Israeli buses 390.
(photo credit: Marc Israel Sellem)
In the wake of criticism from civil rights groups that new ‘Rav Kav’ bus passes
could infringe passenger privacy, the Israeli Law, Information and Technology
Authority (ILITA) issued guidelines on Tuesday regulating transport companies’
obligations regarding personal passenger data.
The new Rav Kav “smart
cards” replace old paper tickets, and are intended to streamline ticket buying
on public transport by acting as a single fare collection system for the
country’s various transport providers.
However, civil rights activists
have warned that the new system could seriously infringe transport users’
privacy, because of the way the Transport Ministry collects and stores personal
passenger information relating to the cards.
To obtain a card, passengers
must provide a host of personal details – including name, ID number, age and a
These details, together with detailed data about
passengers’ travel patterns, are stored on a Transport Ministry database, which
activists say is unmonitored, unregulated and potentially insecure.
Association for Civil Rights in Israel (ACRI) has slammed the Rav Kav database
initiative as “scandalous” and called on the government to put in place
guidelines about how the data should be used and stored, in order to protect
passengers’ privacy. ILITA head Yoram Hacohen said Tuesday that it has compiled
its legal guidelines with reference to the Protection of Privacy Law, after
inspections revealed transport operators were collecting “sensitive personal
information about passengers.”
Hacohen said ILITA’s guidelines are
designed to regulate the conditions according to which transport companies can
collect information about public transport users, and serve to clarify public
transport operators’ obligations regarding the law in relation to data collected
“[The guidelines] reinforce the public’s ability to stand
up for its legal rights to privacy,” Hacohen said, adding that ILITA had carried
out its work after lengthy negotiations with the Transport Ministry. The
guidelines say that transport operators must comply with certain rules regarding
data storage and collection, including obtaining passenger consent regarding
both data collection and data use.
Transport operators are also forbidden
to use passenger data collected via the Rav Kav cards for marketing, and
passengers must be offered the option of purchasing ‘anonymous’ cards that do
not require them to give personal data.
Further, transport operators may
only collect limited information about minors and must first obtain consent from
a parent or guardian.
The guidelines also say that all passenger data
must be stored in a secure database, and that transport operators must appoint a
ILITA has also monitored transport operators’ data
security procedures to ensure that all data is being maintained according to the
Privacy Protection Law, and had carried out an inspection of “a major transport
operator” last week, a spokesman for the Justice Ministry said Tuesday –
although the ministry did not specify which operator it had audited.
Transport Ministry is also promoting amendments to the existing Traffic
Ordinance legislation, in order to regulate aspects of data collection and Rav
Kav use, the Justice Ministry said, referring to a controversial bill proposed
Attorney Avner Pinchuk, head of the privacy and information
division at ACRI, told The Jerusalem Post on Tuesday that MKs and civil rights
activists have criticized that bill, which if approved will empower the
transport minister to issue regulations as he sees fit. MKs, including Yariv
Levin (Likud) and Uri Maklev (United Torah Judaism), have criticized the
Transport Ministry over the issue, and have said the ministry created the Rav
Kav database without Knesset approval.
Pinchuk said that the ILITA’s
guidelines are a “stopgap measure” that do not go far enough to protect
The guidelines only concern certain aspects of the data privacy
issue, and do not address the fact that the Transport Ministry is already
collecting personal data from passengers and storing it on a database, he
“The Transport Ministry has developed a database without putting
any regulations in place,” he said.
Although ILITA’s regulations say that
passengers can have the option of purchasing “anonymous” Rav Kav cards, Pinchuk
said that the issue of anonymous cards is problematic.
Currently, not all
Rav Kav vendors issue the anonymous cards and passengers risk losing money if
the cards get lost because there is no way to identify the owner and return the
card, he said.
Concerns over the safety of the Rav Kav database come
after the Justice Ministry revealed last October that it had cracked the case of
a massive information theft case involving personal information on nine million
Israelis, including many minors, deceased persons and citizens living abroad.
Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>