Right to privacy in New Zealand

From Wikipedia, the free encyclopedia

New Zealand is committed to the Universal Declaration of Human Rights and has ratified the International Covenant on Civil and Political Rights, both of which contain a right to privacy.[1] Privacy law in New Zealand is dealt with by statute and the common law. The Privacy Act 2020 addresses the collection, storage and handling of information. A general right to privacy has otherwise been created in the tort of privacy. Such a right was recognised in Hosking v Runting [2003] 3 NZLR 385, a case that dealt with publication of private facts. In the subsequent case C v Holland [2012] NZHC 2155 the Court recognised a right to privacy in the sense of seclusion or a right to be free from unwanted intrusion. For a useful summary see: court-recognises-intrusion-on-seclusion-privacy-tort-hugh-tomlinson-qc/


New Zealand Bill of Rights Act 1990[edit]

The New Zealand Bill of Rights Act 1990 (NZBORA) is based on the International Covenant on Civil and Political Rights,[2] however no express right to privacy is included in the Act. Despite the lack of an express right, privacy is the foundation for many of the rights contained within NZBORA, such as freedom from unreasonable search and seizure as protected by section 21.[3] The fact that a right to privacy is not included in NZBORA does not affect or invalidate it in any way.[4] It is suggested that privacy was not included in NZBORA due to its difficulty to define, and because the social environment at the time was not one in which it was appropriate to implement a right with vague and uncertain parameters.[5]

The NZ Privacy Commissioner from 2014-2021, John Edwards

Privacy Act 2020[edit]

New Zealand has a statute entitled the Privacy Act 2020 (which replaced the Privacy Act 1993). However, despite its declaration that it is an Act to promote and protect individual privacy, it in fact only covers information privacy. The Privacy Act was created to combat concerns about technological advances and their potential to be used to access private information, when this risk had been far less under manual data systems.[6]

The Act contains 13 Information Privacy Principles which govern the handling of private information by agencies. An 'agency' is widely defined as any person or body of persons, whether public or private, and whether corporate or unincorporated, with specified exceptions.[7] There are also numerous exceptions to the Information Privacy Principles, which can be found both within the principles and in other places within the Act.[8]

When an individual feels there has been a breach of the principles he or she can lodge a complaint with the Privacy Commissioner.[9] The Privacy Commissioner investigates the complaint and undertakes a process of conciliation rather than punishment.[10] If the complaint cannot be settled, it may be referred to the Human Rights Review Tribunal, which may or may not consider the situation anew, and it's quite likely that they won't consider a complaint at all (especially if the issue is related to debt). If the Tribunal finds there has been a breach, it may award a range of remedies including damages and restraining orders.[11]

The Privacy Act recognises that privacy is not an absolute concept and that there are other factors which need to be weighed to determine what the outcome should be. The Privacy Commissioner must always have regard to factors such as human rights, social interests, and international obligations and guidelines.[12] The Privacy Commissioner is able to make authorisations regarding the use of private information which would normally be contrary to the Act if he or she is satisfied that the public interest or benefit outweighs the interference with privacy.[13]

Broadcasting Act 1989[edit]

The Broadcasting Act 1989 requires broadcasters to maintain standards consistent with the privacy of the individual. The Act establishes the Broadcasting Standards Authority (BSA), which has the functions of receiving and deciding complaints against broadcasters, issuing opinions relating to ethical conduct and standards in broadcasting, and issuing codes of practice for broadcasters and encouraging compliance with them.[14] Privacy is consistently mentioned in the codes and standards of practice issues by the BSA.[15] While the Broadcasting Act does not provide any explanation of what constitutes a breach of privacy, the BSA has seven principles relating to alleged breaches of privacy.[16] In considering a complaint, the BSA can award a variety of remedies if it finds there has been a breach, but there is no ability to take a complaint to a court of law based on the standards contained within the Act.[17]

Common law[edit]

A general tort of invasion of privacy exists in New Zealand. The case which is accepted to be the first which found that a tort of privacy may exist was [1], in which the judge supported the introduction of such a tort into the law of New Zealand.[18] A few years later in Bradley v Wingnut Films, the judge accepted that a tort of privacy did exist in New Zealand law, but that it should be approached with caution as it was in the earlier stages of development.[19] The most crucial New Zealand High Court decision was that of P v D, where the court defined the elements of a tort of privacy as:[20]

  • The public disclosure of facts
  • The facts disclosed are of a private nature
  • The facts made public would be considered highly offensive to a reasonable person
  • There is insufficient legitimate public concern in having the facts made public.

