The Politics of Privacy
Note: This op-ed originally appeared in the Israeli daily newspaper Haaretz on September 17, 2010.
Posted: September 17, 2010
By Christopher Wolf
Personal information in the wrong hands can cause serious harm. The founders of the European Union looked to the history of the Holocaust and saw what happened when data on Jews and other minorities were exploited in order to perpetrate genocide. With that history in mind, they drafted a comprehensive directive that every EU member state is required to implement, providing for a broad set of restrictions on the use of personal data by government and businesses alike. While inventorying data to round up citizens for transport to concentration camps is, thankfully, a remote risk, misuse of information to cause economic and personal harm persists.
The United States, while lacking a comprehensive privacy law, has a variety of laws and regulations intended to protect privacy, and it enforces them robustly. Still, the U.S. remains in the category of nations deemed by the EU to be lacking "adequate protection" of personal data (thus requirin cumbersome legal mechanisms for information to flow from the EU to the U.S. ).
By contrast, the State of Israel, which has a widely respected governmental agency charged with protecting privacy (the Israeli Law, Information and Technology Authority, in the Justice Ministry, headed by Yoram Hacohen ), as well as a comprehensive national privacy law, earned the recognition of the EU's Article 29 Working Party, which is charged with assessing the adequacy of national privacy laws. That body - consisting of regulators from all 27 EU member states, from Estonia in the east to Ireland in the west - proposed some time ago that the European Commission recognize Israeli data-protection standards as sufficient for the transfer of Europeans' personal data. Indeed, so respected is Hacohen and the ILITA, the world's privacy commissioners agreed to be hosted in Jerusalem for their annual conclave this October, in recognition of the advances in privacy led by Israel.
Perversely, the recognition of Israel's privacy laws as adequate for EU-Israel transfers has just been blocked by the Irish government, though it previously had been in favor. The Irish justice minister claims that since fake Irish and other EU passports were used in the killing of Hamas commander Mahmoud al-Mabhouh in Dubai in January, and since many in Europe simply assume that Israel's Mossad was involved in the killing, then it must be true that Israel misuses personal data (like passport information ) and cannot be trusted to handle the personal information of EU citizens. Of course, investigations conducted by the Irish police did not produce any evidence linking Israel to the forged EU passports, but those facts apparently are of no moment to the justice minister.
In Israel and in Ireland, as in every other country, there will be occasions when legitimate government security efforts will need to be balanced against individual privacy. That does not mean that a country devalues privacy. Can the Irish have forgotten their recent history of coping with violence in Northern Ireland? Or is this just an opportunity to promote anti-Israeli policies?
More pernicious than Irish political efforts were recent news reports that Turkish hackers obtained the passwords and credit card details of 32,561 Israeli consumers. It is reported that a Turkish message board has uploaded a list containing credit card details, PayPal and bank user names and more than 140 passwords to Israeli government websites, as well as more than 300 passwords for use with Israeli limited-access academic Web pages. The data were stolen through online misdeeds. And online in Turkey, there is a debate about what should be done with the information. A seriously anti-Israel faction is arguing that, since they are "enemies of Islam," it is okay to harm Israelis whose data was stolen. The politics of privacy now appears to encompass harming innocent online citizens.
International cooperation to promote privacy, which is essential in our information society, used to be fairly immune to politics. Clearly, that is no longer the case. But European leaders who are truly committed to privacy and understand the horrors that have been enabled by misuse of databases should stand up to the Irish red herring, and move to approve Israel's status as adequate to handle EU data. And as for the Turkish hackers and their friends, the government in Ankara should take a stand against computer crime and enforce against the misuse of Israeli data. Indeed, such an effort may also help heal recent diplomatic wounds.
In the end, privacy is too important to be politicized.
Christopher Wolf leads the Privacy and Information Management practice at the international law firm Hogan Lovells. He is founder and co-chair of the Future of Privacy Forum, a Washington, DC-based think tank, and chairs the Internet Task Force of the Anti-Defamation League.