The Privacy Protection Authority (PPA) – Israel's regulatory and enforcement authority for personal data – has published a public statement laying out the PPA’s interpretation of the Israeli Privacy Protection Law regarding email addresses.
The statement discusses whether a list containing merely names and email addresses is considered a "Database" under the Israeli Privacy Protection Law. The PPA's position is that in the present digital era, an email address may be indicative of various personal information and cannot be considered merely as means of communication. The statement argues that a lot can be learned about a person just from their email address, such as their occupation, marital status, age and more. In addition, email addresses are commonly used as credentials to login to many digital services.
Section 7 of the Privacy Protection Law excludes from the definition of ‘database’ "a collection that includes only names, addresses and means of communicating… ". The PPA's statement explains that a list containing only names and email addresses will nevertheless be considered a ‘database’ and as a result will be subject to the obligations a database owner must comply with, such as data security obligations and registration of the database with the PPA in certain cases.
CLICK HERE to read the Israeli Protection of Privacy Authority’s statement (in Hebrew).