WorldLII [Home] [Databases] [WorldLII] [Search] [Feedback]

EPIC --- Privacy and Human Rights Report

You are here:  WorldLII >> Databases >> EPIC --- Privacy and Human Rights Report >> 2006 >>

[Database Search] [Name Search] [Recent Documents] [Noteup] [Help]

EPIC --- Privacy and Human Rights Report 2006

Title Page Previous Next Contents | Country Reports >State of Israel

State of Israel

Constitutional Privacy Framework

Israel's Constitution operates as a body of "basic laws" that are interpreted by the courts.[2957] In terms of a constitutional right to privacy, Section 7 of the Basic Law on Human Dignity and Freedom (1992) states that: "(a) All persons have the right to privacy and to intimacy. (b) There shall be no entry into the private premises of a person who has not consented thereto. (c) No search shall be conducted on the private premises or body of a person, nor in the body or belongings of a person. (d) There shall be no violation of the confidentiality of the spoken utterances, writings or records of a person."[2958] According to Supreme Court Justice Mishael Cheshin, this law elevated the right of privacy to the level of a basic right.[2959]

Data Protection Framework

The Protection of Privacy Law regulates the processing of personal information in computer data banks in an effort to protect privacy.[2960] The law sets out 11 categories of prohibited activities and provides for civil and criminal penalties for violating individual privacy.[2961] All holders of data banks containing more than 10,000 names or various confidential information must register with the Registrar of Databases and report their purpose, use, means of data collection, and data security measures implemented.[2962] The law limits the use of information in these databases to the purposes for which they were intended, and database holders must provide access to database subjects. Under the Privacy Law, individuals have a right to access their personal information held in both government and private sector databanks. The owner of the database must provide for such inspection in Hebrew, Arabic, or English.[2963] The European Commission considers that Israel's data protection laws are likely to offer an adequate level of protection for personal data transferred to Israel from countries in the European Union.[2964]


In June 2007, the Privacy Law was amended to include the following provision: "A person's consent for invasion of privacy must be 'conscious.' An injured plaintiff may be awarded statutory damages of up to NIS 50,000 (8,550 EUR). If the invasion to privacy is found to be the result of a willful act, then the sum of statutory damages may be doubled."[2965]


Evidence acquired through infringement of privacy is inadmissible under the Privacy Law, although courts have the discretion to make exceptions. The Privacy Law contains broad exemptions for police and security services as well as a wide range of defenses.[2966] For example, actions in good faith or in furtherance of the public interest are statutory defenses. The law also sets up basic privacy regulations relating to surveillance, publication of confidential information, criminal records, and the legal obligations of the government with respect to confidential information.


The Credit Data Service Law of 2002 created a shared center for storing consumers' credit information among different competing creditors and broke up the dominance of the two banks that controlled most credit information.[2967] The law gives consumers access to their information, the opportunity to correct information collected (including "positive" records, such as evidence of good credit), and features a procedure for opting out of collection. Some politicians have argued, however, that it unduly invades privacy by automatically sharing credit information and penalizing those who opt out of the database.[2968]


Unauthorized access to computers is punishable by the Computer Law of 1995.[2969] Many routine activities prohibited by this law, such as accessing a computer or erasing information, are illegal only when performed without proper authorization.[2970] In June 2002, an Israeli teenager was sentenced under this law to 18 months in jail for masterminding a series of high-profile hacks into the computer systems at the Massachusetts Institute of Technology, the National Aeronautics and Space Administration, the Federal Bureau of Investigations, the United States Air Force and the United States Department of Defense.[2971] An appeals court overruled the teenager's original sentence of six months community service after the Israeli government, under pressure from the United States, pushed for a stricter sentence.[2972]


The Postal and Telegraph Censor, which operates as a civil department within the Ministry of Defense, has the power to open any postal letter or package to prevent harm to state security or public order.[2973]


