Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.

The Privacy Commissioner has today announced his intention to issue a Biometrics Code.
 
He is releasing the Biometric Processing Privacy Code for consultation and is calling for submissions on the draft Code from the public and any agencies it would apply to. 
 
“The Code will help agencies implement the technology, while giving people confidence it’s being done safely and fairly”, Privacy Commissioner Michael Webster says.
 
“New Zealand doesn’t currently have special rules for biometrics. The Privacy Act regulates the use of personal information in New Zealand, including biometric information, but biometrics needs special protections especially in specific circumstances.”
 
Biometric processing is the use of technologies, like facial recognition technology, to collect and process people’s biometric information to identify them or learn more about them.
 
A Biometrics Code would modify some of the principles in the Privacy Act and create more specific privacy rules for agencies using biometric technologies to collect and process biometric information.
 
The major additional rules in the Code are: 
  1. adding a requirement to do a proportionality test and put in place privacy safeguards
  2. stronger notification and transparency obligations
  3. limits on some uses of biometric information (e.g. emotion analysis and types of biometric categorisation).
 
Mr Webster said that earlier in 2024, OPC had consulted on an exposure draft version of a Biometrics Code. 
 
“We consulted on these draft rules and that showed we have broad support for these proposals, but also that some changes were needed, which we have made”. 
 
The Code has been simplified to improve understanding of what processes were included and excluded and some rules, like the notice requirements, have been clarified. 
 
The restrictions on using biometrics (fair use limits) are now targeted to the most intrusive and highest risk uses. We’ve also added a new requirement for organisations to tell people where they can find a rundown of their assessment of the pros and cons of using biometrics, where they’ve made this public. 
 
Other changes included increasing the commencement period from 6 months to 9 months for organisations already using biometrics and adding a new provision to allow for a trial for organisations to assess biometric processing.
 
Draft guidance material has been developed to help organisations know what the rules are and explain how to comply with the Code. We are releasing this draft guidance alongside the Code consultation and also want people’s feedback on that. 
 
“The feedback we’ve gained, and our own analysis has helped us to develop a code that will help ensure biometric technologies are used safely and fairly. But it’s important to get this right, so people have the chance to provide feedback through a public consultation to March 2025.
 
The Code is expected to come in force in 2025.