be-nz logo
Story image

Privacy Act to roll out in December as Kiwis support stronger privacy laws

30 Jun 2020

The Privacy Bill has passed its third and final reading in Parliament this month, with only the Royal Assent process remaining before it becomes passed into law.

The new Privacy Act is expected to take effect from 1 December 2020, according to the Office of the Privacy Commissioner.

The Privacy Act will replace the 1993 legislation and brings the concept of privacy into the modern, digital age.

“The new Privacy Act provides a modernised framework to better protect New Zealanders’ privacy rights in today’s environment,” comments Privacy Commissioner John Edwards.

“I am grateful for the cross-party support of Parliament on this issue. It is an endorsement of the significance of privacy as a universal human right that the Bill was passed with the multi-party support of the House.”

The Office of the Privacy Commissioner today released the results of a new survey, titled Concerns and Sharing Data.

Of 1398 polled New Zealanders, 65% are in favour of strong privacy regulation, 29% are happy with the same level of regulation, and 6% prefer less legislation.

New Zealanders are most concerned about unauthorised business sharing of their personal information (75%), while 65% express concern about government agencies doing the same thing.

Other major concerns include theft of banking information (72%), and online security of personal information (72%). Additionally, 41% are concerned about how CCTV and facial recognition technology is used.

The majority (81%) of respondents say they are aware of the Privacy Act – however, those who are younger and of Māori and Pasifika descent are less likely to be aware of it.

The Office of the Privacy Commissioner notes that the New Privacy Act includes key reforms, such as:

  • Mandatory notification of harmful privacy breaches. If organisations or businesses have a privacy breach that poses a risk of serious harm, they are required to notify the Privacy Commissioner and affected parties. This change brings New Zealand in line with international best practice.
  • Introduction of compliance orders. The Commissioner may issue compliance notices to require compliance with the Privacy Act. Failure to follow a compliance notice could result a fine of up to $10,000.
  • Binding access determinations. If an organisation or business refuses to make personal information available upon request, the Commissioner will have the power to demand release.
  • Controls on the disclosure of information overseas. Before disclosing New Zealanders’ personal information overseas, New Zealand organisations or businesses will need to ensure those overseas entities have similar levels of privacy protection to those in New Zealand.
  • New criminal offences. It will be an offence to mislead an organisation or business in a way that affects someone’s personal information or to destroy personal information if a request has been made for it.  The maximum fine for these offences is $10,000.
  • Explicit application to businesses whether or not they have a legal or physical presence in New Zealand. If an international digital platform is carrying on business in New Zealand, with the New Zealanders’ personal information, there will be no question that they will be obliged to comply with New Zealand law regardless of where they, or their servers are based.

Read our previous coverage on the Privacy Bill below.