The 1996 Patient Rights Law imposes a duty of confidentiality on all medical personnel.[2974] The Genetic Information Law of 2000 protects the rights of individuals with respect to their DNA samples and their genetic information. The Genetic Information Law and existing ethical guidelines cover most issues of informed consent, confidentiality, and rules of access for both identified and non-identified DNA samples or genetic information in the individual or family-based, small-scale collections.[2975] Criminal records are governed by the Criminal Register and Rehabilitation Law, which allows more than 30 government agencies to access the records.[2976]


The obligation to maintain bank secrecy stems from Israel's adoption of English bank laws in 1922, by Section 46 of the British Order-in-Council.[2977] The obligation of bank secrecy is limited to consumers and not to companies.[2978] The obligation includes information regarding clients' accounts, transactions effected through the account and the collateral toward the account.[2979]


On September 28, 1995, the Israeli-Palestinian Interim Agreement on the West Bank and the Gaza Strip was signed by the Israeli Government and the Palestine Liberation Organization (PLO). Annex III of the Agreement, the Protocol Concerning Civil Affairs contains Article 33, which provides that Israeli and Palestinian social welfare systems will cooperate to protect the confidentiality and individual privacy in the exchange of personal information.[2980]

Data Protection Authority

In January 2006, the Israeli Government established the Legal Authority for Information Technologies and Privacy Protection under the Ministry of Justice.[2981] The Authority merges three Registrars operating within the Ministry of Justice, one of which is the Registrar of Databases. The Authority's objectives include enforcing privacy protection, coordinating government activities in its fields of operation (IT, privacy and computer crimes) and promoting legislation regarding these issues. While still in its infancy, operating under a tight budget and having only a handful of employees, the Authority has been quite active. For example, the Authority has investigated the exposure of e-mail addresses by EL-AL, Israel's national airline, toughened procedures for registering databases, and placed strict restrictions on the transfer and use of personal information held by pension funds following recent mergers and acquisitions in Israel's financial sector.[2982]

Wiretapping and Surveillance Rules

The Secret Monitoring Law of 1979 governs the interception of communications.[2983] The law prohibits individuals from "listening in" on others' conversation by using a device without a permit or the consent of a party to the conversation.


The law was amended in 1995 following a finding by the State Comptroller that police were abusing wiretap procedures. Although the amendments sought to tighten procedures, they also expanded the Secret Monitoring Law to cover new technologies, such as mobile phones and computer communications, including e-mail. In addition, the amendments increased penalties for illegal taps while allowing interception of privileged communications, such as those with a lawyer or doctor.[2984]


The President of the District Court must authorize police to intercept any form of wire or electronic communication, or plant a microphone for a period up to three months, which can be renewed. The Chief Military Censor may also intercept international conversations to or from Israel for purposes of censorship.[2985] Intelligence agencies may wiretap people suspected of endangering national security after receiving written permission from the Prime Minister or Defense Minister. Police and other law enforcement agencies must present an annual report to the Knesset’s (the Israeli Parliament's) Constitution, Law and Justice Committee detailing such activities. According to the Israeli government, the number of wiretap orders "has averaged roughly 1,000 to 1,100 annually over the last several years. Roughly half of these wiretap permits are given in connection with drug-related offences."[2986] Although courts are supposed to weigh privacy concerns against law enforcement needs before authorizing wiretaps, authorization is, in practice, almost automatic upon request. The 2005 police report said that district courts approved 1,089 police requests for wiretaps and rejected six, an approval rate of 99.5 percent.[2987] In 2006, all but 3 out of 400 wiretaps reviewed in a survey were approved.[2988]


At the beginning of June 2005 the Knesset approved an amendment to the Criminal Procedure Law. The amendment authorizes Israel Police to collect DNA samples from suspects taken in for questioning and convicts in custody. The justification for the genetic data bank is to allow police to cross-reference DNA profiles from crime scenes with the data banks of criminals and suspects in order to identify serial offenders in crimes against persons, property or security.[2989] An individual acquitted of charges will have his or her DNA retained in the data bank for seven years. A convicted offender's DNA will be kept for 20 years. The police have set a target of genetically mapping 20,000 samples annually.[2990]