The New Zealand Court of Appeal in a bare majority in Hosking v Runting accepted that there was a tort of privacy in New Zealand. The tort was affirmed as protection in this area was needed and the breach of confidence tort was not suitable to cover situations involving privacy.[21] The two requirements for the tort set out by the majority closely reflect those set out in P v D:

  • Existence of facts which were reasonably expected to be private
  • Publicity given to those facts which would be considered highly offensive by the objective and reasonable person.

In addition, privacy had to be weighed against the defence of legitimate public concern which encompasses the right to freedom of expression.[22]

The Supreme Court of New Zealand has in one case accepted that a tort of privacy exists for the purposes of a case before it, but had differing opinions about its requirements and application.[23] In Brooker v Police the court acknowledged the decision of Hosking but refrained from commenting.[24]

Security and intelligence[edit]

New Zealand’s intelligence and security agencies[edit]

Two government bodies are responsible for monitoring New Zealand's national security: the Government Communications Security Bureau (the 'GCSB') and the Security Intelligence Service (the 'SIS'). Prior to the introduction of the Intelligence and Security Act 2017, these bodies operated strictly independently of one another, and general mystery surrounded their exact functions and capabilities. Much of the confusion originated from the fact that the SIS and GCSB appeared to have differing objectives which meant that, if required, co-operation and coordination would likely be complex and convoluted.

For example, only the SIS could perform surveillance, or spy, on New Zealanders, as provided by the New Zealand Security Intelligence Service Act 1969. There were stipulations as to what 'spy-activities' were permitted, and as a pre-requisite, any proposed surveillance had to be relevant to "security" and its associated threats, such as instances of 'espionage, sabotage, subversion or terrorist attacks'.[25]

The 2013 surveillance landscape[edit]

In September 2012, Paul Neazor, the Inspector-General of Intelligence and Security advised John Key, the then New Zealand Prime Minister, of a situation which would later be called an "unlawful interception" of an individual known as Kim Dotcom by the GCSB.[26] Following a formal request from the United States' Federal Bureau of Investigation that Kim Dotcom be extradited to the United States, the GCSB spied on Mr Dotcom in order to assist the FBI's request.[26] However, as the GCSB did not have the legal authority to conduct surveillance, Justice Gilbert of the Court of Appeal, deemed unlawful.[27]

Following this widely publicised incident, GCSB Director Ian Fletcher and Chief Executive of the Department of the Prime Minister and Cabinet Andrew Kibblewhite initiated a review of compliance.[28] They assigned the then Cabinet Secretary Rebecca Kitteridge with undertaking the review to look into the "activities, systems and processes since 1 April 2003".[29] This date is significant as it was the date from which the Government Communications Security Bureau Act 2003 came into force.

Rebecca Kitteridge in 2015. She conducted a review of the GCSB's compliance with the law. She is also current Director of the NZ SIS.

The “Kitteridge Report” ultimately concluded that GCSB lacked the legal basis and authority to perform many of its intelligence acts – including the surveillance carried out on Kim Dotcom. The Kitteridge Report made a number of recommendations to ensure that the Government agency had the legal authority to do the activities necessary. All of the recommendations presented in the Kitteridge Report were accepted by the Government and GCSB which led to a number of legislative reforms. These included giving the GCSB the express capability to legally perform surveillance on New Zealanders when required by the SIS, the police or Defence forces.[30] At the time when these changes were introduced, with mounting public concern about New Zealanders' rights to privacy, the then Prime Minister John Key stated that the "new legislation does not add up to an expansion of the bureau’s powers".[30]

It is now permissible for GCSB to legally spy on New Zealanders as a result of the 2013 reforms.[25] In addition, the GCSB's role has expanded and it is now able to perform surveillance on "behalf of the SIS, the police or the Defence forces, or for the purposes of cyber security".[31]

The 2016 surveillance landscape[edit]

In August 2016 the then Prime Minister John Key announced that due to the threat of ISIS and global terrorism, the New Zealand Government would be introducing new legislation to provide further safeguards for New Zealanders.[32]

New Zealand's first Intelligence and Security Review was undertaken by Sir Michael Cullen and Dame Patsy Reddy, and looked at "the legislative framework governing the agencies and considered whether they were well placed to protect New Zealand’s current and future national security while protecting individual rights".[33] The review was completed at the end of February 2016, and its findings proposed that one Act be introduced to bring all of New Zealand's intelligence and security agencies together.[25]

Cullen and Reddy identified a number of issues in their report. One of the prominent issues identified was that the fragmented legislative landscape meant that it was difficult to bring the multiple agencies together when required. Because each intelligence and security agency operated under its own legislative framework, it was confusing for New Zealanders to understand which agency was responsible for what, and exactly what their lawful powers and capabilities were.

