A first-of-its-kind judicial decision sets out the rules for lawful tracking in an epidemic outbreak situation. The Israeli Supreme Court strikes a balance between COVID-19-related contact tracing technology and the right to privacy in a landmark decision about the government’s limits of power and the rights to privacy and dignity.
The Israeli government enforces the isolation of confirmed patients and people who came in close contact with them in an effort to contain the spread of the COVID-19 pandemic. Among the measures used is an anti-terror technological system, operated by the General Security Service, to trace the movement path of a confirmed patient during the 14 days preceding the patient’s diagnosis and to track individuals who were close to the patient for more than 15 minutes.
On April 26, the Supreme Court ruled in four petitions filed against the Israeli government’s Resolution 4950 from March 30 that authorizes the use of the GCC’s measure. According to the court’s decision, the government will need to amend the law through a parliamentary legislative process to continue using this measure.
How does it work?
The Ministry of Health provides the GCC with a confirmed patient’s name, ID number, mobile number and the date of the diagnosis and also notifies the patient through a text message that their personal details were provided to the GCC.
The GCC tracks and provides the MOH with the patient’s movement during the 14 days preceding the diagnosis and also provides identifying details of the individuals who were in potentially infectious close contact with the patient. These details include ID numbers, phone numbers, birthdate, and the time and place of contact with the patient. Next, the MOH sends a text message to the identified individuals requiring them to enter home quarantine and to report it on the MOH website.
To provide the MOH with the contact tracing data, the GCC uses a covert system containing communications data, regularly transmitted from telecoms to the GCC, under a general authority pursuant to the General Security Service Law, 2002.
The petitions and state’s response
Four petitions were filed against the use of the GCC technology and included the following arguments:
- The authorization of the GCC to act in a public health-related issue, under the government’s Resolution 4950, exceeds the authority vested in the GCC under the GCC Law.
- The GCC, as Israel’s secret service, is only authorized to perform pure national security functions. Even if a broader interpretation of the GCC Law is accepted, the GCC’s authority to act in matters not directly related to national security should be used only in extreme circumstances.
- Resolution 4950 violates the rights to privacy and dignity. Though the resolution advances a worthy purpose, there are less restrictive means to achieve the same purpose and accordingly, the resolution fails the proportionality test. Additionally, the mechanism set out in Resolution 4950 falls short of acceptable privacy protection principles, particularly given its coercive nature and lack of transparency.
The state claimed against the petitions that the GCC Law empowers the GCC to operate in other domains, not in the core national security activities of the GCC, as required to protect national vital interests and subject to the approval of a parliament’s designated committee.
Immediate and severe threat…
Privacy 2024 Recap – some significant decisions, slow progress for reform
The past year saw a few court decisions of note as well as halting progress toward privacy…