Anti-terrorism Measures

In March 1998 the Finance Minister granted the Director of the Bureau for Counterterrorism full access to all Israeli taxation authorities' databases. The authorization gave the Bureau access to the financial records of any citizen in Israel, including the status of their bank account "for urgent cases of preventing terrorist acts."[2991]


Israel contracted Electronic Data Systems in 1999 to install a biometrics-based border control system, using hand geometry and facial recognition technology, to monitor the entrance and exit through the Gaza Strip of about 50,000 Palestinians workers.[2992] Israel also installed a biometrics identification system in Tel Aviv's Ben Gurion Airport. Frequent travelers who submit biographic information and biometric hand-geometry data may use automatic inspection kiosks to go through airport security. Travelers use a credit card for initial identification and then scan their palms into the kiosk to verify identity. The machine prints a receipt that allows the traveler to proceed through security. As of 2006, nearly 300,000 Israeli citizens have enrolled in the biometric identification system.[2993]


In June 2007 Ben Gurion Airport installed electronic devices that allow inspectors to see through travelers’ clothes.[2994] The technology is used to detect if passengers are smuggling any goods through customs or concealing weapons that could be used for terrorist activity. Although some Israelis have raised privacy concerns, customs officials have responded that a short inspection is more desirable than a full body search.[2995] It is unclear if the airport security force will be retaining the images in a database.


As part of the disengagement process, the Israeli Defense Ministry announced the creation of a new high-tech border crossing north of the Gaza Strip in January 2005. Security guards monitor individuals by using video surveillance cameras as they pass through "identification stations" where their identities are verified using existing ID cards and biometrics.[2996] In April 2007, government officials from the Defense Ministry indicated that their biometric equipment must be significantly upgraded to be more effective at preventing terrorist infiltrations.[2997]

Major Privacy Case Law

Alonial, et. al v. Ariel McDonald is a case involving copyright between McDonald's and well known basketball player Ariel McDonald. The Supreme Court of Israel affirmed that Israel's Privacy Law protects personal rights and interests, and not economic rights.[2998]


In October 2004, the Jerusalem District Court rejected Yigal Amir's petition to stop the broadcast of a TV movie shown on the ninth anniversary of the assassination of Prime Minister Rabin, for which Amir was convicted.[2999] Amir had argued that film footage showing him in his jail cell dressed in his underwear violated his privacy rights


In June 2000, the Tel Aviv District Court held that the State could not order an Internet service provider (ISP) to collect subscriber e-mails to provide to the police, finding that the practice was the equivalent of an illegal wiretap. However, the Court determined[3000] that, when balanced against individual privacy rights, police could request e-mails already collected by the ISP from subscribers against whom an indictment is pending, and could use those e-mails upon indictment if a court found the collection to be justifiable – even if it was illegal at the time of seizure.[3001]

Recent Developments

A government committee conducting a two-year review of the legal aspects pertaining to protection of privacy in databases submitted its final report in February 2007.[3002] The Schoffman Committee consisted of government officials, academic institutes' experts in law and technology, members of the Public Council for the Protection of Privacy, a representative of the Association for Civil Rights in Israel, a private legal practitioner and others. The report urged Israeli authorities to shift their emphasis from administrative provisions of the law (namely, database registration) to enforcement of essential sections relating to the protection of personal information, such as data security measures and collection and purpose limitations. Further, registration requirements should be limited to databases that are used for information trading or that store sensitive data such as genetic data. The committee also suggested that unlawful cross border data transfer should be deemed a criminal offence.


