New Zealand

Summary

Law: Privacy Act 2020 (the Act)

Regulator: The Office of the Privacy Commissioner of New Zealand (OPC)

Summary: On December 1, 2020, the Privacy Act 2020 (the Act) came into force. The Act repeals and replaces the Privacy Act 1993 and contains 13 Information Privacy Principles (IPP) that govern the use of personal information in New Zealand. The Act requires agencies to appoint at least one privacy officer, report data breaches that cause, or are likely to cause, serious harm, and provides data subjects with both the right to access and the right to request correction of their personal information. In addition, the new IPP 12 provides that an organization or business may only disclose personal information to an agency outside of New Zealand if the receiving agency is subject to similar safeguards to those in the Act. The Act introduces new criminal penalties, punishable with fines of up to NZD 10,000 (approx. €5,870) and allows the OPC to issue compliance notices and enforceable access directions. Furthermore, on September 5, 2023, Bill 292-1 the Privacy Amendment Bill was introduced to the New Zealand Parliament to amend the Act, but if passed the amendments will not enter into force until June 1, 2025. Key amendments proposed include the addition of the obligation to inform individuals of the collection of their personal information from a source other than from the individual to whom the information relates. Notably, New Zealand was the first APAC jurisdiction to be recognised as providing an adequate level of personal data protection by the European Commission.

Browse more content in New Zealand

All Guidance Notes

All News

All Insights

News

13 November 2024

International: NCSC and international agencies publish advisory on top vulnerabilities exploited by cyberattackers in 2023

24 October 2024

New Zealand: OPC raises concerns over increasing use of cameras and privacy violations

01 October 2024

New Zealand: Statutes Amendment Bill introduced to Parliament

25 September 2024

New Zealand: Customer and Product Data Bill passes first reading

25 September 2024

New Zealand: OPC comments on facial recognition technology trial

17 September 2024

New Zealand: OPC provides advice on data anonymization

16 September 2024

New Zealand: OPC announces update to AskUs questions

20 August 2024

New Zealand: OPC publishes guide on privacy risks with disclosing genetic data to insurers

20 August 2024

New Zealand: OPC announces EU data protection adequacy decision and publishes periodic update report

09 August 2024

New Zealand: MBIE adopts paper on strategic approach to AI in New Zealand

07 August 2024

New Zealand: OPC publishes feedback from consultation on privacy rules for biometrics

16 July 2024

New Zealand: OPC publishes its statement of performance expectations for 2024-2025

Insights

July 2024

New Zealand: Privacy laws and AI

Artificial intelligence (AI) is playing an increasingly integral part in the daily lives of Kiwis as they engage in the digital economy. In this article, Anthony Cooke, from Clyde & Co., explores how existing privacy legislation in New Zealand influences the use and evolution of AI tools and technologies. Additionally, Anthony delves into the broader regulatory landscape in New Zealand concerning AI.

December 2023

New Zealand: Privacy Amendment Bill set to introduce enhanced transparency obligations

The Privacy Amendment Bill, No. 292-1 (the Bill), was introduced to the Parliament of New Zealand on September 5, 2023, and seeks to amend the Privacy Act 2020 (the Privacy Act). The Bill, among other things, aims to increase transparency for individuals about the collection of their personal information, better enable individuals to exercise their privacy rights, and introduces provisions relating to the indirect collection of personal information by agencies. OneTrust DataGuidance provides an overview of the Bill.

August 2022

New Zealand: An overview of the 2022 Whistleblowing Act

The Protected Disclosure Act 2000 ('the Protected Disclosure Act') was passed by the New Zealand Parliament ('Parliament') more than 20 years ago to strengthen whistleblower protection. Following a review of whistleblower protections, the Protected Disclosures (Protection of Whistleblowers) Bill ('the Act') was published and came into effect on 1 July 2022. OneTrust DataGuidance considers the impact of the Act and its key provisions.

March 2022

International: Handling children's personal data in the APAC region – Part two

The processing of children's personal data, from collection to destruction, generally carries with it special considerations. Indeed, the level of protection afforded to children is often higher, due to in part their capacity to understand the consequences of providing their information and the potential risks associated with their use or misuse. In part two of this series, OneTrust DataGuidance considers the rules in the APAC region which govern children's personal data, featuring perspectives from New Zealand, the Philippines, and Singapore.

For insight into handling children's personal data in Australia, China, India, and Japan, please see part one here.

January 2022

New Zealand: Dealing with sensitive personal information under the Privacy Act 2020

Personal data covers a wide range of information relating to living, identifiable human beings, including information being particularly sensitive. On 16 December 2021, the Office of the Privacy Commissioner of New Zealand ('OPC') published its guidance 'Sensitive personal information and the Privacy Act 2020'¹ ('the Guidance'). The Guidance provides key points on how the Privacy Act 2020 ('the Privacy Act') applies to sensitive personal information. OneTrust DataGuidance explores definitions, principles, exemptions, codes of practice, oversight, compliance, and enforcement mechanisms, as well as approaches outlined in the Guidance.

November 2021

New Zealand: Biometrics under the Privacy Act 2020 - What you need to know

On 6 October 2021, the Office of the Privacy Commissioner ('OPC') released a position paper ('the Paper') setting out its approach to regulating biometrics under the Privacy Act 2020 ('the Act'). As stated by the OPC, the increasing role of biometric technologies leads to calls for greater regulation of biometrics in New Zealand. In addition, the OPC noted that other countries are also considering how best to regulate these technologies, and some have enacted specific regulatory frameworks for biometrics. OneTrust DataGuidance gives an overview of the key information contained in the paper, the OPC's view on processing biometric information, and an outline of how the Act applies to the same.

October 2021

New Zealand: Overview and potential impact of the new whistleblower bill

The Protected Disclosures Act 2000 ('the Act') was passed by the New Zealand Parliament ('Parliament') more than 20 years ago to strengthen whistleblower protection within the private sector. Since then, the nature of wrongdoing within the workplace has changed considerably and other laws dealing with similar subject matter, including the Privacy Act 2020, have emerged. Following extensive inquiries by the New Zealand Government, the long-awaited Protected Disclosures (Protection of Whistleblowers) Bill 2020 ('the Bill') was introduced in June 2020, with the view of resolving shortcomings in the Act. OneTrust DataGuidance considers the impact of the Bill, highlighting key provisions and its progress thus far.

New Zealand

Summary

Browse more content in New Zealand

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us