European Union endorses New Zealand Privacy Act
Media release
20 December 2012
Privacy Commissioner Marie Shroff today welcomed the announcement that the European Commission had formally decided that
New Zealand’s Privacy Act offers an adequate standard of data protection for the purposes of European law.
“The European decision is a vote of confidence in our privacy law and regulatory arrangements. This decision establishes
New Zealand, in the eyes of our trading partners, as a safe place to process personal data.”
The Office of the Privacy Commissioner (OPC) has been working for a number of years towards this outcome. It has
assisted successive governments in amending the Privacy Act to meet EU requirements and has worked with European
institutions to gather the information they need to make an assessment.
Assistant Commissioner Blair Stewart, who has led more than 10 years of OPC work on EU adequacy said, “Europe and New
Zealand share a common commitment to upholding human rights. As part of this, all European countries have data
protection laws much like New Zealand’s Privacy Act 1993. However, since 1995 European businesses have been prohibited
by law from transferring personal data to countries outside Europe for processing unless special safeguards prescribed
in law are in place.
“Providing the special safeguards in the manner required by EU law can be expensive and difficult even where companies
are already operating with comprehensive privacy laws like New Zealand’s. This is why it has been so important for New
Zealand to obtain an official decision that our law is adequate to meet EU standards. The European Commission decision
establishes that all New Zealand companies in all circumstances can meet those European requirements. Few countries
outside Europe have achieved this status.
“The decision should be helpful to New Zealand businesses that trade with Europe or hope to do so as it substantially
simplifies compliance with data protection requirements.
“The decision to recognise New Zealand law for the purposes of EU data protection requirements is a small step in making
privacy laws around the world work together to protect people better. Substantial variations in legal standards and
incompatible regulation are also a problem for businesses that operate across national borders. Global interoperability
of privacy regulation has the twin underlying goals of creating a trustworthy environment and avoiding unnecessary
barriers to cross-border information flows.”
Notes
The Office of the Privacy Commissioner has released a ‘Backgrounder and Questions & Answers’ which provides more information about the European Commission decision and aspects of EU law and process.
The EU media release is at http://europa.eu/rapid/press-release_IP-12-1403_en.htm
Justice and Trade Ministers’ media release:
http://www.beehive.govt.nz/release/kiwi-businesses-benefit-eu-recognition-nz-privacy-law
ENDS