The Committee also proposed the enactment of a data breach law similar to California’s legislation.[3003] Currently, a breach of the Protection of Privacy Law does not entitle an individual to submit a class action. The Committee found that there is insufficient incentive for individuals to take legal action against database-related infringements of privacy, due to the number of injured parties and the small amount of damage each party incurs. This deters potential plaintiffs, thus becoming an obstacle to civil enforcement. If this recommendation is followed, the combination of class action suits and statutory damages may prove critical in cases of mass privacy infringements. As of July 2007, the Authority for Law, Technology and Information is drafting a bill based upon the Schoffman Committee's findings.[3004]


Another bill, also proposed in July 2007, would require Internet Service Providers (ISP) to only allow registered Internet users over the age of 18 to browse sites with pornographic, violent, or gambling related content. The default setting for all ISPs would be to censor content, and adults wishing to view such materials would need to identify themselves. The original bill required biometric identification, but that condition was dropped so that the bill could be unanimously approved by the Ministerial Committee on Legislation. The estimated cost of the new system is NIS 10 million (1.7 million EUR). It is unclear who will decide what should be censored, though it will likely be officials from Education, Justice and Communications Ministries, in addition to representatives from the National Council for the Child. The bill will be read by the Knesset Economics Committee, and if it is passed into law, officials estimate it would take seven to ten months to implement.[3005]

NGO Advocacy Work

In May 2004, the Supreme Court accepted a petition submitted by the Association for Civil Rights in Israel (ACRI) in 1998. In its petition, ACRI challenged the right of hundreds of clerks in various government authorities and commercial banks to have access to the Israeli Population Registry.[3006] Also, in May 2004, an internationally funded NGO, Peace Now, was under investigation for possible breaches of the espionage provisions of the Israeli Penal code for allegedly photographing and conducting surveillance of Israeli settlement areas and security breaches where Israeli civilians were later killed in attacks.[3007]


In late May 2005, the year-old Israeli branch of the Movement for Freedom of Information, petitioned an administrative court in Tel Aviv to order the Israeli Defence Forces (IDF) to reveal the "formula" by which the IDF's psychotechnical diagnosticians rank new recruits, thus determining their military service path, i.e., whether she or he will become an officer, serve in the Ordinance Corps, become a pilot or be assigned non-combative roles.[3008] Israeli NGOs, particularly environmental groups, have been turning to courts to obtain information when access requests have been denied by government offices.[3009]

Open Government

The Israeli Supreme Court ruled in Shalit v. Peres that there was a fundamental right for citizens to obtain information from government.[3010] The Freedom of Information Law was approved unanimously by the Knesset in May 1998. The law allows any citizen or resident to access records held by government offices, local councils and government-owned corporations.[3011] Requests for information must be processed within 30 days. Courts can review government decisions refusing to disclose information.


In Israel, the Freedom of Information Law[3012] applies to some government institutions such as government ministries, the President's Office, the Knesset, the state comptroller and the public organizations that Office oversees, the courts, the local authorities, statutory corporations, government corporations and companies under the control of the local authorities. However, several public bodies are not currently required by law to be open and transparent regarding access to information.

International Obligations

Israel is a signatory to the International Covenant on Civil and Political Rights,[3013] which provides at Article 17 that: 1) No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation, and 2) Everyone has the right to the protection of the law against such interference or attacks.


[2957] The State: The Law of The Land, Israel Ministry of Foreign Affairs, October 1, 2006 <http://www.mfa.gov.il/MFA/Facts%20About%20Israel/State/THE%20STATE-%20The%20Law%20of%20the%20Land>.
[2958] The Basic Law: Human Dignity and Freedom (5752 - 1992), passed by the Knesset on the 21st Adar, 5754, March 9, 1994, available at <http://www.mfa.gov.il/mfa/go.asp?MFAH00hi0>.
[2959] Alon Kaplan & Paul Ogden eds., Israeli Business Law: An Essential Guide (Boston: Kluwer Law International) 1997, at 30.01.

