Privacy Act Missing in Action

Written by

Privacy Foundation NZ

Published on


Data Futures Guidelines




Media Statement for immediate release – 16 August 2017


The Data Futures Partnership Ministerial Advisory Group released new guidelines for trusted data use on 11 August 2017.

Business and government are now gathering huge stores of detailed, personal, digital data about every aspect of our lives. The release of the Guidelines provides a new opportunity to focus public attention on corporate use and exploitation of this data. The Privacy Foundation welcomes constructive discussion on data use and acknowledges potential to benefits to consumers.

The Privacy Foundation sees the Guidelines as an important step towards trusted data sharing. We welcome the intent and much of the content.

We acknowledge the fact that, in developing the guidelines, the Ministerial group asked people what is important to them about use of their data. We strongly support the “values, inclusion, trust and control” priorities which emerged from that work.

But we have some reservations. We think the guidelines need to incorporate existing legal bottom lines, including those which can be found in the Privacy Act, but could go further, for example indicating where current law could be modernised.  Data use is a complex area, which obviously requires a lot of work and study and there are sources, other than public surveys, that can inform a project like this.  From here, what we would like to see happen is as follows:

  • Parliament proceeding with its reforms to the Privacy Act.  This has been the subject of much input, and there is no need for further delay.  We need to know the shape of the law before we move into guidelines.
  • The Ministerial Advisory Group consults with the Privacy Commissioner, the Institute of Privacy Professionals, academic experts, and other interested groups including the Foundation.   The Foundation has technical and important concerns which we hope to have the opportunity to raise directly with the Data Futures Ministerial Advisory Group as they develop their Guidelines.
  • We note from the Guidelines, the positive recognition of the Treaty of Waitangi and that some data may be seen by Maori as taonga. We look forward to seeing the result of discussion with iwi /Maori.
  • The Guidelines are finalised into a usable document for both business and consumers.

In the meantime, here are some general points of discussion:

– From a corporate point of view, the new guidelines talk about data use in a way which can be useful as corporates want to use, share and link our data in a trusted way. They rightly suggest using social engagement to enhance that trust.  We welcome some of the new ideas put forward in the Guidelines, such as panels for community involvement, rules for the data algorithms, which silently control many of our digital choices.

– From an individual point of view, the existing protections in the Privacy Act are strong safeguards against misuse of our data. Surprisingly, the Guidelines barely mention the Privacy Act. No mention is made of legal penalties, which can be triggered by corporate, or government misuse. Any guidelines for corporate users of our data need to make it clear that there are legal bottom lines and sanctions.

– We are also concerned some important principles in the Act are barely mentioned. These cover and protect sources of data, fair collection, accuracy, new uses of data, unique identifiers and retention of data.

– The Ministerial Advisory Group plans to test these guidelines in practice. We think that they need to be finalised before testing.  If they are to be tested, where will this be done? What information about us is already being shared under test conditions? The public deserves to know.


Contact for media enquiries: Gehan Gunasekara phone 09 923 5218, (021 0743419 mob.); or email Marie Shroff – [email protected]


Background Notes for Journalists

* * Foundation activities will include:

– public statements on data protection and privacy issues of public importance including policy issues and proposals;

– submissions to select committees of parliament including relevant legislation

– representations to relevant business, government and interest groups

* The website gives the opportunity to join and or to provide support for the Foundation.

* The Privacy Foundation New Zealand Incorporated is a registered incorporated society. Further information is available on its website:

* The volunteer committee and group of individuals supporting the Foundation have a range of expertise, knowledge and interest in privacy issues. Officers are: Chair, Marie Shroff; Deputy Chair and Secretary, Gehan Gunasekara; Treasurer, Alida van Klink. Committee members: Alex Sims, Kathryn Dalziel and Katrine Evans

* The Foundation is a voluntary group and will not be able to provide advice about individual privacy complaints. Similarly the Foundation will not have the capacity to answer individual enquiries from the public. It will refer any privacy complaints or enquiries to the Privacy Commissioner or elsewhere as required.