ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

New Zealand is preparing a similar privacy bill to GDPR

A GDPR-like privacy law is currently making its way through parliament in New Zealand. The legislation was originally proposed back in March. The bill intends to repeal the Privacy Act of 1993, outdated legislation that was passed before the internet received mass adoption.

Next Thursday, May 24, public submissions concerning the new bill come to an end and the bill will be inspected by the Select Committee to decide whether amendments are required. The government says it hopes the new bill will “promote people's confidence that their personal information is secure and will be treated properly".

Improved privacy for New Zealanders

New Zealand's Privacy Commissioner, John Edwards, has gone on the record to state that he hopes the new privacy bill will give the government "meaningful enforcement powers, such as an ability to seek fines for serious non-compliance."

As is the case with its European counterpart, Edwards believes an important part of the bill will be to make it mandatory for firms to disclose when data breaches occur. Any failure to properly report breaches will result in fines of up to $10,000 for businesses that don't comply. 

This is going to make it critical for New Zealand-based firms to closely monitor attack vectors in order to defend against and react to data breaches and cyber attacks.

Edwards is also keen for the new legislation to address automated processes “that can affect access or entitlement to goods and services". Edwards wants citizens to be given the opportunity to question how algorithms are being used to process data and to be given the right to object to automated decisions made using their data.

Outdated Privacy Act

Why now?

A recommendation to update New Zealand's antiquated Privacy Act was originally suggested by the New Zealand Law Commission back in 2011. Until this year, however, nothing had come of it. Thus, it seems fair to suggest that the EU’s GDPR legislation may have actually helped to trigger action on the part of New Zealand’s government. 

This is a pretty encouraging sign for digital privacy around the globe; which GDPR is directly hoping to improve across the board. The European legislation, for example, actually contains language that suggests GDPR applies to everyone on the planet:

"The processing of personal data is designed to serve man; the principles and rules on the protection of individuals with regard to the processing of their personal data should, whatever the nationality or residence of natural persons, respect their fundamental rights and freedoms, notably their right to the protection of personal data"


Fantastic timing

Whatever the reason, the decision to improve New Zealand’s privacy laws couldn’t have come at a better time; especially considering the ongoing revelations about corporate data mining on platforms such as Facebook.

The recent Cambridge Analytica scandal has shed light on how corporations are data mining via social media; and GDPR is bringing into question the data practices of just about every firm with online activities.

Add to that the staggering size of data breaches that the world has experienced in the last few years - such as the Yahoo breach that affected up to 3 billion users worldwide - and you get an idea of why it is so vital for governments to step in and make firms accountable.

For too long, consumers around the world have been glamoured into parting with their data by the corporate vampires that bleed them dry. Experts agree that consumers' personal data holds immense value and should be considered a currency. That is why legislation New Zealand’s forthcoming bill is so vital.

What Happens Next

What happens next?

Next week. the bill will move back to the select committee in order to address any issues brought to light by the public submissions phase. At that time the committee will consider any amendments that might need making. Following that, the legislation will be revised and will receive a second reading. Next, the committee of the whole House will analyze the bill before passing it back for a third reading. At that stage, the bill will receive Royal Assent and be passed into law.

A great way to keep your data secure is to use a VPN, find out which VPN services are GDPR compliant by reading our GDPR industry report.

Title image credit: one photo/

Image credits: iQoncept/, sdecoret/, garagestock/

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 


There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service