The reviewers concluded that a "single Act" was necessary to overcome these issues.[34] They commented that a single Act would:

"give a comprehensive and much clearer view of the agencies' functions and powers, and the checks and balances that apply to the operation of their powers … [and] would avoid inconsistencies and gaps between various statutes and enable a consistent set of fundamental principles to be applied to the agencies and their oversight".[35]

Understandably, drawing the two bodies together would make it easier for them to co-operate and work together when required. Another issue concerning to the reviewers was the lack of security protection available to New Zealanders under the prevailing legislation. The most recent piece of legislation dealing with intelligence and surveillance was enacted some 47 years ago, the New Zealand Security Intelligence Service Act 1969. Over the course of those years and the accompanying advances in technology, the need to overhaul the law has increased markedly. As terrorist groups continue to advance in their technological capabilities, the current legislation was quickly becoming out-dated and unsuitable for present day society.

The Intelligence and Security Act 2017[edit]

The purpose of the Intelligence and Security Act 2017 was to bring clarity and cohesion to the GCSB and SIS, the two agencies in New Zealand responsible for monitoring the country's security and intelligence.

The Act was "a direct response to the report of the First Independent Review of Intelligence and Security in New Zealand: Intelligence and Security in a Free Society, and it replaces the four Acts that applied to the GCSB, the NZSIS, and their oversight bodies".[36]

Given the importance of this proposed legislation, when public submissions for the Bill were called for, 92 were received by the Select Committee. These included submissions made by the New Zealand Law Society,[37] the New Zealand Human Rights Commissioner,[38] and the Privacy Commissioner[39] and many of their recommendations were similar in nature expressing concern over the words used to draft the Bill making the powers of the bodies uncertain, and also the potential for ordinary New Zealanders' privacy rights to be breached.

Although the Act intended to give oversight and transparency to the New Zealand intelligence and security agencies, the Act was drafted in a manner that gave far-reaching powers to the GCSB and SIS to perform surveillance on New Zealand citizens and non-residents in ways that had previously been prohibited. The basis for doing so was that New Zealand's national security is at stake with the ever-present and increased risk of terrorism in today's society.[citation needed]

The new Act has extended the GCSB's capabilities to perform surveillance on New Zealanders, whereas previously, only the SIS was permitted do this. This extension of the GCSB's powers has the potential to have serious ramifications for all New Zealanders, as author and associate professor of law Stephen Penk notes, "surveillance of an individual may lead to a loss of privacy through an individual’s loss of control or autonomy when, typically, he or she is subjected to undesired monitoring of his or her functions, movements or communications"[40]

As per the recommendations made by Cullen and Reddy the new Act covers a number of points such as:

  • Bringing the GCSB and SIS together under a single Act for the purpose of achieving co-operation between the agencies.[34]
  • Clarifying the rules regarding monitoring, gathering, and storing of human intelligence.[34]
  • Making the SIS and the GCSB state-sector government departments, and therefore requiring them to comply with all regulations governing state-section government bodies.[34]

The Act's purpose was expressed in Section 3; which is to "protect New Zealand as a free, open, and democratic society".[34] This is achieved by:

a. Establishing intelligence and security agencies that will effectively contribute to –
  1. The protection of New Zealand’s national security;
  2. The international relations and well-being of New Zealand; and
  3. The economic well-being of New Zealand

b. Giving the intelligence and security agencies adequate and appropriate functions, powers, and duties;

c. Ensuring the functions of the agencies are performed –

  1. In accordance with New Zealand law and all human rights obligations recognised by New Zealand law;
  2. With integrity and professionalism; and
  3. In a manner that facilitates effective oversight;
d. Ensuring that the powers of the agencies are subject to institutional oversight and appropriate safeguards.

