The Israeli Privacy Protection Authority published numerous guidelines on Privacy aspects of the Coronavirus epidemic. The guidelines deal with the obligations of public and private sectors to the principles of Privacy Laws. Other guidelines refer to Data Protection aspects of working from home, as well as teaching or studying on-line. The Israeli Privacy Protection Authority also published a special Q&A which refers to these unique circumstances.
The attempt to prevent the spread of the Coronavirus, and the fear of its spreading, has a dramatic impact on everyone's daily lives and behavior. Different Israeli Ministries, as well as public institutions, are taking serious measures to stop the spread of the virus and to minimize its consequences.
The Right to Privacy is a constitutional right, based on the Basic Laws and the Israeli Privacy Protection Law (1981). The Israeli Privacy Protection law emphasizes that even while handling this unique situation, it is necessary to maintain a balance between the need to prevent the spread of the virus and the potential violation of privacy while handling the various cases.
The Israeli Privacy Protection Authority understands the important public's interest in the current state and thereforeis constantly working on identifying the various challenges and advising on issues within its responsibilities.
However, the stance of The Privacy Protection Authority is that even during this current epidemic, when there might be an apparent justification for some extent of violation of the privacy of an individual for reasons of public's safety, it still must comply with the principles of privacy protection, and the harm caused by the activity must not exceed the minimum that is necessary.
A key principle is that the personal data must be used solely for the purpose for which it was collected. Different entities that collect information should process it only for the purpose for which it was collected, such as preventing the spread of the virus, epidemiological research, ensuring the safety of workers at risk, etc. Using this data (including processing it or transferring it to other entities) in a way that does not fit the purpose for which it was collected in the first place, and without obtaining the consent of the individual subject for such use, may be considered as a violation of privacy, and the relevant entities should avoid it.
In this sense, after the end of the process, the data controllers and processors must examine whether they still need to retain the information collected in connection with the epidemic. In circumstances where it is found that the information is no longer needed for this purpose, it is to be deleted. See, for example, Section 2 (c) of the Privacy Protection (Information Security) Regulations (2017), which states that "a controller will examine, once a year, if all the data it stores in its database is still needed for the purposes of the database". If the information is sensitive, and no longer necessary to retain, the collecting entities must examine the possibility of deleting the information as soon as possible.
The Israeli Privacy Protection Authority has set up a "Hot Line" to assist the private and public sector in providing practical, applicable and prompt solutions regarding current privacy issues. The applicable solutions will be provided by the PPA within very short timescales as requested under the current circumstances. To reach the hotline, please send an email to: firstname.lastname@example.org
In addition, the PPA published the following guidance and relevant recommendations in connection with the outbreak of the Coronavirus:
Israeli Privacy Protection Authority's Guidelines on Privacy Aspects of the Coronavirus Epidemic
Israeli Privacy Protection Authority's Guidelines refer to Data Protection aspects of working from home
Israeli Privacy Protection Authority's Guidelines refer to teaching or studying on-line
Israeli Privacy Protection Authority's Q&A website page
Israeli Privacy Protection Authority's Guidelines on electronic signature