Class Action (Tel Aviv) 47153-05-20 Aviv Kupershmidt v. Israel Electric Company Ltd.

1. I have before me a motion to certify a settlement in the framework of the class action under the title (hereinafter, respectively: the "Motion" and the "Settlement") in accordance with Section 19 of the Class Actions Law, 5766-2006 (hereinafter: the "Class Actions Law") between the Applicants and the Respondent (hereinafter: "the Respondent" or "the Electric Company" hereinafter referred to as the Applicants and the IEC for the purposes before me: "the Parties"").  On the basis of the reasons that I will detail below, I have found it appropriate to approve the application, and to give the arrangement the validity of a judgment.

The matter of the motion to certify the class action, the parties' arguments and the proceedings in a nutshell

2. The Applicants filed a motion to certify a class action (hereinafter: the "Motion for Approval") on the grounds that the IEC and Israel Railways violated the privacy of the users of their digital platforms by allowing the leakage of information to the corporations Google and Facebook (hereinafter: the "Corporations"), so that the corporations could collect personal and identifying information of users of the Respondents' digital platforms, without their consent.
3. In the application, it was argued in summary that the respondents must amend their conduct so that the respondents do not collect, manage, use or transfer to third parties any details of their customers, without obtaining the individual, prior and informed consent of the customers; that the respondents must correct their conduct so that they do not allow any third parties to collect, receive, manage, use or transfer any details of the respondents' customers. without obtaining the individual, beforehand, written and informed consent of the clients; amend their engagement agreements to comply with the terms of the law; Modify their technological systems to comply with the requirements of the law regarding the privacy of their customers as well as in relation to the publication of the "Privacy Policy" document on their websites.
4. In addition, the Applicants argued that in order to find the "Privacy Policy" document on the IEC's website, an active search must be conducted, while according to the law, the policy document must also be accessible to users with low digital literacy.
5. In the application for approval, the Applicants defined the group as follows: "All the Respondents' customers who made use of any digital platform operated by any of the Respondents, such as the Respondents' website, or the Respondents' applications."
6. Causes of action according to the request for approval: breach of the provisions of the Protection of Privacy Law, 5741-1981; breach of contract; deception and breach of the duty of good faith by virtue of the Contracts (General Part) Law, 5733-1973; fraudulent torts, negligence and breach of statutory duty set forth in the Torts Ordinance [New Version]; Violation of the Uniform Contracts Law, 5743-1982; Unjust enrichment by  virtue of the Enrichment Law and not in law,  1979; Grounds by virtue of  the Consumer Protection Law, 5741-1981.
7. In response to the request for approval, the IEC denied all of the applicants' claims and claimed that the data it claimed to have transferred to Facebook is not "information" as defined in the Privacy Protection Law; that contrary to what is claimed in the application for approval, not every detail regarding a person is private information and the data that is allegedly collected by Facebook does not include personal, economic or medical information; that the IEC is acting lawfully, According to a privacy protection policy published on its website and in accordance with the law and the recommendations of the Privacy Protection Authority, this does not violate the Privacy Protection Law and there is no damage that could reasonably be caused to IEC customers.
8. The IEC further claimed that it has no policy, systematic practice or practice to transfer, allow, or collect personal information about its customers, without their consent and approval, including no policy, systematic practice, or custom to disclose personal information about IEC customers, when they enter the IEC's website, to other corporations such as Facebook, without their consent and approval, and that there is no such practice in all matters relating to the transfer of personally identifiable information. The applicants submitted a response to the response.

Proceedings

9. In the proceeding, two pre-trial hearings were held on June 6, 2021 and January 23, 2023, in which the parties' arguments were heard and I recommended to the parties to hold a mediation proceeding. Following the mediation process held by the parties before retired mediator Hila Gerstel, the parties reached this settlement agreement, without one party admitting the other's claims.
10. The parties' request to approve the settlement was filed on January 11, 2024, and on that date I issued a decision ordering its publication and transfer to the Attorney General and the Commissioner of Consumer Protection. After six requests to extend the deadline for examining the possibility of submitting the State's position, on September 23, 2024, about eight months after the decision was submitted to the State Attorney's Office, the Ministry of Justice and the Privacy Protection Authority (hereinafter: "the Professional Bodies in the State") were submitted in accordance with Section 18(d) of their position regarding the settlement that was submitted for approval.

Parties Agreements

11. The group to which the settlement will apply is: "all IEC customers who have made use of any digital platform operated by the IEC, such as the IEC's website or applications."
12. The IEC has carried out and undertakes to carry out the following as requested in the application for approval:

After submitting the approval request, the IEC amended its website, so that a link to the IEC's privacy policy appears on the main page, as requested in the approval request.