Part 2 of the Act "continues the SIS and the GCSB" but clarifies that they will remain two separate agencies with differences in capabilities and methods.[41] Although Part 2 makes note of these differences, they will continue to have shared objectives and functions under a "joint warranting" framework.[41]

In response to concerns that this proposed legislation interferes with New Zealanders' human rights, Part 2 provides a number of safeguards.[41] One such safeguard is expressed in sections 12 and 13 that "require that the agencies operate in accordance with New Zealand law and all human rights obligations, including when co-operating or sharing intelligence with foreign partners".[41] These sections were a direct recommendation of the Human Rights Commission to ensure that New Zealand complies with its international and domestic human rights obligations.[42]

Section 22 of the Act provided a further safeguard extending protection to "the right to engage in lawful advocacy, protest and dissent".[41] This is an important and long-standing human right that ought to be protected. The right to freedom of expression is enshrined in the New Zealand Bill of Rights Act 1990, with section 14 stating that "everyone has the right to freedom of expression, including the freedom to seek, receive and impart information and opinions of any kind in any form". The right has also been expressed in many other human rights instruments, such as Article 19 of the International Covenant on Civil and Political Rights, which also upholds this right. It is also reflected in the Universal Declaration of Human Rights: "Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers".[43]

Future directions[edit]

In dissenting judgments in the 2007 case Brooker v Police, two judges of the Supreme Court of New Zealand voiced their support for the strengthening of privacy rights in New Zealand. McGrath J outlined the international and domestic recognition of the right to privacy, concluded that privacy is close to matching the strength given to the right to freedom of expression, and used the privacy interests of an individual concerned in the case as the main reason for his conclusion and dissent. Thomas J explicitly stated his support for privacy to be given the status of a right, and reasoned his support by citing the NZBORA, international instruments, judicial decisions and social attitudes.[44]

In August 2011, the New Zealand Law Commission released the fourth and final part to a detailed inquiry into the state of New Zealand's privacy laws. The four parts discuss the concept of privacy, public registers, the invasion of privacy in both civil and criminal contexts, and the Privacy Act 1993.[45] The Commission recommends a range of changes be made to the law, such as the creation of a Do Not Call register and better protection of online information. Some of these recommendations are currently tabled before Parliament, while others are currently awaiting a response from the government.[46]

In March 2018, Minister of Justice Andrew Little introduced the Privacy Bill to amend the Privacy Act 1993. The Bill will repeal and replace the current Act and make various changes, including strengthening powers for the Privacy Commissioner, introducing mandatory reporting of privacy breaches, creating new offences and increasing fines.[47][48]

See also[edit]


