The Privacy Act has stood us in good stead for a long time now. But it is time, in this data centric world, to look at the rights of privacy afresh. Any such review will need to consider the balance of rights between protecting the rights of individuals adequately and not overly protecting them.
The review will need to walk the fine line between ensuring the right to privacy of an individual is protected and the right to access information to prevent or protect against criminal acts (including terrorism) . The issues here were very clearly canvassed in the recent Apple case.
In addition, any consideration of issues of greater good should take into account the benefit that may be gained from being able to generate statistically relevant data sets. Any new community focussed initiative (for example a new medical treatment, a new social policy, a new community service) will benefit enormously from understanding how it is being implemented and used and the reasons for its success or not. This can be gleaned from capturing information from those participating in or benefiting from the new initiative. So any new privacy right will need to ensure that the right of the individual is adequately protected but at the same time the protection is not such that it makes it too difficult to gather an anonymised statistically relevant pool of data that will enable those working with the initiative to refine and improve the treatment, policy or service for the greater good.
Another issue to consider is ensuring that the rights established in New Zealand are not significantly out of step with those of our major trading partners. The rights should not be too relaxed so that NZers are exposed or that those dealing with New Zealand have concern about whether the rights of their citizens are at risk. But at the same time our laws should not become so restrictive that to trade with NZers, international organisations would need to establish unique business models. Unfortunately the size of the New Zealand population is not large enough for it to make commercial sense to build business models unique to New Zealand. If the protections were too onerous there is a real risk that international organisations will simply choose not to offer the new product in New Zealand. As a result NZers will either miss out or (as they often do) choose to circumvent the protections and source the product from overseas. This latter choice potentially creates a greater risk for those NZers that choose to do it than a less restrictive regime that still puts in place some form of protection.
Any overhaul of New Zealand's privacy laws will need to take into account a lot of competing interests - we owe it to ourselves and to NZ to take an interest.
It is impossible to consider today and tomorrow’s data issues through an antiquated privacy lens. The Privacy Act was passed in 1993, long before social media was a thing and even before email was ubiquitous so we need to “continually re-calibrate society’s view” on the issues of data privacy and ownership, says Ms Adams. It also requires updates to the privacy laws – something that the Government is working towards following a review of the Privacy Act undertaken by the Law Commission. Proposed changes include stronger powers for the Privacy Commissioner, mandatory reporting of breaches, new offences and increased fines. With significant information held offshore by companies like Google and Facebook, new measures will also address privacy concerns about cross-border information flows. Ms Adams intends to introduce the Bill into Parliament in 2017.