In the Gottesman case, it was held that:
"The wording of section 2(11) ofthe Protection of Privacy Law teaches us that in order for the publication of a matter to constitute an infringement of privacy, it must be proven that the information published enables the identification of a person. When will you conclude that information that has been published does indeed allow a person to be identified, so that his privacy has indeed been violated? In summary, it seems that the answer is that there will be no violation of privacy where the requirement of "identification" is not met, i.e., insofar as a reasonable person cannot link the published information to a specific person" (ibid., in paragraph 18, emphases in original).
The claim that certain information is information that enables the identification of a person, and the claim that the Respondent has personal information about the Applicant thanks to practices that are contrary tothe Protection of Privacy Law, are claims that must be proven, and the Applicant did not lay an evidentiary basis in this regard and therefore did not substantiate the claim at the level required to certify the class action, despite the approved document disclosure procedure.
Similarly, no sufficient evidentiary basis was laid for the claims regarding the creation of a database in relation to non-Facebook users.
- Moreover, in the framework of the application for approval (section 31) and in the applicant's summaries (paragraph 13), the applicant noted that the chairman of Facebook appeared before a committee of the European Parliament on May 22, 2018, and in connection with the response given by Facebook, it was stated as follows: "In the response document provided by Facebook after this investigation (Appendix 5 to the request for approval) it was explicitly stated:
"Facebook has admitted to creating "shadow profiles" of people who surf the web but don't have a Facebook account"
However, a perusal of Appendix 5 to the motion for certification shows that, as the Respondent claims, this is part of Question No. 1 that was presented to the Respondent, and not the answer given by it. As detailed above, Facebook admitted to receiving certain information and uses of it, even with respect to non-users, but claimed that it does not use the information for the purpose of creating profiles about non-users (see Appendix 5 to the Request for Approval). Therefore, this application cannot be of any benefit to the applicant.
- In summary, these are factual questions, which require proof, but they were not laid as required, even at the level required for the certification of a class action.
The basis of the motion for approval is the claim that the Respondent collects and stores information of persons who are not members of Facebook, without their consent. In this regard, the Applicant refers mainly to the statements of the President of Facebook itself and acknowledgements on its behalf regarding the information it collects from third-party websites. The Respondent has defense arguments relating to its engagement with the Sites and their obligation to obtain consent. The Applicant complains that the Respondent did not attach its agreements with the third-party websites, and even argues that this does not create protection for the Respondent.