One of the key issues in the field of privacy protection in Israel is the balance between the right to privacy and the protection of the data stored on computerized databases. These databases used to comprise mere compact cassettes or big magnetic tapes when the Privacy Protection Law was legislated (1981), while today they are in every smartphone that can store and process computerized information.
The legislator initially responded to this issue by prescribing Chapter B (concerning databases) of the same law, rather than dedicating separate legislation to the subject. However, the issue is not resolved and many believe it needs to be addressed by designated acts. It would not be unrealistic to assume that such distinction will be made someday. Until then, data protection is still covered by the Privacy Protection Law.
Whenever this issue is brought up, an answer indicating a wide common ground is usually suggested. Personal information, eventually, is defined as an integral part of a person’s private property. On the other hand, as technology advances, the methods of data collection in the modern world raise various unique issues. In many countries, they are addressed by separate laws concerning personal information security and protection . With this distinction, privacy matters that are not related to the sophisticated digital world of data collection are viewed as general or “classic” privacy issues, separate from the “advanced” or “modern” privacy, which includes the protection of personal information.
Perhaps it is no coincidence that when the Privacy Protection Law was brought to first reading before the Knesset, it did not include any chapter addressing the information stored on databases. It directly derived from the conclusions proposed by the precursory legislation commission, led by Judge Yitzhak Cohen. The commission’s conclusions referred to breaches of privacy through computerized databases: “no major failures that might indicate a need for urgent actions have been detected in the country, and since we need more knowledge and intensive research to study this issue, we rather not include designated provisions with regard to computers and the required supervision in the proposed law” . Eventually, the chapter addressing computerized databases was only added to the version that was brought to the second and third readings of the bill, owing to intensive work of the commission led by David Glass, Chair of the Constitution and Law Council of the Knesset at the time.
When the 5756 (תשנ”ו) amendment of the law was discussed, some stressed that the law needed adjustments and corrections, due to the rapid legislation process that led to the inclusion of that databases chapter. Some viewed Chapter B and Chapter D, which was added to the law as part of the 5745 (תשמ”ה) amendment, as a separate law that was in fact unified artificially with the other chapters of the law. However, even after the approval of this amendment, some provisions in the law are relevant only to chapters B and D.
The legislation process raised some questions that remain unresolved. Mainly, the question of whether Chapter C of the law, which concerns protections, applies to chapters B and D of the law as well. The claim against this inclusion is based on that artificial addition of Chapter B, and later Chapter D, which addresses the transfer of information between public institutions. In this sense, we can seemingly claim that there was no intention to apply chapters B and D of the law to the list of protections that applied to Chapter A (which concerns “classic privacy”). However, there is no support to such claim, neither in the law itself nor in the legislation that followed. The reasonable conclusion is that the protections chapter applies to all the other chapters of the law, including chapters B and D.
This assertion is reinforced by the fact that ever since the law was established, there has been a tendency to create uniform laws with provisions that apply to all their chapters. It is the case with amendment no. 9 of the law, dated June 2007, which changed the heading of section 29 of the law (concerning the authority to issue a series of acts) in a way that made it apply to all the chapters of the law and not only the classic privacy, unlike the version that preceded the amendment. Prior to the amendment, the heading of said section determined that such acts may be issued “in the event of privacy breach”, meaning any proceedings that arose out of section 2 of the law, which determined “what privacy breach is”. However, amendment no. 9 changed the wording of the law. Now it states that one may issue acts “in the event of violation of any provision” of the law, inclusive of chapters B and D of course. The amendment memorandum explained that “the court’s authority to issue acts in addition to any penalty or remedy in any criminal or civil trial should applies to any offense under the Privacy Protection Law and not only to privacy breach under section 2 of the main rule” . The view here is that such provisions should not apply to privacy only but ought to cover databases as well .
On the other hand, when the law was amended and expanded by the provisions of article 29(a), which prescribed the possibility to order compensation without proof of damage, said possibility was given only with regard to breaches under Chapter A of the law, which concerns “classic privacy”. This assertion derives from the clear reference to any offense under article 29(a)(a) of section 5 of the law (listing violations of the articles of section 2 of the law) and article 29(a)(b) of section 4 of the law (which determines that a privacy breach is a civil wrong, while referring to Chapter A only). The legislator’s view here is that, as for compensation without proof of damage, a different resolution is needed with regard to chapters B and D of the law .
It seems that until the legislator decides to separate between the protection of personal information and the other chapters of the law, through new legislation, the law will preserve this love-hate between its two parts – the “classic privacy” of Chapter A and the protection of information of chapters B and D. It appears that the debate with regard to the appropriateness of this distinction will continue even if such separation is made. In such event, some might argue that the distinction is erroneous and demand to reunify the laws.
- It is the situation in Australia and Canada, for example – see “The Right to Privacy after Death – Comparative Review”, the Knesset – Research and Information Center, 24.5.2007, page 2.
- Report of the Commission for Protection of the Right to Privacy (Chair: Judge Yitzhak Cohen), State of Israel, 5737-1976, page 4.
- Ministry of Justice, Memorandum of Proposal – the Privacy Protection Law (Amendment – Privacy of a Deceased, Deliberate Consent and Compensation without Proof of Damage), 5764-2004, page 10.
- Minutes of Session no. 214 of the Constitution and Law Council of the Knesset, the 17th Knesset – 6.6.2007, page 25.
- Minutes of Session no. 214 of the Constitution and Law Council, the 17th Knesset – 6.6.2007, page 30.