Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Haere mai ki te wiki o te Reo John Edwards
4 July 2016

kina edit

It’s Māori Language Week and Matariki, and long past time for a post about Māori and privacy.

This week we will be issuing a privacy phrase a day in te Reo. Today’s phrase is “māu anā koe e whakahaere (take control).”

It is timely to think about Māori and privacy. While there does not seem to have been much work done in academia or in the courts on rights, obligations and expectations of Māori in relation to privacy, the Law Commission did specifically consider Māori as part of its 2011 review of the Privacy Act.

The review found evidence of ‘distinct Maori perspectives on privacy’[1] and that there is a tension between western concepts of privacy and Māori concerns with collective interests, particularly in the health field.

That distinction between privacy as an individual versus a collective right echoes our own experience. It is not uncommon for us to hear quite different expectations about who should have access to information about a rangatahi (a young person) being assisted by an iwi service provider than we might hear at a mainstream service, like a DHB.

When we visit providers predominately established to work with Māori, we see a different starting point from the individual-centred approach taken by mainstream providers. Often we see an assumption that extended whanau, such as aunties and cousins, should be involved in the child’s care, and, therefore, entitled to information.

The Privacy Act is flexible enough to accommodate and enable these service provider delivery models. What it does require is that those providers are open with their clients about what happens to their information so they can elect to ask for restrictions on their information, choose another service, or go along with a whānau-based model, with all that implies.

Another theme we see is of collective rights to control how data about Māori is used. This is a scaled-up version of the same discussion about individual rights in relation to so-called ‘big data’ but carries additional dimensions.

Information about Māori and other cultural information such as the location of waahi tapu can be considered taonga, and therefore entitled to the protection provided under Article 2 of the Treaty of Waitangi. There is an increasing call for “Māori Data Sovereignty”, a subject addressed compellingly by Karen Coutts at a recent Rotary Forum on privacy and security.

The enforcement of the Privacy Act depends on a complainant being able to establish some harm or loss, which can include “significant loss of dignity”. That concept is directly translateable to a “loss of mana” and we have seen such complaints.

Some information is seen as particularly culturally sensitive, such as whakapapa, which receives special recognition in those parts of the Electoral Act that are designed to assist hapu and iwi to create registers of iwi affiliation.

In recognition of the particular cultural considerations associated with privacy and information in Māori kaupapa, the Law Commission recommended that section 14 of the Privacy Act should be amended so the Privacy Commissioner has an express responsibility to consider the needs and values of Māori and different cultural groups while exercising his or her functions.

We are doing some work on that and we may see that concept specifically acknowledged in the forthcoming privacy law reforms. But in any case, Māori, together with every other New Zealander, are entitled to ‘māu anā koe e whakahaere’.

John Edwards - Te Mana Matapono

[1] Law Commission. (2011). “Review of the Privacy Act 1993: Review of the Law of Privacy Stage 4”. URL:  http://www.lawcom.govt.nz/our-projects/privacy Retrieved 31 March 2016


, ,



No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.