  1. ^ Universal Declaration of Human Rights, Art 12; International Covenant on Civil and Political Rights, Art 17.
  2. ^ New Zealand Bill of Rights Act 1990, long title.
  3. ^ New Zealand Bill of Rights Act, s 21; Steven Penk and Rosemary Tobin, Privacy Law in New Zealand at 18.
  4. ^ New Zealand Bill of Rights Act 1990, s 28.
  5. ^ Hosking v. Runting [2005] 2 NZLR 1 at [92]-[94].
  6. ^ Steven Penk and Rosemary Tobin Privacy Law in New Zealand at 50-51.
  7. ^ "Information privacy principles and codes of practice". Parliamentary Counsel Office. Retrieved 12 February 2022.
  8. ^ See Privacy Act 2020, s 22, principles 2 and 3, and ss 45-57 as examples.
  9. ^ "Privacy Act 2020 No 31 (As at 28 October 2021), Public Act 114 Agency to notify Commissioner of notifiable privacy breach – New Zealand Legislation".
  10. ^ "Privacy Act 2020 No 31 (As at 28 October 2021), Public Act 123 Compliance notices – New Zealand Legislation".
  11. ^ "Privacy Act 2020 No 31 (As at 28 October 2021), Public Act 134 Application of Human Rights Act 1993 – New Zealand Legislation".
  12. ^ "Privacy Act 2020 No 31 (As at 28 October 2021), Public Act 21 Commissioner to have regard to certain matters – New Zealand Legislation".
  13. ^ "Privacy Act 2020 No 31 (As at 28 October 2021), Public Act 30 Commissioner may authorise collection, use, storage, or disclosure of personal information otherwise in breach of IPP 2 or IPPs 9 to 12 – New Zealand Legislation".
  14. ^ Broadcasting Act 1989, ss 4(1)(c) and 20-21.
  15. ^ Steven Penk and Rosemary Tobin Privacy Law in New Zealand at 206.
  16. ^ Hosking v Runting [2005] 1 NZLR 1 at [104]-[105].
  17. ^ Broadcasting Act 1989, s 13.
  18. ^ Tucker v News Media Ownership [1986] NZHC 216; [1986] 2 NZLR 716 at 731-733
  19. ^ Bradley v Wingnut Films [1993] 1 NZLR 415 at 423.
  20. ^ P v D [2000] 2 NZLR 591 at [34]
  21. ^ Hosking v Runting [2005] 1 NZLR 1 at [45]-[49] and [108]-[116].
  22. ^ Hosking v Runting [2005] 1 NZLR 1 at [117], and [129]-[130].
  23. ^ Rogers v Television New Zealand [2007] 1 NZSC 91; [2008] 2 NZLR 277 at [23]-[26], [98]-[99], and [144]-[145].
  24. ^ Brooker v Police [2007] NZSC 30; [2007] 2 NZLR 91 at [40] and [122]
  25. ^ a b c "Cross-Examination: Changing How New Zealand's Intelligence Agencies Operate – Insightful or Irrational?". Equal Justice Project. Retrieved 20 August 2019.
  26. ^ a b "GCSB used 'unlawful interception' in Dotcom case". RNZ. 24 September 2012. Retrieved 20 August 2019.
  27. ^ The New Zealand Herald "Judge: Dotcom spied on two months longer than previously admitted" (21 July 2017) http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11893618e[dead link]
  28. ^ "Review of Compliance at the Government Communications Security Bureau" (PDF). www.gcsb.govt.nz. Retrieved 27 November 2019.
  29. ^ "Review of compliance". www.gcsb.govt.nz. Retrieved 20 August 2019.
  30. ^ a b Andrea Vance “Demystifying the GCSB bill: Spies and lies” (20 August 2013)
  31. ^ Vance, Andrea (20 August 2013). "Demystifying the GCSB bill: Spies and lies". Stuff. Retrieved 3 October 2018.
  32. ^ "Potential terror threat sparks likely law change". Otago Daily Times Online News. 15 August 2016. Retrieved 20 August 2019.
  33. ^ "Intelligence and security review to commence in June". The Beehive. Retrieved 20 August 2019.
  34. ^ a b c d e "New Zealand Intelligence and Security Bill" (PDF). Retrieved 27 November 2019.
  35. ^ "Intelligence and Security in a Free Society". Retrieved 27 November 2019.
  36. ^ "New Zealand Intelligence and Security Bill - New Zealand Parliament". www.parliament.nz. Retrieved 20 August 2019.
  37. ^ "New Zealand Law Society - New Zealand Parliament". www.parliament.nz. Retrieved 20 August 2019.
  38. ^ "New Zealand Human Rights Commission Supp 1 - New Zealand Parliament". www.parliament.nz. Retrieved 20 August 2019.
  39. ^ "Privacy Commissioner - New Zealand Parliament". www.parliament.nz. Retrieved 20 August 2019.
  40. ^ S Penk & R Tobin Privacy Law in New Zealand (2nd ed, Thomson Reuters, Wellington, 2016) at 439
  41. ^ a b c d e "New Zealand Intelligence and Security Bill: Initial briefing to foreign affairs, defence and trade committee". Retrieved 27 November 2019.
  42. ^ "Submission to the Foreign Affairs, Defence and Trade Committee on the New Zealand Intelligence and Security Bill" (PDF). Retrieved 27 November 2019.
  43. ^ Universal Declaration of Human Rights, Art 19
  44. ^ Brooker v Police [2007] NZSC 30; [2007] 2 NZLR 91 at [122]-[129] and [136]-[148] per McGrath J dissenting and [164] and [213]-[229] per Thomas J dissenting
  45. ^ Law Commission A Conceptual Approach to Privacy (MP19, 2007); Law Commission Public Registers: Review of the Law of Privacy Stage 2 (R101, 2008); Law Commission Invasion of Privacy: Penalties and Remedies: Review of the Law of Privacy Stage 3 (R113, 2010); Law Commission Review of the Privacy Act 1993: Review of the Law of Privacy Stage 4 Part 1 (NZLC R123, 2011); Law Commission Review of the Privacy Act 1993: Review of the Law of Privacy Stage 4 Part 2 (NZLC R123, 2011)
  46. ^ Law Commission “Review of Privacy” (2011)
  47. ^ "Privacy law reform". www.privacy.org.nz. Retrieved 3 January 2019.
  48. ^ "Privacy Bill - New Zealand Parliament". www.parliament.nz. Retrieved 3 January 2019.

External links[edit]