International transfers of personal data are under the spotlight again following a recent decision of the European Court of Justice that reviewed the legal means of transferring personal data from the EU to the United States: Data Protection Commissioner v Facebook Ireland and Max Schrems (Case C-311/18; 16 July 2020).

One of the most pervasive and persistent problems of privacy and data protection in the digital age is how to move the burden from consumers to read terms and conditions for services they are using, to the service providers to ensure they are clearly explaining the choices that consumers have, and the consequences for them.

This guest post was contributed by Richard Menzies, General Manager, Uber NZ, to mark Privacy Week. It is the first in our Working with Industry series of guest posts. The Working with Industry series do not necessarily reflect the views of our office and are published to inform and stimulate debate on topical privacy issues and developments.

Sir Bruce Houlton Slane KNZM, CBE, LLB practiced law in New Zealand for almost 50 years, including 11 years as the country’s first Privacy Commissioner.

Privacy authorities typically perform regulatory and enforcement functions on their own - or occasionally with another public body - within their domestic jurisdiction. They know the domestic law they enforce. The law will clearly lay out the authority’s role and provide a clear pathway to the intended outcomes.