08/11/2020

The TikTok “treatment” – Can Israeli startup companies also be at risk?

artical-image

The relationship between the US and Israel seems to be at an all-time high. But even if you are an Israeli start-up company, it only takes a few wrong moves to be limited or worse, to be blocked by the US Administration. Here are some points to consider and should watch out for.

By: Adv. Idan Ben-Yacov

In a meeting with the press in August 2020, US President Donald Trump dropped a bomb, when he said that he would take immediate action to shutdown TikTok in the United States unless it will be acquired by a U.S. corporation like Microsoft or another “very American” company. And he did. Within a few days, the President issued an executive order to this effect. The detrimental damage to TikTok is obvious.

TikTok does not protect and safeguards user privacy, and even shares the data with the Chinese government, Trump alleged. The executive order states that: “The United States must take aggressive action against the owners of TikTok to protect our national security.” In other words, from his point of view, TikTok’s operations in the US are a threat to its national security.

TikTok understood the business implications of the above-mentioned executive order, and indeed, as it was published in mid-September the company rejected Microsoft’s acquisition offer and accepted the offer rendered by Oracle, which will invest in TikTok purchase a portion of the US operation and receive a portion of the TikTok’s shares plus provide cloud hosting of the U.S. TikTok company. This move will save TikTok operations in the US.

Simultaneously, a Federal Court in California issued a ruling that prevented the Department of Commerce from blocking Google and Apple from hosting WeChat, a Chinese-owned app. The grounds in both TikTok and WeChat cases were the same – national security.

The general sentiment is that this is a tug of war between the superpowers. However, the national security rationale can operate against other companies, big and small, including Israeli companies. In the United States, like in Israel, security is almost always an ace that trumps other rights and privileges such as property, freedom of occupation, privacy, etc. In this case, the national security interest is significantly impacting the course of business, forcing a giant multinational conglomerate to sell into American hands.

Based on my experience with Hi-tech and Fintech companies in various stages and sectors in Israel and around the world, once the security card is on the table, there is almost nothing to be done. There are, however, few steps that one should consider to mitigate the risk:

Israel and the US have a good relationship, with an almost free flow of information and people between them, including in the fields of software and development, and including relocations and R&D centers. Israel is not perceived as a security or economic threat by the US; on the contrary, the two countries are considered tight allies in matters concerning security, and Israel is therefore treated much more favorably than other countries.

On the other hand Israel has experienced in the past situations when the US government has raised a veto on the Falcon aircraft deal between the Israeli aviation industry and china. That said, if an Israeli company has a foreign partner or investor, this may change the picture. It is important to pick your partners (and even consider who their partners are) not only from the business perspective, but also in terms of how they would be treated by the authorities.

Many Israeli start-up companies choose their investors through third-party companies who track down potential investors, VC’s, etc. or based on early acquaintance. If the company plans to operate in the US market, and most tech companies do, it is advantageous to approach American investors first. This way, the company will be prepared (to an extent) to handle US laws and regulations, or will at least be familiar with this environment, its advantages and disadvantages. Obviously, there is nothing wrong with foreign investors (American, Chinese or from any other country), but all consequences must be taken into account. If you have already chosen non-US investors, the next paragraph is for you.

Work with multinational investors. The main difficulty with TikTok was that it was entirely Chinese: the software was developed in China, its main databases are allegedly located in China, and its shareholder is Chinese company. Therefore, TikTok was allegedly exposed to influence by the Chinese government and to the “political war” between the two countries. Given China’s track record in privacy matters, it would be difficult to defend the claim that TikTok was not under the control of the Chinese government. If the company had investors from other jurisdictions as well, perhaps it would not have been perceived as centrally controlled, especially by a government.

Location of databases and processing. The GDPR has revolutionized the treatment of privacy around the world. The physical location of the servers storing the data, determines, among others parameters, which laws will apply to these servers and to the company, and impacts the ability to process and use the information and transfer it to third party states for further processing, etc.

In July 2020, the Court of Justice of the European Union held that US law, and primarily the ability of the Federal Administration to demand (and receive) personal and/or confidential data that was processed on US soil, fails to satisfy European Union privacy standards. Until US privacy laws are amended to comply with EU and GDPR standards, the “privacy shield” framework allowing transfer of data between Europe and the US may not be used.

This will effectively limit information transfer between Europe and the US, and is liable to cause extensive damage to various corporations that collect and/or store data in Europe but process it in the U.S. Where your servers are located is therefore very important. Upon Oracle’s investment in the “American” TikTok, sources in the US Administration stated that data security standards and protection would be enhanced, and all data about US citizens will be stored in servers in the US.

Local partners. As is often true, in this context as well, a local partner could prove beneficial, not only because it would be familiar with local procedures, but also in order to demonstrate that the company is not entirely foreign. In the TikTok case, for example, the Administration agreed for the company to be partially sold to a US entity, because the issue was not with TikTok’s line of business but with the fact that it was wholly owned by a foreign entity.

Privacy policy. Developers often define very broad privacy policies for their apps. For example, you can easily find in the app store flashlight apps whose license includes access to the microphone. One of the reasons why the Administration disapproved of TikTok was its sharing and data privacy definitions: location, camera, microphone, contact list, etc. The permissions requested should be limited to those that are necessary/essential in order to use the app.

As mentioned, there is no clear-cut definition as to what could constitutes a security threat, but with solid planning and good consultation, the risk of administrative intervention in these respects can be minimized.

The author is a lawyer who provides ongoing advice to high-tech companies


The above is a brief overview and does not constitute legal advice, advice to take action of any form or interpretation of any kind, and should not be relied upon. Each case should be examined based on its specific circumstances, and an expert lawyer who can tailor the best plan for the client should be consulted. Use of or reliance on the above is at the reader’s own risk, and the author and/or his representatives hereby disclaim any liability.