The collapse of privacy in the face of coronavirus: emergency regulations for the monitoring, enforcement and collection of information.
On March 17,2020, around 1:30 AM, the Israeli Government passed emergency regulations allowing governmental entities to collect data concerning verified COVID-19 (Coronavirus) patients and those potentially infected with the virus, so as to enforce quarantine orders.
The regulations were adopted by a unanimous vote by telephone, during an overnight sitting of the cabinet, bypassing parliamentary approval and without the involvement of the Privacy Protection Authority.
The regulations focus on two main areas:
The first concerns the police and its authority to collect location data (but not route) without the need for a court order, “in order to caution the public, or a particular individual so as to prevent or minimize the spread of the disease”. These matters are regulated under the Emergency Regulations (Location Data), 2020.
The other area of focus concerns the Shin Bet and deals with the identification of the location and route of certain individuals and the identification (tracking) of people who were in contact with them. These matters are regulated under the Emergency Regulations (Authorizing the Shin Bet to Assist in the National Effort to Suppress the Spread of the Novel Coronavirus), 2020.
These are far-reaching regulations and their adoption represents a constitutive moment in Israel’s constitutional and legal environment. Naturally, the ordinary limitations that apply to the use of regulatory authority give way to the need to protect and preserve the public health and national economy.
Without expressing an opinion on the issue, it is important to bear in mind that in the analysis of the necessary check-and-balances, in this instance one should take into account the severe intrusion on the right to privacy resulting from the new regulations.
- a retrospective tracking of one’s whereabouts over the previous 14 days;
- a “big brother”-like oversight of movements and locations; in some cases, no sanctions are provided for the violation of the regulations;
- the use of expansive definitions that encompass not only verified patients of the virus, but also those who may have been infected, and others who may have been exposed to those who may have been infected with the virus;
- significant invasion into mobile data and its transfer to Shin Bet’s systems;
These are fundamental arrangement and measures that should have been incorporated into the regulations but were not set, nor is it clear if they will ever be set prior to their use or the nature of their content. They are merely illustrations of an immensely problematic regulatory framework, which, in its entirety stands to severely infringe on the right to privacy.
Furthermore, the regulations were adopted confidentially, in the middle of the night, with no parliamentary oversight, using language that contradicts what was publicly declared concerning their content. Moreover, the determination of the content of significant and fundamental portions of these regulations is left for the determination of governmental agencies, in an unclear matter, with no oversight.
Furthermore, these emergency mechanisms are adopted by a transitional government that is three electoral systems away from the public and legal legitimacy on the basis of which a government is assembled.
For our full update (in Hebrew) click here.