New Zealand Watchdog Pushes for Tougher Data Protection Law
New Zealand must revamp its data protection law to reflect the modern world, Privacy Commissioner Michael Webster said Monday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The Privacy Act, which turned 5 on Monday, doesn't provide "sufficient incentives for many organizations to understand or meet even the most basic privacy requirements," leading to record numbers of complaints and data breach notifications, Webster said. Australia's DPA has the power to impose multimillion-dollar fines for data protection breaches, but New Zealand has no civil penalty regime, he noted.
Citizens support the need for legislative reform, Webster said. A March 2025 survey found that three-quarters of respondents wanted his office to be able to audit agencies' privacy practices, issue small fines for privacy breaches and ask courts to issue large fines for serious violations.
Other things can be done to modernize the measure, the DPA said. He pointed to the people's right in the EU to have their data erased in certain conditions, something he said would reduce the harm arising from privacy breaches by limiting the amount of information an agency holds.
Webster also called for stronger protections against privacy risks arising from automated decision-making, along with rules requiring agencies to demonstrate how they're meeting their data protection requirements. "We need to keep up."