect their initial assessment.
Israeli companies that are subject to the provisions of the GDPR will have to review and assess their data transfers and transfer tools. Those that currently rely on standard contractual clauses for their transfer to third countries will need to carefully examine whether these are, in fact, an appropriate tool and, if necessary, adopt the required measures to ensure compliance.
The European Commission recently published a detailed report on the ethical issues associated with connected and automated vehicles. The report aims to promote a safe and responsible transition to connected and automated vehicles (CAVs) by engaging the various players in the field, such as manufacturers and deployers, policymakers and researchers, in considering these ethical considerations. Much like ‘privacy by design’, the report recommends ‘ethics by design’ in suggesting the systematic consideration of ethics at development stage.
The report presents a set of twenty ethical recommendations concerning the future development and use of CAVs in the context of three broad areas:
1) Road Safety, Risk, Dilemmas;
2) Data and Algorithm Ethics: Privacy, Fairness, Explainability; and
3) Responsibility
The overlap with the privacy world is substantial, and so, below we consider some key issues emerging from the report in respect of data protection and privacy, which manufacturers and deployers of CAVs should take to heart:
Protect User’s Right to Informational Privacy
In line with the GDPR’s basic principles regarding data minimisation and purpose limitation, manufacturers and deployers of CAVs must inform data subjects about the specific purposes for which their data are collected. They must also give data subjects control over their data by enabling them to easily access, rectify or erase their personal data.
If personal data is processed for purposes that are not necessary for the proper functioning of the CAV, such as advertising, the carmaker has to get the user’s consent for such use, especially when these purposes involve data sharing with third parties. The manufacturer cannot make the use of the CAV service contingent upon the user’s consent. The report specifically calls for a more nuanced approach than the “take it or leave it” model of consent that is quite common in many industries. Instead, carmakers should develop more sophisticated and advanced consent options.
Moreover, the Report mentions that it would not always be appropriate to request consent, for example when the CAV driver is under pressure, in an unsafe area, or in a situation where they need to make a quick decision. In such case, the user may be in a vulnerable position with limited ability to choose or negotiate conditions as offered by the service provider. A consent given in such situation, may be deemed invalid and the manufacturer should refrain from processing the relevant data.
Develop Transparency Strategies
A CAV moves through physical space and, while doing so, exchanges data with other CAVs, with the carmaker’s servers and with the ever-growing landscape of other connected infrastructure on the road. This complex ongoing multi-party data sharing is often difficult to explain to drivers, especially its effect on their privacy rights.
In addition, CAVs also collect data of other road users, including pedestrians, which can affect their privacy rights – these other road users need to be informed as well if their data are collected. The report suggests that these other users can be informed via in-vehicle or wearable smart-device displays, audio-visual aids on roads (e.g. street signs, flashing icons, beeping sounds), or other communication modes. Manufacturers should also endeavour to anonymise any data of third parties that is collected by CAVs, especially when they wish to use this data for internal R&D.
Manufacturers are advised to develop meaningful, standardised transparency strategies to cater for such complex data interactions and collection.
Transparent Algorithms and Regular Audit
Algorithms in CAV systems can create new personal data about the driver or be used as a basis to make automated decisions about them. Algorithm-based machine operations and decisions can have a significant impact on users. Manufacturers and deployers must explain this impact as well as the functioning of the CAV technology in a way that is transparent and easily understood by anyone without prior knowledge of the technology.
If the CAV technology results in significant automated decisions affecting an individual, a manufacturer has to ensure that such decisions can be explained and justified and the circumstances that led to such decision can be examined.
