News
The handbook on the protection of privacy by transport entities in a digital environment in Israel
The Israeli Privacy Protection Authority published a handbook for transport entities on the protection of privacy by in a digital environment (the “Guidance”).
1. Introduction
On September 16, 2020, the Israeli Privacy Protection Authority (the “PPA”) published a handbook on the protection of privacy by transport entities in a digital environment (the “Handbook”). The Handbook is based on the specific provisions of the Israeli privacy regime, however the themes that it addresses are universal and applicable mutatis mutandis to privacy the world over. In fact many of the recommendations are resonant of the regulations of the European General Data Protection Regulation, commonly known as the GDPR.
The Handbook is directed to parties that are active in any of the various aspects of transportation from transport infrastructure providers to providers of public transportation, from providers of services ancillary to transportation to startups in the field of intelligent transportation and more (“Transport Providers”).
The purported purpose of the Handbook is to define the privacy dangers inherent in the use of transportation in the digital age and to help define the right balance between the efficiencies achieved by using large volumes of collected data in the age of smart transportation, with the right to privacy of individuals.
2. Background
The use of large volumes of data (such as departure point, destination, travel habits) (“Big Data”) by Transport Providers enables them to optimize and develop their services. Big Data is collected automatically by sensors and cameras, as well as received from the public, including via applications downloaded by them onto their smart phones. There are also sensors built into vehicles themselves, enabling the capturing and sharing many types of data, including geolocation, vehicle performance, driver behavior, and biometrics data, with vehicle manufacturers and others.
In addition to the use of this information for its initial purpose whatever that may be, this information will be used for secondary purposes, such as profiling and statistical learning of behavior of users and the public in general.
3. The current legal regime
Data bases. Under the Israeli Privacy Regime, databases (in general) still need to be registered at the Israeli Registrar of Databases. Information collected must only be used for the purposes for which it was collected, notice is required prior to the collection of personal data and the notice must state whether the provision of information is mandatory or not. In addition this notice must disclose the purpose for which this information is being provided and to whom this information will be passed. Subject to certain conditions, a person has the right to access and correct the information collected.
Data Security. The owner of a database and/or any of its processors are responsible to keep a database secure in accordance with the Protection of Privacy Regulations (Data Security), 5777-2017 in effect as of March 2018 (the “Regulations”). The Regulations provide very detailed and specific requirements for security of databases, and amongst others a database specification must be drafted, physical security requirements must be met, a data security office must be appointed, data security protocols designed and more. The more sensitive the information stored in the database the more stringent the information security requirements.
4. Recommendations
Chapter 5 gives specific recommendations for dealing with the particular risks associated with the use of Big Data by Transport Providers. The first recommendation is that of “Accountability” and that Transport Parties take organizational, technological, and legal steps to improve their level of responsibility and commitment to reducing the consequences of its use of technology on the privacy of users. It suggests that a company appoints a DPO (or such similar officer) if it does not have such. It also recommends that Privacy Impact Assessments be undertaken in advance of the use of technology and that the principles of Privacy by Design and the concept of Privacy by Default, be incorporated. It further proposes that Transport Providers be transparent and provide information regarding the information being collected, the use to be made of such information, how it is secured, to who it is transferred, etc. The terminology and the concepts here are very suggestive of the GDPR.
In situations in which users are a captive audience (for example with regard to public transport) the Transport Provider must be extra circumspect with regard to any cooperation with commercial organizations. As an illustration it refers to an application for payment and tracking of public transport that would inherently involve the collection of significant amounts of personal and sensitive information. It indicates that if the Transport Ministry and any other government body should employ such applications in the provision of vital services, then it is for making sure that the use of such applications complies in full with the provision of the Israeli privacy regime, and that privacy be taken into account at every stage of the collection and processing of personal data. In additions, it provides that a “privacy-preserving” alternative should be provided, in this case it offered payment in cash or purchase of an anonymous travel card.
5. Afterword
With the integration of modern technologies into our transportation systems people are under almost constant surveillance, whether by the sensors and camera networks activated by motor vehicles and in their motor vehicles, the applications installed on their cellphones, smart infrastructure and data driven traffic management tools. It is important to balance the advantages of using Big Data with the severe implications for privacy.
In providing its recommendations the PPA has incorporated GDPR terminology and its recommendations echo in large those of the GDPR. I see this as tacit acceptance of the GDPR as the gold standard for protection of privacy and supportive of Israeli Companies, many of which export or seek to export their technologies and services around the world.
Article provided by: Beverley Zabow (BL&Z Law Offices and Notaries, Israel)
Discover more about INPLP, the INPLP-Members and the GDPR-FINE database
Dr. Tobias Höllwarth (Managing Director INPLP)
News Archiv
- Alle zeigen
- November 2024
- Oktober 2024
- September 2024
- August 2024
- Juli 2024
- Juni 2024
- Mai 2024
- April 2024
- März 2024
- Februar 2024
- Jänner 2024
- Dezember 2023
- November 2023
- Oktober 2023
- September 2023
- August 2023
- Juli 2023
- Juni 2023
- Mai 2023
- April 2023
- März 2023
- Februar 2023
- Jänner 2023
- Dezember 2022
- November 2022
- Oktober 2022
- September 2022
- August 2022
- Juli 2022
- Mai 2022
- April 2022
- März 2022
- Februar 2022
- November 2021
- September 2021
- Juli 2021
- Mai 2021
- April 2021
- Dezember 2020
- November 2020
- Oktober 2020
- Juni 2020
- März 2020
- Dezember 2019
- Oktober 2019
- September 2019
- August 2019
- Juli 2019
- Juni 2019
- Mai 2019
- April 2019
- März 2019
- Februar 2019
- Jänner 2019
- Dezember 2018
- November 2018
- Oktober 2018
- September 2018
- August 2018
- Juli 2018
- Juni 2018
- Mai 2018
- April 2018
- März 2018
- Februar 2018
- Dezember 2017
- November 2017
- Oktober 2017
- September 2017
- August 2017
- Juli 2017
- Juni 2017
- Mai 2017
- April 2017
- März 2017
- Februar 2017
- November 2016
- Oktober 2016
- September 2016
- Juli 2016
- Juni 2016
- Mai 2016
- April 2016
- März 2016
- Februar 2016
- Jänner 2016
- Dezember 2015
- November 2015
- Oktober 2015
- September 2015
- August 2015
- Juli 2015
- Juni 2015
- Mai 2015
- April 2015
- März 2015
- Februar 2015
- Jänner 2015
- Dezember 2014
- November 2014
- Oktober 2014
- September 2014
- August 2014
- Juli 2014
- Juni 2014
- Mai 2014
- April 2014
- März 2014
- Februar 2014
- Jänner 2014
- Dezember 2013
- November 2013
- Oktober 2013
- September 2013
- August 2013
- Juli 2013
- Juni 2013
- Mai 2013
- April 2013
- März 2013
- Februar 2013
- Jänner 2013
- Dezember 2012
- November 2012
- Oktober 2012
- September 2012
- August 2012
- Juli 2012
- Juni 2012
- Mai 2012
- April 2012
- März 2012
- Februar 2012
- Jänner 2012
- Dezember 2011
- November 2011
- Oktober 2011
- September 2011
- Juli 2011
- Juni 2011
- Mai 2011
- April 2011
- März 2011
- Februar 2011
- Jänner 2011
- November 2010
- Oktober 2010
- September 2010
- Juli 2010