The future of privacy law in the Information Age: Justice Minister
The Government is re-thinking New Zealand's privacy laws in response to the "data explosion" that has characterised the start of the 21st century, said Justice Minister Amy Adams in opening the Wellington Privacy Forum last week.
Reforms will include a move toward better information sharing between public agencies as well as modernisation of the Privacy Act, Ms Adams said, announcing her intention to introduce a new Privacy Bill by 2017, following consultations on an "exposure draft" before the end of this year.
"We live in the age of information", Ms Adams told a delegation of about 200 people attending the Office of the Privacy Commissioner-organised event to mark Privacy Week 2016.
"We are creating and disseminating information like never before."
Often that information is created and spread due to an individual's deliberate act, but personal data is also captured and disseminated "as a consequence of [the] unprecedented collection and analysis of the way we live our lives", Ms Adams said.
While posing challenges, this increasingly commonplace feature of the information age – the mass-scale collection, storage and analysis of digital data – also presents "enormous opportunities across both the private and public sectors to better design and provide our services in a way that is more cost effective and better targeted".
"My goal is to have a government that appropriately uses information in an effective and timely manner for the benefit of New Zealanders – but also where we have the necessary infrastructure and penalties to act swiftly if a person's privacy is unfairly infringed," Ms Adams said.
Additionally, under any well-balanced privacy framework, the public must be kept well informed about which of their collected information "is likely to be used, by whom, and for what purposes".
"And what rights they have to control or limit its use and in what circumstances.
"Our privacy framework works best when New Zealanders trust and support it."
It's necessary that the "essence and importance" of the Privacy Act is understood and valued by New Zealanders, lest the "gravitas of the law" be demeaned.
"When the public start seeing the law as a mindless bureaucracy that is more often than not just a barrier to sensible outcomes, we're all worse off as a result."
Illustrating the "data explosion"
- In 2015, 2.4 billion people were online.
- Google alone had 3.5 billion searches per day.
- In 2016, global internet traffic will surpass 1 zettabyte (or 1 billion terabytes) for the first time.
- By 2020, there will be over 50 billion connected devices in the world – all with the capacity to collect and share personal data.
"Historically, only a tiny fraction of the data created globally has been explored for its analytical value," Ms Adams said.
"This is changing. Recent technological advances in the collection, storage and analysis of large, unstructured datasets means enterprises, governments, and other agencies are powering up their investments in Big Data to convert massive datasets into valuable information and insight.
"Big Data holds the promise of delivering better quality, customised products and services to New Zealanders. To deliver on that promise, however, we need to mindful of our citizens' expectations about the protection of their privacy.
"This age of Big Data means we need to continuously adjust our privacy and data security protections to keep pace with technological developments.
"This is not just the government's responsibility. It extends to every enterprise and agency that holds and uses personal data."
Importantly, this includes lawyers and law firm employees.
"For our system to have any effective basis, we need to be deal with breaches of privacy swiftly and effectively.
"We need to ensure we have the mechanisms and infrastructure to guard against inappropriate use and to respond swiftly and appropriately where a person's privacy has been infringed.
Privacy reforms "will incentivise private entities and public sector agencies to value early identification and prevention of privacy risks that could cause harm". The new law would include "stronger powers for the Privacy Commissioner, mandatory reporting of breaches, new offences and increased fines".
"With significant information held offshore by companies like Google and Facebook, new measures will also address privacy concerns about cross-border information flows."
Striking a better balance
"It's not as simple as saying all information is sacrosanct and that the less personal information is used, the better," Ms Adams said.
"I want to know what New Zealanders think about where this balance lies."
An example of how data is collected in ways entirely unforeseen by the drafters of the Privacy Act in the early 1990s is "Fitbits" – wearable activity tracking devices designed to monitor an individual's fitness. "They seem to have taken the world by storm. Admittedly even I'm a fan," Ms Adams said.
Reference to the type of physical data collected by Fitbits and similar devices could help the government target specific health and fitness programmes where the need is greatest.
"But, are we okay with that?"
"Is it time to focus less on how information about a person is obtained (such as whether it is provided, observed, derived or inferred), and instead to focus on how information is used and whether those uses benefit people and society, or cause harm?
"I'm interested in exploring what New Zealanders think about the potential to regulate the use of any previously anonymised data that has been accidentally or intentionally re-identified.
"I'm also interested to hear more about what is "private information" in the Facebook age.
- Is putting an email address in the cc field instead of the bcc field really a privacy breach when our phone numbers and addresses have been public for decades.
- Does posting a relationship status update alter the privacy protection that applies to use of that information?
- How do we explain to our children the very real, very viral and very permanent impact of posting photos and information on line?
- Who can use that information in the future and for what purpose?
"What we do know is that we can't look at today's and tomorrow's issues through a privacy lens created before most of our population was born without ensuring we continually re-calibrate society's view on some of these issues."
Better information sharing for public safety
There is general acknowledgement that the public sector needs to do better in its approach to information sharing, Ms Adams said.
"Privacy shouldn't trump public safety."
"The Privacy Commissioner has made it clear that he shares my frustration that initiatives to deliver better public services that involve sharing personal information are being held up because of misperceptions of the Privacy Act."
Ms Adams says she and the Privacy Commissioner John Edwards will "work together to focus on ensuring Government public protection agencies are sharing information for public safety purposes where that is justified under the law".
"We want broad agreement and understanding across the public service about what information can and should be shared and when for public protection purposes.
"The process of improving information sharing is being overseen by myself and State Services Minister Paula Bennett. We will be following progress closely and will keep well-informed of any barriers identified."
For Ms Adams' full speech to the Wellington Privacy Forum, click here.
Last updated on the 16th September 2019