Conflict of Laws and the Information Society: The Israeli Case Study

By: Asaf Lubin.

Recent years have seen a significant number of cases (U.S. v. MicrosoftGoogle Inc. v. Equustek SolutionsCNIL v. Google Inc.Richter v. Google Inc.Die Grünen v. Facebook Ireland LimitedX v. TwitterBelgium v. Skype) centered on conflicting jurisdictions and territorial over-reach in cyberspace. Common to these litigations is a challenge to the power of States to control cross-border data transfers and offshore stored content and its distribution either directly, or indirectly, through internet intermediaries. The rise of social media platforms and online service providers, and their development and deployment of cloud computing, virtual server hosting, and anonymized and encrypted communication software pose the most recent disruptive assault on the power and legitimacy of sovereigns to assert their legislative control and adjudicative and enforcement jurisdiction.

Academic scholarship on the topic is also on the rise. Recently Jennifer Daskal published “Borders and Bits” with Vanderblit Law Review. The Article “highlights the flaws with the straightforward application of old jurisdictional rules onto the new medium of data” further shining a spotlight on “unilateral rulemaking by powerful states and the powerful multinational companies that manage our data, which in turn puts private, multinational companies increasingly in control of whose rules govern and thus the substance of both privacy and speech rights on a global, or near-global, basis.” Daskal ends her paper by calling for (1) increased and detailed transparency reporting by corporations; (2) increased public-private partnership around the development of best practices; (3) increased insistence on notice requirements to users and other governments. Ultimately, however, she notes that these are only “initial recommendations” and that there “simply is no one-size-fits-all answer to the question of how to best regulate the private actors that increasingly manage our data and play a role on par with states in setting the scope of privacy and speech rights”.

In “Litigating Data Sovereignty”, published with the Yale Law Journal, Andrew Keane Woods proposes an alternative approach. Woods argues that the “proper application of foreign affairs law to cross-border internet disputes is not what many litigants and courts have claimed. Crucially, no sovereign-deference doctrine prohibits global takedown requests, foreign production orders, or other forms of extraterritorial exercises of jurisdiction over the internet. To the contrary, one of the key lessons of the sovereign-deference jurisprudence is that in order to avoid tensions between sovereigns, courts often enable, rather than inhibit, extraterritorial exercises of authority.” The Article thus makes the case for restraint, recognition, and comity as standards that should be adopted not only by Courts but also by the legislature, the executive, and internet firms. Woods thus takes a first, though insufficient step, towards articulating a potential conflicts-of-laws framework to govern these instances of what he defines as “data-sovereignty litigation”.

Israel has recently seen an interesting move in its Courts around the application of conflict-of-laws to social media and internet companies. These developments have been pushed by privacy class action law suits which have been brought in recent years against the main California-based tech giants, namely Facebook and Google.

In PCA 5860/16 Facebook Inc. v. Ohad Ben Hemo, the Supreme Court of Israel expanded the possibility of bringing suits in Israeli Courts against multinational internet service providers. That case concerned Facebook’s access and monitoring, without user consent, of Facebook private messages. Facebook argued, in accordance with its terms and conditions, that such class actions should be heard by California courts under California law. The Supreme Court determined that the Terms of Service constitutes a “standard contract”, and that in order to decide the question of whether the Jurisdiction Clause and the Choice of Law Clause were unduly disadvantageous, an examination must be conducted as to whether these clauses deter clients that signed the contract from taking legal action. The Supreme Court found that while the choice-of-jurisdiction clause was disadvantageous (therefore opening the door for such claims to be brought before Israeli Courts) the choice-of-law clause was not. The Supreme Court argued that a choice of law clause protects Facebook’s legitimate business interests, and that in California the precedents and laws are all in English a language “understood by most Israeli residents”. Moreover, those laws and precedents are easily accessible via the internet. As such the Court concluded that the California law will apply, except where such law will deprive Israeli litigants of their preemptory rights (such as constitutional rights, and consumer protection rights).

Earlier this week, in PCA (Tel Aviv) 62205/17 Lior Winter and Liraz Spector v. Google Israel Ltd. and Google LL.C., I submitted an Expert Opinion to the District Court of Tel Aviv arguing precisely as to whether California law will in fact deprive Israeli litigants and consumers of their constitutional right to privacy. This case, concerns Google’s storage of geo-location information of Android users, even when those users selected not to have their geo-location information collected. Google sought to dismiss the class action, arguing that the law applicable should be California law in line with the Ben Hemo decision. However, in my expert opinion I argue why applying California law (including privacy law, contract law, and consumer protection law) will result in significantly narrowing the capacity of Israeli litigants from protecting their rights.

Indeed in multiple cases (including In Re Google Android Consumer Privacy Litigation, and In Re Google Inc. Privacy Policy Litigation) Courts in California have adopted Google’s position that California law sets certain restrictions on the capacity of litigants to bring class action lawsuits in cases of privacy infringements. The primary restriction is the Article III standing requirement under the U.S. Constitution, which demands that litigants coming before Federal Courts will be able to ascertain an “injury-in-fact” that they had suffered. These are hard to establish in privacy-infringements cases where there are no real physical or monetary harms, but rather harms to one’s autonomy. Compare this position to the “Breach of Autonomy” doctrine adopted by the Israeli Supreme Court as a unique Israeli damage theory (e.g. Prin Civ. App. 8037/06 Barzilai v. Prinir (Hadas 1987) Ltd., p. 30 (Nevo, Sept. 4, 2014) (Isr.)).

This case and others similar to it (like PCA 37839/18 Shiran Baruch v. Google Inc.) are likely to reach the Supreme Court, which in turn will have an opportunity to elaborate beyond the ruling in Ben Hemo. Note that then, Justice Hayut made clear that she was not presented with any specific evidence as to the nature and content of the privacy law in California to effectively determine whether the Choice of Law Clause was unduly disadvantageous. If the Court adopts the position, put forward in my expert opinion, it will make for a strong statement as to the desire of the Israeli judicial branch to protect Israelis from the increasing dangers of a highly connected digital society.

The Full Expert Opinion (Hebrew) can be found here.