The Right to Review Digital Database
Within the scope of a new directive published recently by the database registrar at the Israeli Law, Information and Technology Authority, entities, such as service-providers, that retain recordings of telephone conversations or chat correspondence with their customers will be forced to enable their customers (the subjects of the information) to also access information of this type. This according to the right of access prescribed in the Privacy Protection Law and the regulations instituted by virtue thereof.
The purpose of the directive, called “Application of the Provisions of the Privacy Protection Law to the Right to Access Voice Recordings, Videos and Other Digital Information,” is to clarify the way in which the registrar interprets the provisions of the Privacy Protection Law, as it pertains to the right to access “digital information,” such as recorded telephone conversations, chat correspondence, video calls and more.
According to the new directive, the right of access prescribed in the Privacy Protection Law, as it pertains to information retained in a database, applies not only to correspondence and records, but also to any information that is digitally stored.
It is important to understand that this does not encompass all information stored through digital means. The scope of the information to which the right of access applies derives from the definitions in the Law and from the interpretations of the term “information” during court rulings. Generally, at issue is information that is essentially of a personal nature, which includes data on a person’s personality, personal status, the right to privacy in relation to his personality, state of health, economic situation, professional training, opinions and beliefs.
The directive adds that the right of access applies not only to information stored and catalogued under a person’s specific identity (usually a customer of a service-provider), but also when the information is not stored in a way that links it to the identity of that individual, but which, after reasonable efforts, may link him to the information. In this context, the directive clarifies that “reasonable efforts” will also include identifying and linking the information by date and a range of hours, or employing search functions already defined in the database systems at the outset.
This directive reflects a purposive interpretation that is seeking to adapt the provisions of the Privacy Protection Law and regulations to the digital information age. The provisions of the law and its regulations had originally been drafted when the legislature was considering paper correspondence; however, in the digital age, the right to access video and audio information cannot be exercised by way of a “printout or representation” as prescribed in the Privacy Protection Regulations (Criteria for Perusing Information ,and Appeal Procedures for a Refusal of a Perusal Request ), 5741 – 1981. Therefore, the directive prescribes that, in relation to this type of digital information, the right of access by way of a “printout” shall be exercised by way of furnishing a copy of the file of the recording, while the right of access by way of “representation” shall be exercised by way of enabling audio or visual access.
The directive institutes further adaptations to the digital age in relation to the mode of exercise of the right of access. According to the directive, the right to access digital information shall be exercised by way of sending a digital file that may be read, listened to or viewed, in the original format in which the communication was collected, and in a manner enabling access using software available to the public, and this, unless there is significant justification for exercising the right of access particularly by way of audio or visual display of the file.
This directive shall come into effect on April 1, 2017.