[2960] The Protection of Privacy Law 5741-1981 (hereinafter Privacy Law), 1011 Laws of the State of Israel 128, amended by the Protection of Privacy Law (Amendment) 5745-1985.
[2961] Privacy Law, supra at Chapter 1, Section 5. It should be noted that, although, until recently, Section 2 of the Privacy Law was usually interpreted by Israeli courts (in view of Section 3 of the Privacy Law) as applying only to individuals (and not to corporations). However, in February 2002, Tel Aviv District Court Judge Yehuda Zaft ruled that Section 2(5) of the Privacy Law may be used to protect the privacy of corporations as well. This issue has not been reviewed yet by the Supreme Court. See Civil Case (Tel Aviv) 2324/01 Multilock Ltd. v. Rav Bariach Hashkaot Ltd. and Others.
[2962] Debbie L. Rabina, "Access to Government Information in Israel: Stages in the Continuing Development of a National Information Policy," International Federation of Library Associations and Institutions, August 13, 2000, available at <http://www.ifla.org/IV/ifla66/papers/018-160e.htm>.
[2963] Privacy Law, supra at Chapter 2, Section 13.
[2964] "Global Data Protection and Security Issues in the Cards Arena," Cards International, September 26, 2001.

[2965] Protection of Privacy Law (amendment no. 9), available at <http://www.law.co.il/privacy/privacy_amendment_9.pdf> (in Hebrew).

[2966] Privacy Law, supra at Chapter 3, Section 18-19.

[2967] Credit Data Service Law, 5762-2002.
[2968] "MKs to Duke it out in Credit Data Service Law Battle," Israel Business Arena, July 5, 2001.

[2969] The Computer Law (5755-1995), 1534 Laws of the State of Israel 366, see Miguel Deutch, Computer Legislation: Israel's New Codified Approach, 14 J. Marshall J. Computer & Info. L. 461 (Spring 1996).
[2970] Id.

[2971] Boaz Guttman, "The Analyzer: Following the State's Appeal," May 6, 2002.

[2972] Bob Sullivan, "Analyzer Gets 18-Month Jail Term," MSNBC, June 6, 2002.

[2973] Regulation 89 of the Mandatory Defence (Emergency) Regulations, 1945.

[2974] Patient Rights Law, 5756-1996.
[2975] "Population Based Large-Scale Collections of DNA Samples and Databases of Genetic Information," in Report of the Bioethics Advisory Committee of the Israel Academy of Sciences and Humanities, December 2002, at 2.
[2976] Criminal Register and Rehabilitation Law, 5741-1981.

[2977] Nahum Bitterman, "The Extent of the Obligation of Secrecy," Israeli Business Law: An Essential Guide (Kluwer Law International 1996).
[2978] Id.
[2979] Id.

[2980] Israeli-Palestinian Interim Agreement on the West Bank and the Gaza Strip, Annex III: Protocol Concerning Civil Affairs, Article 33, Sept. 28, 1995, available at <http://www.mfa.gov.il/MFA/Peace+Process/Guide+to+the+Peace+Process/THE+ISRAELI-PALESTINIAN+INTERIM+AGREEMENT+-+Annex+III.htm#app-33>.

[2981] “Cabinet Communique,” November 5, 2006, available at <http://www.mfa.gov.il/MFA/Government/Communiques/2006/Cabinet+Communique+5-Nov-2006.htm>.
[2982] E-mail from Haim Ravia, Chair of the Internet, IT & Copyright Group, Pearl Cohen Zedek Latzer, Israel, to Allison Knight, Research Director, Electronic Privacy Information Center, July 19, 2007 (on file with EPIC).

[2983] The Secret Monitoring Law, 5739-1979, Laws of the State of Israel, vol. 33, at 141-146.

[2984] Id.

[2985] Herb Keinon, "Shas Disputes Linking Wiretap to Yishai-Deri Rivalry," The Jerusalem Post, November 27, 1998.
[2986] United Nations Human Rights Committee, Israel CCPR/C/81/Add.13 (Initial State Party Report) April 9, 1998, available at <http://www.unhchr.ch/tbs/doc.nsf/184758d9fcd7a2b1c12565a9004dc312/ff05b8854986b0398025662f00567574?opendocument>.
[2987] Ha’aretz Ze'ev Segal, "A Sweeping License to Invade Privacy," Haartez, June 15, 2005 .
[2988] Shahar Ilan, “Courts rejected 3 police wiretaps last year, okayed 397,” Haaretz, June 10, 2007, available at <http://www.haaretz.com/hasen/spages/869035.html>.

