The details of your personal life, such as grocery purchases, pizza topping preferences and Amazon wish lists, are collected every day ― by both websites and traditional retailers. Though
this data seems fairly innocuous, when it's put together it can tell whoever is gathering it a
whole lot about your health, finances and behavior; and that means it can easily be used against you.

Dr. Michael Birnhack of Tel Aviv University's Faculty of Law and Prof. Niva Elkin-Koren from the University of Haifa recently completed a comprehensive study on information privacy laws in Israel and found compelling reasons for lawmakers everywhere to take notice.

In conducting their research, Birnhack and Elkin-Koren examined close to 1,400 Israeli websites and their privacy statements and attempted to discern whether or not the sites complied with the law. They then reported their findings on the Social Science Research Network (SSRN) website.

Even though Israeli law requires them to do so, a significant number of sites don't state that they are collecting this information, while a majority of popular commercial sites reserve the right to change their privacy policies at any time. This means that data is up for grabs.

The process can be deceptive in another way, however. Information collected by websites has benefits. Based on previous purchase and search queries, Amazon can recommend books for readers "just like you." But in the wrong hands, similar information collected by web sites and discount card companies could be used by health insurance organizations to boost premiums or by employers trying to figure out how many sick days you'll be taking each year. It could even make or break your chances of landing that new job, Dr. Birnhack says.

A health insurance provider doesn't need to see your medical records to understand the state of your family's health. It can learn just as much by looking at your grocery bill. "If you use a discount card at a supermarket, information on your purchases is added to a database. If you shop for halal or kosher products, your religion can be inferred, and the purchases of fatty or gluten-free foods can provide an indicator of your family's overall health."

Federal legislation in the U.S. regulates some 15 different kinds of specific data sets, such as health data and credit histories, but not for information collected by club and discount cards or by commercial web sites. And it's more difficult to write a law to secure confidentiality in those areas, says Dr. Birnhack.

"It's not just sites like Facebook and Twitter that should cause concern," he continues. "It's all the trivial things that are collected about us that we're not protected against."

"Unless there are specific laws in place, this personal digital information is up for grabs. It can be bought and sold between governments and private companies, which can then conduct data mining and analysis on it and sell the results to third parties," he explains.

Like Europe, Canada has a universal informational privacy policy, but U.S. data collection and dissemination regulation is more limited. Justice system lawyers are currently debating the issue of informational privacy, and Dr. Birnhack suggests that they look to Canada's law as a good way to protect privacy. "Canada has the best data protection regime in the world," he says. "It's very powerful."

"Legislators should be aware of how easy it is to collect personal information about citizens to start building more protective laws," Dr. Birnhack concludes.

Citation: Birnhack, Michael D. and Elkin-Koren, Niva, Does Law Matter?
Informational Privacy and Online Compliance in Israeli Web Sites
(August 18, 2009). Available at SSRN