Dr. Michael Birnhack of TAU’s Faculty of Law and Prof. Niva Elkin-Koren from the University of Haifa recently completed a comprehensive study on information privacy laws in Israel and found compelling reasons for lawmakers everywhere to take notice. “Our research from Israel can serve as a case study of the shortcomings of a comprehensive data protection program,” says
“It’s not just sites like Facebook and Twitter that should cause concern,” he continues. “It’s all the trivial things that are collected about us that we’re not protected against.”
The process can be seductive: information collected by websites has benefits, too. Based on previous purchase and search queries, Amazon can recommend books for readers “just like you.” But in the wrong hands, similar information collected by Web sites and discount card companies could be used by health insurance organizations to boost premiums or by employers trying to figure out how many sick days you’ll be taking each year. It could even make or break your chances of landing that new job,
A health insurance provider doesn’t need to see your medical records to understand the state of your family’s health. It can learn just as much by looking at your grocery bill. “If you use a discount card at a supermarket, information on your purchases is added to a database. If you shop for halal or kosher products, your religion can be inferred, and the purchases of fatty or gluten-free foods can provide an indicator of your family’s overall health.”
Federal legislation in the U.S. regulates for some 15 different kinds of specific data sets, such as health data and credit histories, but not for information collected by club and discount cards or by commercial Web sites. And it’s more difficult to write a law to secure confidentiality in those areas, says
“Unless there are specific laws in place, this personal digital information is up for grabs. It can be bought and sold between governments and private companies, which can then conduct data mining and analysis on it and sell the results to third parties,” he explains.
In conducting their research, Birnhack and Elkin-Koren examined close to 1,400 Israeli websites and their privacy statements and attempted to discern whether or not the sites complied with the law. They then reported their findings reported on the Social Science Research Network (SSRN) website in a paper available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1456968.
Even though Israeli law requires them to do so, a significant number of sites don’t state that they are collecting this information, while a majority of popular commercial sites reserve the right to change their privacy policies at any time. This means that data is up for grabs.
“Legislators should be aware of how easy it is to collect personal information about citizens to start building more protective laws,”