The war on privacy

Photo by Tobias Tullius on Unsplash

Last year several of the world’s leaders stood up and declared war. Not against a nation, not against a group of terrorists or militants, but against a virus. A virus that threatened, and continues to threaten, the very fabric of our society. This war is not fought with guns, tanks or drones, but with masks, soap and social distancing.

As is the case in all battlefields, indeed all public emergencies, certain rights and liberties may be encroached upon, or even curtailed, if they stand in contrast to the war effort. In the case of the “war on coronavirus” the right that “got in the way” was the right to privacy.

Privacy is a constitutional human right in Israel. It is explicitly mentioned in the Basic Law: Human Dignity and Liberty, Israel’s equivalent of the US Bill of Rights. However, when stacked up against the “war on coronavirus”, the right to privacy never stood a chance.

The first major clash between the right to privacy and the “war on coronavirus” was the use of Shin Bet tools for epidemiological tracking of Israeli citizens. Ignoring warnings by experts that the intelligence services are ill-equipped to handle the task, the law was nonetheless passed. It was subsequently challenged in, and upheld by, the Supreme Court. Now that these tools have been in use for nearly a year experts agree that they are oversensitive, inaccurate and ineffective.

The second instance in which the “war on coronavirus” clashed with privacy rights was the failed Hamagen contact-tracing application, developed by the Ministry of Health. There are many reasons why the technology failed, but the main reason was trust. The Israeli public did not trust health officials to safely and properly handle their data. This led to low adoption of the app and its eventual abandonment.

The third instance in which the “war on coronavirus” justified curtailing privacy rights was the agreement signed between the Israeli government and Pfizer, the largest supplier of coronavirus vaccines to Israel. The intention was to share de-identified statistical data about vaccine recipients in order to allow Pfizer to conduct research and track the immunization statistics of the Israeli public. However, several experts (including Privacy Israel, an NGO dedicated to promoting the right to privacy in Israel) have pointed out that large portions of the draft released to the public were redacted. And, the language seemed to be intentionally vague so as to allow sharing individual data, or at least data about certain populations, if required.

The fourth major privacy-eroding event was the bill, introduced just this week in the Knesset, which would permit The Ministry of Health to share identifying information of both people who have been, and people who have not been, vaccinated with local municipalities and the Ministry of Education, permitting municipalities and the Ministry of Education to contact individuals to “encourage” them to get vaccinated. Though it is entirely unclear what qualifications municipal workers have to discuss the medical advantages of vaccination with those who have not yet been vaccinated, nor is it clear how this information is going to be held, how long it will be held for, or how it will be secured, the government seems eager to ram the legislation though, without thinking of any of the clear privacy risks it poses.

The common thread in all of the examples I mentioned is that there seems to be a lack of a “responsible adult in the room” when it comes to governmental decision-making. Every decision seemed to be taken without input from privacy professionals, with an ends-justify-the-means approach. For example, representatives from the Privacy Protection Authority, the entity which should be consulted on matters relating to the use of personal data, could have been consulted and suggest less intrusive means to achieve the exact same end, but were not.

Contrary to what John Lyly would have you believe, not all is fair in love and war. The world’s nations realized decades ago that rules needed to be set, even to the chaotic battlefield. The rules are commonly referred to as The Geneva Conventions, and they are adhered to by most of the world’s nations, even in times of conflict.

Applying the same approach to the “war on coronavirus”, we must ask ourselves what are the rules? What are the red lines we will not cross because crossing them, notwithstanding the fact that it will get us closer to our goal of eradicating the coronavirus, is antithetical to our moral compass as a democratic society? How far are we willing to allow the Israeli government to infringe on our privacy rights in the name of “fighting the good fight”?

It is important to understand that the erosion of human rights does not happen overnight. It is gradual and incremental, slowly encroaching on people’s civil liberties and permitting more and more in the name of a competing cause. Each incremental encroachment doesn’t seem “that bad”, but when you take a step back and look at the overall trend, it paints a dire picture of the current state of privacy rights in Israel.

There are, of course, two levels on which the erosion of the right to privacy should concern us. The first is the fact that we currently do not have much privacy. While the pandemic still rages outside, we have all learned to live with the temperature checks and medical forms, much in the same way we learned to live with the security guard checking our bag when we enter a public place, or hikes taken by schoolchildren accompanied by armed security.

However, the more concerning consideration is how this erosion will impact our rights and the public’s tolerance going forward. Will people be more willing to share personal information about themselves because someone has asked them to? Will the government be demanding more information from us, the Israeli public, on a regular basis, in the name of preventing the next pandemic? Who will be making sure the politicians don’t use this information for other purposes, for example in their re-election campaigns? Who will ensure sensitive information about our health is not hacked and sold on the dark net? We should all be asking these questions and holding our representatives accountable to their promises.

I fear it might be impossible to put the genie back in the bottle.

About the Author
Avishai Ostrin is a dual-qualified (Israel/UK) lawyer, and he heads the privacy & data protection practice at Asserson, an English law firm based in Tel Aviv. His practice mostly focuses on advising Israeli companies on how to comply with privacy legislation around the world. He lives in Ra'anana with his wife, three children and dog, Brownie. He religiously attends spinning classes and is a tortured (yet optimistic) New York Jets fan.
Related Topics
Related Posts