The European Commission has determined that New Zealand has an adequate level of protection for personal data transferred from the European Union. Essentially ‘adequacy’ says that our legislation isn’t the same as Europe’s, but its outcomes are similar and can be trusted.
Privacy Commissioner Michael Webster says this is good news for trade and ease-of-doing business in the digital age and helps ensure smooth cross-border data transfers.
Only a small number of countries have achieved EU adequacy status, and this recognition is important for New Zealand in a global business environment.
“Adequacy means that New Zealand is a good place for the world to do business; we have strong privacy protections in our legislation and are an empowered regulator,” says Michael.
“Privacy regulation supports the digital economy, with the Privacy Act being the only statute that requires data security safeguards to be in place; that underpins our relationships with key trading partners, which is crucial for any global operator.”
“An example of that is New Zealand’s $400 million video and computer games sector, which is enabled by good data protection standards.”
Adequacy demonstrates the importance, both at home and on the world stage, of having strong privacy protections. However, it’s not a ‘set and forget’ situation; the countries we benchmark ourselves against are strengthening their privacy and data protection laws now and we need to too.
“Now is the time for New Zealand to evolve our data protection laws if we want to retain adequacy,” says Michael.
“We live in dynamic times with significant technological advancements, yet we’re operating on a Privacy Act that is based on policies agreed in 2013.
“This past decade has seen the development and widespread adoption of technologies such as biometrics and AI and does not account for new risks to children’s privacy.
“We need to ensure our Privacy Act keeps up with global privacy standards or risk that we may no longer be one of the safest places to process personal information,” says the Privacy Commissioner.
The European Commission noted the Privacy Amendment Bill as a positive move. The Commissioner is keen to support progress on that. His office also recommends the following developments to the Privacy Act 2020:
– A set of specific amendments to make the Privacy Act fit-for-purpose in the digital age.
– A civil penalty regime for major non-compliance alongside new privacy rights for New Zealanders to better protect themselves.
– Stronger requirements for automated decision making and agencies demonstrating how they meet privacy requirements.
Proceeding with the above amendments is important, especially if the Government proceeds with the proposed Consumer Data Right.
The adequacy decision for New Zealand was first adopted on 19 December 2012.