20 December 2012

Privacy Commissioner Marie Shroff today welcomed the announcement that the European Commission had formally decided that New Zealand's Privacy Act offers an adequate standard of data protection for the purposes of European law.

"The European decision is a vote of confidence in our privacy law and regulatory arrangements. This decision establishes New Zealand, in the eyes of our trading partners, as a safe place to process personal data."

The Office of the Privacy Commissioner (OPC) has been working for a number of years towards this outcome. It has assisted successive governments in amending the Privacy Act to meet EU requirements and has worked with European institutions to gather the information they need to make an assessment.

Assistant Commissioner Blair Stewart, who has led more than 10 years of OPC work on EU adequacy said, 'Europe and New Zealand share a common commitment to upholding human rights. As part of this, all European countries have data protection laws much like New Zealand's Privacy Act 1993. However, since 1995 European businesses have been prohibited by law from transferring personal data to countries outside Europe for processing unless special safeguards prescribed in law are in place.

"Providing the special safeguards in the manner required by EU law can be expensive and difficult even where companies are already operating with comprehensive privacy laws like New Zealand's. This is why it has been so important for New Zealand to obtain an official decision that our law is adequate to meet EU standards. The European Commission decision establishes that all New Zealand companies in all circumstances can meet those European requirements. Few countries outside Europe have achieved this status.

"The decision should be helpful to New Zealand businesses that trade with Europe or hope to do so as it substantially simplifies compliance with data protection requirements.

"The decision to recognise New Zealand law for the purposes of EU data protection requirements is a small step in making privacy laws around the world work together to protect people better. Substantial variations in legal standards and incompatible regulation are also a problem for businesses that operate across national borders. Global interoperability of privacy regulation has the twin underlying goals of creating a trustworthy environment and avoiding unnecessary barriers to cross-border information flows."

Notes for editors

The Office of the Privacy Commissioner has released a Backgrounder and Questions & Answers [DOC, 1.8 MB] which provides more information about the European Commission decision and aspects of EU law and process.

The EU media release is at http://europa.eu/rapid/press-release_IP-12-1403_en.htm

Justice and Trade Ministers' media release:  http://www.beehive.govt.nz/release/kiwi-businesses-benefit-eu-recognition-nz-privacy-law

Media contact: Katrine Evans - 021 509 735