Privacy Act 2020
Privacy Regulations 2020
The collection, use and sharing of personal information in New Zealand is governed by the Privacy Act 2020, which came into force on 1 December 2020. The Act largely reinstates the Privacy Act 1993, while strengthening privacy protections.
The reforms in the 2020 Act were based on the Law Commission’s 2011 Review of the Privacy Act 1993. Key changes include:
Further information on the Ministry’s work on the Bill can be found on our Ministry website's Key Initiatives page:
Ministry of Justice Key Inititiatives: Privacy
There is ongoing work to make it easier for New Zealand agencies to disclose information overseas under the new Act by prescribing countries that have privacy law with comparable safeguards.
New Zealand is currently a 'European Union adequate' country, which means that personal information can be legally transferred to New Zealand from EU countries without further safeguards being necessary. Having adequacy status gives New Zealand businesses an advantage over countries that do not when competing for business from the EU. Our adequacy status is currently under review by the EU officials, and we have been working to provide information and answer questions about our privacy regime and data laws to inform whether we will retain EU adequacy status.
Additionally, some minor and technical changes to the Act may be progressed through the next Statues Amendment Bill.
Concepts of privacy and the policy issues surrounding it are evolving with technology and social attitudes. The new Act may still need to be updated to reflect future developments.