The Israel Tech Policy Institute: A Discussion with Limor Shmerling Magazanik



While Israel’s image as the “Start-up Nation” is well known in tech circles, the country has lacked a central organization capable of promoting the same level of thought leadership on tech policy and privacy issues. The launch of the Israel Tech Policy Institute (ITPI) in June 2018 ensured that this is no longer the case. ITPI is headed by Limor Shmerling Magazanik, a 10-year veteran of the Israeli government’s Privacy Protection Authority who was recently named one of Forbes’ Top 50 Women in Tech 2018. In this week’s 10th anniversary update, Limor answers questions about ITPI’s unique advantages as an incubator of innovative tech policy, and how it can affect discussions about privacy, technology, and ethics going forward.

You spent over a decade with Israel’s Privacy Protection Authority. What are some differences between privacy law in Israel and the U.S.?

Unlike the U.S., which doesn’t have a comprehensive, national privacy law, Israel passed a law in 1981. Additionally, Israel has a human right to privacy explicitly enshrined in its founding documents. The Privacy Protection authority has jurisdiction over corporations, NGOs, and government bodies. American privacy law takes a more patchwork approach, with laws differing between states and various government agencies responsible for privacy.

One significant difference is that in 2010 Israel’s privacy regime was deemed adequately compliant with Europe’s privacy standards, and while our privacy laws are under review to determine compliance with GDPR, the adequacy declaration is in full force. The U.S. has not received that declaration due to its lack of a national privacy law. ITPI held a GDPR compliance workshop last May during Cyber Week at Tel Aviv University, where we provided hands-on, practical guidance to help companies prepare for, implement, and comply with GDPR.

It was clear from my experience working in the government that Israel is tackling many of the same questions as the U.S. when it comes to tech policy – and privacy in particular. Even though we have a privacy law, a lot has changed since 1995, when the law was amended last to include digital rights. The “right to be forgotten” is new under GDPR, and is just one of the topics that companies, regulators, and academics are grappling with.

What attracted you to lead ITPI?

It’s no secret that Israel has a booming tech scene. Much of government policy for the past 25 years has been geared towards fostering the growth of this crucial sector; it’s the engine that propels the Israeli economy.

What we lacked until last year, however, was an organization devoted primarily to tech policy, cybersecurity, and privacy. ITPI was born in an effort to bring the best and brightest in academia, industry, government, and NGOs together so that Israel can have a reputation for innovative policy to match its well-deserved reputation as the “startup nation.” I am thrilled to be a part of this effort in its early stages.

What are examples of other events you’ve helped organize in addition to the GDPR training?

ITPI co-hosted a workshop with the Hebrew University Cyber Law Center, the Israel Democratic Institute, and the Israel National Cyber Directorate on Israel’s draft cybersecurity law. By bringing together experts from academia, industry, and government representatives from Israel, the U.S., and the E.U, the workshop allowed attendees to compare Israel’s new proposed cyber law with laws in other countries.

We also recently co-hosted an event with the University of Haifa to discuss Professor Yohai Benkler’s new book, Network Propaganda: Manipulation, Disinformation, and Radicalization in American Politics. Propaganda and “fake news” are areas where tech policy in every country has fallen behind the times, so it was good to discuss an issue that was timely in a way that most people can understand. It was especially significant since Israel is holding general elections in 2 weeks.

What do you see for the future of privacy in Israel and the U.S.?

The new elements of GDPR, such as the “right to be forgotten,” data portability requirements and stronger enforcement powers do not currently exist under Israeli law. While the legislative process plays out in both countries, we need companies to lead the way by adopting ethical codes of privacy practice that go above and beyond what is currently required under the law. This is especially important in the United States, where the legal ecosystem around privacy is so uncertain.

Another area I am interested in is financial technology. During my time at the Privacy Authority, I worked extensively with the local credit bureaus and the Bank of Israel to ensure their compliance with privacy regulations. In the U.S., credit bureaus were organized by the private sector before privacy considerations were given their full due. Additionally, many consumer protection laws do not cover financial institutions. On top of that, you have states passing their own laws, and California’s CCPA in particular will have profound impacts on tech companies based in Silicon Valley and around the world.

I will also focus in the near future on open data for AI development, especially the safe use of health data to support lifesaving and life-improving research.

I hope ITPI can play a pivotal role in developing policy approaches that can be adapted by Israel, the E.U., the U.S., and the rest of the world.

FPF will host our next Privacy Book Club on April 24 at 2:00 PM EST. Join us to discuss Habeas Data: Privacy vs. the Rise of Surveillance Tech by Cyrus Farivar. Sign up for the book club here.

We hope you will join us at our 10th Anniversary Celebration on April 30. Buy your ticket here.