Interview with Wix's DPO Lior Saar

Tom Orbach
9
min read

As part of the Top DPOs 2022 project, we’ve interviewed top privacy experts in the tech industry to unveil and share their practices with the community. Read how Wix’s DPO takes a privacy-by-design-oriented approach to achieve compliance without hindering business operations.

Lior Saar

From implementing up-to-date privacy practices across the organization to handling a high number of data subject requests, a DPO has to overcome many challenges to succeed.

Could you please tell us a little bit about yourself and your legal background?

My name is Lior, and I was born in Belgium. I started my education with studying two degrees in bioinformatics. After which, I decided to spice it all up with law school. After finishing my degrees in Computer Science, Life Science, and Law, I became really interested in the interplay between law and other subjects. My interest in tech first drew me to focus on IP law, from which I shifted to work at an antitrust department for another big law firm. After a couple of years working at some of the best law firms in Israel, <hl>I felt like it was time to blend my background in technology and my broad legal experience together — and work at a tech company that has an ambitious yet super interesting mission.<hl>

This led me to start my journey at Wix: As I have always been involved in coding and web development (since the early 90s), I was immediately captivated by the idea of working at a company where we aim to help anyone create their dreams online professionally. 

What is your approach to data privacy, and how does it affect your work as DPO at Wix?

I think that <hl>privacy is a basic human right that sometimes might be challenged when it comes to developing digital products.<hl> The GDPR has been a substantial milestone because (amongst others) it elevates the users’ privacy to be a core consideration in product development.

Our approach at Wix is that we build the best products in the world. Part of doing the best product is saying that privacy principles should be incorporated into the product design from scratch. It should not be an afterthought or something to cross off the checklist. Part of our efforts in building the best products out there involves (among other things) gaining our users’ trust by dealing with their data in a respectable way. By the way, as you all know, this is exactly “Privacy by Design.” 

At Wix we truly care about our users. That’s why when tackling compliance issues, we do not only make sure we as a company are compliant with privacy regulations, but we also help our users - who are website owners - by providing them the tools to help them be compliant with privacy regulations (and other regulations, such as Accessibility for example). I find this amazing, and it’s definitely a part of my job that I love and am proud of.

In this regard, none of this could happen without the entire team. I have the privilege to work with some of the best privacy and product counsels out there who are doing an amazing job (<hl>Eva Zbili, Marcelo Treistman, and Amos Eytan, you are the best<hl>).

Can you tell us about an exciting project that you worked on where you implemented the Data Subject Rights principles?

Sure! In 2016, Wix as a company decided to begin to implement the GDPR requirements. Not an easy task for any company. After finishing a thorough analysis, Wix Management decided the following:

  1. Even though GDPR might be perceived as a Regulation dealing solely with EU data subjects, Wix Management believed that Data Subject Rights should be granted to all our users in all geos. Wix gives equal Data Subject Rights to all of its users anywhere they are.
  2. Wix will not only grant Data Subject Rights to its users. We built an infrastructure that serves our Users vis-à-vis their users as well. In other words, we build a product that empowers our users, as site owners, to handle their users' Data Subject Requests.

Wix’s state of mind, to take our users’ privacy so seriously, is not trivial at all and surely wasn’t in 2016.

The resistance by some companies against cookie consent is well-documented. Any anecdotes you mind sharing about this?

Well, I believe that when it comes to accessing personal data and complying with cookie consent rules, there is a way for companies to ‘have their cake and eat it too.’ As we did with our Data Subject Requests internal solution, we developed a Cookie consent solution for Wix while developing an additional Cookie consent solution for our site owners as well. This was a huge effort and win, led by a multidisciplinary task force in the company (Product Managers, Operations, Devs, UX, Customer Care, and Legal - you all know who you are).

We were truly surprised that <hl>after implementing our consent banner on Wix, we witnessed an increase in our conversion rates<hl> in certain geos. We augmented our users’ trust and received improved conversion in return, it’s so simple as that.

Transparency is a prerequisite to enabling individuals to exercise control over their data. Could you tell us how you simplified your Privacy Policy to make it more accessible to individuals?

Our primary goal is to make sure our users understand what and for which purposes Wix uses its users’ data. Most importantly, in plain English (that is why we have our #ItsThatEasy part in our Privacy Policy; check it out).

Beyond the compliance concerns, we really care about keeping our customers informed about how we use their data, cradle-to-grave. Lately, we published our new Privacy and Security Hub, where we are empowering our users into better understanding how they can make their sites better from the Privacy and Security side as well.

What are your main challenges as the DPO and as the Head of the Product Counsel?

As a global company operating in more than 190 countries, we spend a considerable amount of time keeping abreast of changes to global Data Protection Regulations and implementing those changes in complete synergy with Wix’s business goals.

Access rights reportedly present the most challenges and also have the highest rate of being exercised in many companies. Which challenges have you faced relating to access rights, and how did you overcome them?

We actually witness a much higher demand for data deletion requests (compared to data access requests). Having said that, it’s important to note that the right to access might be a sweet target for malicious parties to easily get their hands on personal data. Therefore, users’ identification is critical to ensure data will be transferred to the right hands.

Do you think consumers’ perspectives on privacy are changing in recent years?

From Cambridge Analytica to massive data breaches making the headlines frequently, there are a variety of reasons why the public is finally waking up to the reality of the whole ecosystem built around their data and taking action to have an impact.

At Wix, we didn’t decide to deal with Data Protection only because that is what the different regulations dictate, but <hl>because of love for our users and our understanding this is the way we build the best products in the world, and one part of building the best products is to make sure we are respecting our users’ (and their users’) privacy<hl>.


Read more about our Top DPOs 2022 project here.