[2989] Ze'ev Segal, "A Sweeping License to Invade Privacy," Ha’aretz June 15, 2005; "Police Permitted to Take Blood from Suspects," IsraelINN.com, June 2, 2005.
[2990] Jonathan Lis, "Police to start DNA Bank of Suspects, Convicts," Ha’aretz, June 15, 2005.

[2991] Id.

[2992] "Consortium Led by EDS Wins Award to Develop Leading-edge Biometric Border Crossing System for the Israeli Borders," EDS News Releases, Sept. 6, 1999, available at <http://www.oti.co.il/objects/PR_19990906_Bazel-EDS%20et%20al.pdf#search='Consortium%20Led%20by%20EDS%20Wins%20Award%20to%20Develop%20Leadingedge%20Biometric%20Border%20Crossing%20System'>.
[2993] EDS, Ben Gurion Airport Authority Case Study (June 26, 2007), <http://www.ic-live.com/cr.php?cID=1328&cdid=2904&campID=8&convID=335&ic_url=http://www.eds.com/services/casestudies/downloads/bgaa.pdf>.

[2994] “New Airport Inspection Tool 'Strips' Passengers,” June 20, 2007, available at <http://www.israelnationalnews.com/News/Flash.aspx/128529>.
[2995] Id.

[2996] "Hi-Tech Security Crossing to be Built on Gaza Border," January 19, 2005, available at <http://israelnn.com/news.php3?id=75505>.
[2997] Yaakov Katz, “Officials urge changes at crossings after 100-kg truck bomb reaches TA,” The Jerusalem Post, April 11, 2007.

[2998] Civil Appeal No. 8483/02 March 30, 2004, available at <http://www.israelbar.org.il/english_inner.asp?pgId=20382&catId=246>.

[2999] "District Court Rejects Amir Privacy Appeal," IsraeINN, October 26, 2004.

[3000] MC 90868/00 Netvision Ltd. v. Israel Defense Forces & others (unpublished).
[3001] Alon in Ha'aretz, supra.

[3002] Schoffman report, available at <http://www.law.co.il/privacy.schoffman.pdf> (in Hebrew).

[3003] Security Breach Information Act, Cal. Sen. Bill 1386 (2002).
[3004] Email from Haim Ravia to Allison Knight, supra.

[3005] Eran Gabay, “Knesset to mull censorship bill for internet porn, violence,” Ha’aretz, July 10, 2007, available at <http://www.haaretz.com/hasen/spages/880322.html>.

[3006] Naama Yashuvi (Kim Weiss, trans.), The State of Human Rights in Israel 2003-2004, available at <http://www.acri.org.il/english-acri/engine/story.asp?id=182>.

[3007] "'Peace Now' Under Investigation for Espionage Activities," May 21, 2004, available at <http://www.israelnn.com/news.php3?id=62808>.

[3008] Yuval Yoaz, "We are all still in the dark," Ha’aretz, June 8, 2005, available at <http://www.haaretz.com/hasen/pages/ShArt.jhtml?itemNo=585620&contrassID=2&subContrassID=4&sbSubContrassID=0&listSrc=Y>.
[3009] David Banisar, "Israel," Freedom of Information and Access to Government Records Around the World, Sept. 2006 at 44, available at <http://www.privacyinternational.org/foi/foisurvey2006.pdf>.

[3010] H.C. 1601-4/90 Shalit et al. v. Peres et al., 44(3) P.D. 353; see, also Rabina, supra.

[3011] Banisar, supra, at 44.

[3012] Freedom of Information Law 5758-1998.

[3013] International Covenant on Civil and Political Rights, G.A. res. 2200A (XXI), 21 U.N. GAOR Supp. (No. 16) at 52, U.N. Doc. A/6316 (1966), 999 U.N.T.S. 171, entered into force March 23, 1976, available at <http://www.unhchr.ch/html/menu3/b/a_ccpr.htm>.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICPrivHR/2006/