What is the New Zealand Privacy Act?

What is the New Zealand Privacy Act?

The New Zealand Privacy Act or the Privacy Bill for short is a comprehensive data privacy law that was recently passed in New Zealand in 2020. The Privacy Bill both repeals and replaces the already existing New Zealand Privacy Act of 1993, by creating legislation that addresses new privacy concerns that have arisen amidst our current digital age. In accordance with other privacy laws that have been passed in recent years around the world such as the California Privacy Rights Act or CCPA and the EU General Data Protection Regulation or GDPR, New Zealand’s Privacy Bill also sets forth specific requirements that businesses, individuals, and organizations alike must adhere to when collecting, accessing, using, or disclosing the personal data and information of New Zealand residents.

What is the application and scope of New Zealand’s Privacy Bill?

All agencies, businesses, organizations, and individuals who collect, use, or disclose the personal data or information of New Zealand residents must maintain compliance with the Privacy Bill during the course of their operations. What’s more, the law also contains extraterritorial jurisdiction, mandating that overseas and international companies who conduct business within New Zealand also adhere to the law’s principles and regulations. However, the following parties are exempt from the protections of the Privacy Bill:

In addition to governing the information that businesses, individuals, and organizations collect from New Zealand citizens, the New Zealand Privacy Act covers all forms of personal information that may be shared or transferred within New Zealand, including information that businesses and organizations gather from their own employees.

What are the requirements for businesses and organizations under the Privacy Bill?

New Zealand’s Privacy Bill establishes various principles regarding data privacy that businesses and organizations within the country must adhere to when collecting personal data or information from citizens. These principles include the following:

What are the penalties for violating the New Zealand Privacy Act?

The New Zealand Privacy Act is enforced by the Privacy Commissioner, and businesses and organizations that are found to be in violation of the law are subject to monetary penalties of up to $10,000 per offense. Furthermore, misleading an agency to gain access to another individual personal information, or having said information altered or destroyed is considered a criminal offense under the law. However, as opposed to allowing New Zealand citizens to bring a private right of action against agencies who violate their data privacy rights, the requirements and mandates of the Privacy Bill are not enforceable in court. Alternatively, individuals who believe their rights have been violated must instead file a complaint with the Privacy Commissioner.

After an individual reports a privacy violation to the Privacy Commissioner, they will then be prompted to fill out a complaint form. This form asks individuals to specify principles of the Privacy Bill they feel have been violated, as well as the extent of said violations. In instances where the Privacy Commissioner cannot solve a data subject’s complaint, they can then escalate their complaint to the Director of Human Rights Proceedings, the Human Rights Review Tribunal, and ultimately, the High Court of New Zealand. Conversely, if it is determined that a data subject’s rights have been infringed upon without the need for escalation, they are entitled to damages of up to $350,000.

The New Zealand Privacy Act was passed to update the level of privacy protection that is afforded to citizens of New Zealand. As the country’s previous Privacy Bill had not been updated since 1993, the New Zealand Privacy Act was passed during a much needed time, as advancements in technology in the last 20 years have contributed to alternative views of personal privacy that had never been considered before in history. As such, residents of New Zealand can be confident in the fact that they have an avenue for recourse in instances in which they feel their personal data privacy rights have been infringed upon.

Related Reads