Israeli legislation on personal data protection is one of the most peculiar and controversial in the world. The fact that Israel adheres to democratic principles might explain that, but at the same time, the country is regularly exposed to war and terrorist attacks. Israel’s multi-layered legal system is made up of basic laws, case law and a variety of legislated acts. All this makes legal relationships involving data protection in Israel about as complicated as ancient Kabbalistic texts and working in quantum mechanics.
Despite the legislative intricacies and ambiguities, it is widely accepted that privacy is adequately secured in Israel. In particular, the secrecy of correspondence is guaranteed. In 2011, the EU recognized that personal data protection in Israel is provided at an appropriate level. However, that opinion is arguable; since 1981, the Knesset has enacted several legal documents that mention special powers and right vested in some state bodies to breach confidentiality.
General Principles and Basic Law
Despite the absence of a formal written constitution in Israel, there is a type of equivalent to one — the Basic Laws. This document is written in the spirit of Old Testament commandments. One of them, the basic law “Human Dignity and Liberty”, directly concerns confidentiality and the privacy of personal correspondence. Article seven “Private life, personal and family secrets” states:
“There shall be no violation of the confidentiality of conversation, or of the writings or records of a person.”
Also, as far as personal data presented in digital form is concerned, Israel has a special 1995 law governing computer use under which personal data equates to other property, and the seizure of it is tantamount to a search. The seventh basic law article “Human Dignity and Liberty” already mentioned, contains a clause stating:
“No search shall be conducted on the private premises of a person, nor in the body or personal effects.”
At first glance, this legal statement would seem to imply that a judicial warrant is required for any lawful proceedings concerning personal data on computers, smartphones, or other digital media. In reality, though, it’s all a little more complicated than that.
Israeli Privacy Protection Act 5741–1981 — Exception Law
Israel’s Privacy Protection Act includes a clarifying document solely dedicated to the protection of personal data and privacy. This was adopted in 1981, more than 10 years before the main on confidentiality protection — law was passed. The text guarantees the protection of confidentiality, while also assuming responsibility for its violation.
A careful study of the legal text reveals its ambiguity. For example, Section 2 imposes criminal liability with regard to an intentional breach of confidentiality while section 19 provides an exemption from such responsibility in cases when data might be seized by order of the police, military intelligence (Aman), General Security Service (“Shin Bet” or “Shabak”) or the Institute for Intelligence and Special Operations (Mossad).
The law does not specify the responsibilities of employees of those security services in the event that personal data is misused though no such incidents have ever been made public. It is likely that these organizations (except for the police) hold secret documents regulating employee responsibilities for this kind of abuse of authority.
The law prohibits the disclosure of any intimate information belonging to a person, as well as to record and share private conversations conducted with doctors, lawyers, psychologists, social workers and/or the representatives of religious organizations. Any such material that was obtained illegally could almost never be used as evidence in a court of law. Though again, there are exceptions: there have been cases when, in the opinion of the court, justice has been considered to outweigh rights to guaranteed personal data privacy. For example, in the trial of Nafi Samadan records containing information about his crime along with intimate of his life was recognized and accepted as admissible evidence.
Big Brother’s Laws
Preparations for the actual reverse of the standards set out in the basic law “Human Dignity and Liberty” of 1992, began long before it was adopted. In 1982, immediately after approval of the Privacy Protection Act, 1982, the Israeli Telecommunications Act (Telephone and Broadcast) was passed.
Section 13 granted officials from the police, Mossad, the Israeli defense forces, Shabak, and the prison service the right to modify telecom operators’ equipment, and to change their facilities and services for the purposes of conducting covert surveillance.
This vague statement concealed the very real possibility of gaining unhindered access to personal data and telephone conversations, and later to Internet data transmission. The law still stands, and the latest version dates back to 2012. Interestingly, similar standards are contained in the American Communications Assistance for Law Enforcement Act (‘CALEA’) in the USA.
It should be noted that to be granted access to private conversations (both from telephones and real-time messengers) the police are bound to follow procedural rules, which involve the president of the district court or his deputy issuing a warrant.
At the same time, there are also certain extrajudicial permissions to intercept and seize data. These may be issued by a senior police officer. Such an order is valid for 24 hours and can be only issued if, “there is a need to prevent a criminal offence, to detain a criminal, to save a person’s life and there is insufficient time to file a petition with the court”.
Meanwhile, military intelligence and Shabak may be given permission to wiretap directly by the Prime Minister or Minister of Defense in which case no judicial oversight is needed. The rule is stated in the Wiretap Act, (1979).
Moreover, due to the growing needs of special services and the fact that the nature of communications had changed, The General Security Service Act (GSSA) adopted in 2002, actually allowed Shabak to gain access to any user’s personal data without any legal controls. That document also related to the potential for access to personal communications not directly related to crime.
The same law obliged communication service providers to make confidential information available to Shabak employees. Due to the tense political situation and the large number of terrorist attacks during this period, Israeli society reacted rather calmly to the implementation of the law.
The adoption of the Criminal Procedure Act (Enforcement Powers — Communications Traffic Data) in 2007 (the ‘Communications Data Act’) caused a much greater public outcry. It is this regulatory act that was dubbed the “Big Brother Law” by the media, although it was significantly softer than the GSSA adopted 5 years earlier.
The Communications Data Act influenced the regulation of privacy governing data such as subscriber location, subscriber registration and traffic. At the same time, the law did not touch the contents of any correspondence, negotiations and so on.
Current Safety Rules and seizure on Suspicion
Data protection legislation continued to evolve in Israel last year as The Privacy Protection Regulations (Data Security), 5777–2017, appeared. As a result, some standards for the protection of personal data were systematized and improved.
However, law of the 1981 rests on the law of 1981 rests on the basis of this regulatory document. The Privacy Protection Regulations do not mention intelligence officers, but at the same time, the paper dramatically expands the authority of Israeli Law and the Information and Technology Agency (ILITA) in the field of data privacy regulation.
In addition, the document systematized the principles and methods of protecting information in Israel, and as a result, has formed a new standard with which all government and private organizations in the country should comply.
At the same time, a year before this law was enacted, on February 2, 2016, the Knesset announced that it had adopted an amendment that would expand police powers during a personal search. The police received the right to conduct a personal search without a warrant on the basis of suspicion and was named the ‘Stop-and-frisk’ law. Formally, just as the 1995 computer law equates digital data interception to a search, this new norm gives law enforcement officers the right to remove data from a mobile device or laptop found during a personal search, although well-known precedents of this kind have yet to be recorded.
A review of these documents and laws suggests that the guarantees of confidentiality declared in Israel’s basic laws do not apply when it comes to the interests of the security forces. In the EU, for example, such practice by special services is either illegal or borders on being a violation of accepted legal rights. In Israel, conversely, it is legitimized. This legalized practice of special services has been further supported every decade by yet another legal act. In other aspects, privacy protection has reached a high and well-developed level, particularly demonstrated by rights enshrined in The Privacy Protection Regulations (Data Security), 5777–2017.