Images and footage captured by CCTV are regarded as “Data”, as defined in the Protection of Privacy Law, 5741-1981, pursuant to Guidelines No. 4/2012 of the Privacy Protection Authority, on the Use of Security and Surveillance Cameras and Databases of Recorded Images.
Accordingly, databases with camera footage are subject to the database registration statutory obligation (See: “Are there Registration Requirements?”) and to compliance with data subjects’ rights (see “What Data Subjects Rights are Protected Under Israeli Privacy Laws?”). Additionally, the use thereof is subject to (a) acquiring the individuals’ consent, by way of publishing a clear notice in the proximity of the area being captured; (b) assessment of the possible implications to the use of CCTV; (c) limiting the use and retention periods to the minimum necessary in correlation with the purposes of collecting the data; (d) requiring that the CCTV cameras be set up with ‘privacy-by-design in mind; and (e) in general, as the right to privacy is constitutional, such use must be proportionate and necessary (see: “Is the Right to Privacy a Constitutional Right?”).
In October 2017, the Israeli Privacy Protection Authority published complementary guidelines on the Use of Surveillance Cameras Installed in the Workplace Environment (Guidelines No. 5/17). These guidelines provide further clarification on how employers may install and make use of CCTV in the context of labor relations (See: “Are there Specific Workplace Privacy Requirements?”).
In April 2018, the Israeli National Cyber Directorate published Best Practices Guidelines on Reducing Cyber Security Risks in Video Surveillance Cameras, offering guidance on the technological threats to cameras, considerations on reducing cyber security risks in video surveillance cameras, and providing resources for risk mitigation.