Another CAV-specific concern is that the algorithmic basis for CAV systems and operations can trigger unique variables that can lead to biased outcomes. The report points out that prior examples show that the prevalence of social biases in data sets, combined with limitations in sensing systems and automated machine learning models, are highly likely to reproduce and reinforce biases, such as negatively representing women, children, or people of different races. Manufacturers and deployers should take steps to increase the users’ awareness of potential risks of bias. Initial examples might include “warning flags”, labelling remedies, and diversity requirements when presenting users with options. At the same time, manufacturers should develop a targeted algorithm auditing procedure to regularly assess algorithms for efficacy and bias in order to avoid such reinforcement of biases or unnecessary lack of transparency.
Next Steps
While the report itself is not legally binding, the recommendations contained therein are supposed to give confidence to manufacturers and deployers in the development of CAV technology in ways that are ethically defensible and also provide a platform for future CAV research, development and deployment. We would strongly recommend that manufacturers familiarise themselves with the entire scope of the report, as recommendations for new legal standards and policies give a good indication to the general framework that will govern such activities in the future. It is becoming clear that data protection is a crucial element in the field of CAVs, and that manufacturers are advised to ensure that their products and services are aligned with the latest legal requirements.
The full report can be found here, and a factsheet here.
As ever we are ready to assist with all your needs. Please don’t hesitate to contact us.
ERM which assisted Reps AI, an AI driven machine learning start-up in the field of customer care, since just after its incorporation, provided counsel on the acquisition of Reps AI by KMS Lighthouse of the Aman Group, for cash with a performance-based earn-out mechanism. The transaction was completed within a short number of weeks and included restructuring of the company’s share and debt structure so as to ensure optimal benefit for investors now and at the end of the earn-out period.
Jeremy Seeff, partner at ERM’s Corporate and M&A practice, acted for Reps AI together with associate Eti Avnery.
For media coverage of the deals, please click here.
ERM advises Intelligo on the company’s 15M$ series B financing led by US – based Behrens Investment Group.
Nimrod Rosenblum, partner at ERM’s High-Tech & Venture Capital practice, acted for Intelligo together with associate Galit Farkash.
For media coverage of the deal, please click here.
ERM advises Logia power systems Ltd. on the sale of 70% of the company to Afcon.
Amnon Epstein, Partner and Head of ERM’s Energy & Infrastructure acted for Logia power systems Ltd. together with Chen Weiss, Eti Avnery , Errel Peli and Bar Cohen.
For more information (Hebrew) click here
Thank you to all those who participated in our webinar: “LGBT+ diversity and inclusion – and how it contributes to business success”. We were thrilled to co-host the webinar with our friends at Bryan Cave Leighton Paisner LLP and to host Yael Kfir from Teva Pharmaceuticals and Darren Rickards from Bank of America on our panel co-moderated by Daisy Reeves and Jeremy Seeff.
A video recording of the webinar can be seen by clicking on the link below: (link)
ERM advises E.ON on the Israeli aspects relating to the merger squeeze out of Innogy as part of the merger between E.ON and RWE.
In addition, ERM represents E.ON, now one of the largest operators of energy networks and energy – related infrastructure in Europe, in relation to their Israeli operations including the restructuring of the Innogy Innovation Hub to form the venture capital fund known as Future Energy Ventures and the establishment of a local accelerator.
Ron Abelski, partner at ERM’s Corporate & M&A practice, acted for E.ON with associates Dr Orit Dayagi-Epstein and Eti Avnery.
For media coverage of the deals, please click here, and here.
ERM advises Kedma Capital on the sale of its stake in Femi Premium to London-based private equity fund G Square Capital.
Nimrod Rosenblum, Partner and Head of ERM’s Corporate and M&A practice, acted for Kedma Capital together with Jeremy Seeff, and Adi Garmazi.
For more information (Hebrew) click here
ERM advised Pan-European chemicals supplier Azelis on its strategic entry to Israel with the acquisition of specialty chemicals distributor Orokia.
Nimrod Rosenblum, Partner and Head of ERM’s Corporate and M&A practice, acted for Azelis together with associates Itamar Lev, Eti Avnery and Errel Peli.
For more information on the acquisition click here (Azelis)