Click to open contact form.
Your Global Partners in the Business of Innovation

Israel: Proposed Bill Would Direct the Security Agency to Track Israelis to Combat Coronavirus, Privacy Regulator Objects due to Disproportionality

Privacy / Jun 01, 2020

Article written by Haim Ravia, Dotan Hammer and Adi Shoval

The government published a proposed draft bill directing the Israeli National Security Agency (colloquially named “Shabak” or “Shin Bet”) to engage in ubiquitous cellular-network based tracking of the whereabouts and movements of Israelis. The draft bill comes nearly a month after the Israeli Supreme Court ruled that this form of tracking of individuals severely violates the right to privacy and thus must be authorized through primary legislation of the parliament, rather than merely by provisional emergency regulations promulgated by the government.

According to the draft bill, the Agency’s authority will be subject to a governmental directive approving the tracking for a period of three months, which can be extended for three additional months.

The draft bill authorizes the Agency to process identification information, location information, and telecommunication information of Israelis (but not the content of such communications). When a person is confirmed to have contracted coronavirus, the Israeli Ministry of Health (“MoH”) will direct the Agency to provide it with the data of those who were in proximity to that person during the previous 14 days. Those people will be located and notified that they had come into contact with an unnamed person who contracted the virus. While the Agency is required to retain the information disclosed to the MoH only for 14 days and to immediately delete any subsequent information created, it is not required to delete the raw information it collects.

The draft bill states that the MoH bound to data confidentiality and is prohibited from disclosing or transferring the data to any third party. The Agency will not use the information to corroborate compliance with quarantine requirements and the information will not be used as evidence in any investigation or legal proceeding.

The Israeli privacy regulator issued its commentary to the draft bill, indicating that cellular-network based geolocation tracking, absent consent, is the most privacy-invasive method available to combat the proliferation of COVID-19. The regulator reviewed the possible tracing and tracking measures available or used in various countries around the world. It noted that unlike Israel, all other democratic countries use proximity-based tracing apps rather than geolocation tracking. The regulator called on the government to adopt privacy-enhancing technologies based on proximity-based contact tracing that do not involve mass-scale geolocation tracking.

The bill was briefly open to public comments until May 26, 2020.

CLICK HERE to read the bill (in Hebrew).

CLICK HERE to read the Israeli privacy regulator’s review of tracing and tracking measures (in Hebrew).