A good lawyer knows the law but a great lawyer knows the judge". While this famous phrase is usually quoted, humorously, with a negative connotation, the "great lawyer" is in fact the expert who, not only knows the law, but also understands and is intimately familiar with its background, accepted interpretations and applicability by the local market, judges and relevant authorities.
The intention of this article is to focus on several areas which should not be overlooked by U.S. and other foreign lawyers when engaging Israeli law firms for specialist advice in the context of investments and M&A transactions involving Israeli targets.
This article will also highlight certain important new legislative changes which demonstrate the fluidity of the Israeli legislature and then refer to other aspects generally relevant for transactions in Israel.
In any substantial acquisition, it is necessary to obtain antitrust advice both in connection with obtaining merger approval for the contemplated transaction as well as with respect to the legality and enforceability of non-competition provisions. Effective as of January 1, 2019, there have been significant amendments to the Economic Competition Law (formerly known as the Antitrust Law) which include increasing the threshold which requires the transacting parties to apply for approval, to an aggregate joint sales turnover of NIS 360 million (equivalent to approximately US $94 million) in place of the previous threshold of NIS 150 million. Other standards, such as the minimum NIS 10 million (equivalent to approximately US $2.6 million) threshold for each of the merger parties remain unchanged but it is, of course, important to be aware of all aspects that can affect the deal.
Aside from the approval process for transactions, the Israeli Competition Authority (formerly known as the Antitrust Authority) is active in enforcing against companies and their officers for various offences such as cartels, insider trading and abuses of a monopoly position. Incidentally, a monopoly is now defined by "significant market power" with the respect to the supply or purchase of goods or services, and not just by virtue of its holding more than 50% of a particular market.
It is particularly important to note that laws have recently become more stringent in terms of directors' responsibility for compliance, not just with antitrust laws and regulations, but also with respect to compliance with other areas of the law, such as privacy/data protection, health & safety, sexual harassment and so forth.
PRIVACY AND DATA PROTECTION
Another important recent focus is privacy and data protection law and regulations. Although the United States and European Union also have strict privacy regulation, to varying degrees, certain key obligations under Israeli law exceed even the European Union's recently effective General Data Protection Requirements (which, it is important to note, can apply to Israeli companies with European data subjects). While companies that adopt a comprehensive GDPR compliance program may result in partial compliance with Israeli data protection laws, additional actions must be taken in order to be fully compliant.
For example, while the GDPR requires controllers and processors to take appropriate technical and organizational measures to ensure the level of security that is appropriate to the level of the risk, the Israeli Data Security Regulations (2017) impose specific, granular requirements with respect to personal data collected and maintained in databases. These Israeli regulations include detailed requirements for controlling, monitoring and recording database access. They also impose specific requirements and timeframes for performing "proper penetration testing" and rotating passwords.
In addition, while the GDPR permits, under certain circumstances, the export of data outside the EU to entities with adequate levels of protection, Israeli law imposes additional conditions such as specific consent from data subjects or a commitment from the data recipient to protect information in accordance with the law. Israeli law can also be stricter with respect to subsequent transfers of data to sub-processors, and in its requirement to appoint "data security officers" even in cases where no comparable obligation exists under the GDPR. A requirement to register certain types of databases is also unique to Israeli law, as well as additional terms that must be added to Israeli agreements for the outsourcing of data processing activities.
The importance of educating foreign clients, their general counsels and our partner-law firms with these recent and dynamic privacy regulations, is not only in the context of due diligence on Israeli target companies, but also for ongoing operations in Israel, as increased penalties for data protection violations are likely to come into effect. If passed, they will substantially increase the risk profile of non-compliance, and random audits by the Israeli authorities are expected to become a feature of the new environment.
It should also be noted that Israel has very strict export controls and license requirements for the export of encrypted data, which is beyond the scope of this article.
To read the full article click here
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.