Contents
Privacy and data protection is an evolving area of law as regulators try to keep up with fast-developing technologies, the rapid accumulation of data and increasingly sophisticated cyber-criminals.
It is important to stay on top of these developments. The risk for organisations getting it wrong can be very high – both when the organisation is a victim and when the organisation fails to maintain expected standards of confidentiality and data integrity.
In this edition of Data Points we summarise the latest New Zealand and international privacy and data protection news.
CONTENTS
New Zealand
Australia
Europe/International
NZ clears EU adequacy test
The European Commission has determined that the protection of personal data under New Zealand law is sufficient to allow personal information to continue to be transferred from the EU into New Zealand. The Privacy Commissioner is, however, seeking further amendment to the Privacy Act 2020 to future-proof the legislation.
Privacy Commission statement
Briefing to Incoming Minister - Privacy Act needs an update
The Office of the Privacy Commissioner has used its Briefing to the Incoming Minister to call for a number of amendments to the Privacy Act 2020 including introducing:
- a right to erasure;
- greater protections against automated decision making; and
- higher financial penalties for breaches (the maximum fine available in New Zealand is $10,000 compared to $50m in Australia).
Latest Kordia Cyber Security Report shows increasing global threat
The latest Kordia Cyber Security Report shows cyber risk continuing to increase. The 25-page analysis is based on an online survey of 219 business leaders between 2 October and 26 November 2023. Among the findings is that full response and recovery from a cyber event took more than a month in 46% of cases.
Kordia report
500,000 number plate scans a day in Auckland
The use of vehicle tracking systems in Auckland is now so widespread that about 500,000 scans are taken a day – either by traffic cameras or by residents parking enforcement. The data base can be accessed by the police.
Article
AI a source of concern in New Zealand
New research shows that New Zealanders are more concerned about the possible effects of AI than are excited by its potential. Privacy Commissioner
Statement
AirBnB to ban indoor security cameras worldwide from 30 April
AirBnB will ban the use of indoor security cameras from all AirBnB-listed guest premises worldwide from 30 April this year.
Article
TikTok pixel causing concern
A pixel used by TikTok, although legal, is causing privacy concerns in New Zealand and in Australia.
Article
Privacy Act and CCTV footage
A supermarket’s refusal for privacy reasons to allow a woman whose car was dinged in the customer carpark to look at the CCTV footage so that she could identify the perpetrator drew the Privacy Commissioner into a defence of the Privacy Act. He defended the decision but said the Act would have allowed access to the police or the woman’s insurance company acting on her behalf.
Privacy Commissioner article
Privacy Commissioner inquiry into Foodstuffs’ Facial Recognition Technology (FRT) trial
Foodstuffs has been trialling the use of FRT in its supermarkets since 8 February as part of its response to burgeoning retail crime. The Office of the Privacy Commissioner launched an inquiry into the trial on 4 April to ensure it is justified and is being conducted in a manner that complies with the Privacy Act 2020.
Privacy Commissioner statement
BREACHES
Textbook response from Te Whatu Ora
Te Whatu Ora offered a textbook response to the breach where an anti-vaxxer on staff released private information without authority.
Te Whatu Ora webpage
MediaWorks data hack
MediaWorks is investigating a data hack covering large numbers of people over several years. The hacker has offered the stolen data for sale on the dark web, with MediaWorks advising affected individuals not to pay if approached.
MediaWorks statement
Parliament affected by cyber-attack
The offices of Parliament – Parliamentary Service and Parliamentary Counsel - were victim to a China-linked cyberattack in 2021. Other countries, including the United States and the United Kingdom, have imposed sanctions against China in response to its alleged cyber activity.
Article
Official data confirms escalating cyber risk
The latest notifiable breaches report from the Australian Government, covering the second half of 2023, shows an increase over the previous six months of 19% in the number of reported incidents. A key trend was the increased incidence in multiple party breaches, arising from a cloud or software provider malfunction.
Press statement
EU AI Act almost there
The EU has reached provisional agreement on the EU AI Act, the first attempt globally to exert regulatory control over the use of AI technologies. The Act will become law once it has been formally adopted by the EE Parliament and the EU Council.
Article
TikTok under pressure in the US
The US House of Representatives has passed a Bill that would require TikTok’s Chinese owner to divest its US assets in TikTok within six months or have the app banned in the US market.
President Joe Biden says he will pass the law if it comes across his desk but it first has to make it through the Senate and the chances of that are not clear.
Article
BREACHES
Security vendor fined USD16.5m
Anti-virus vendor Avast has been fined USD16.5m for harvesting and on-selling consumer data without consent.
Article
Large bank fined €2.8m for privacy breach
The Italian data protection authority has fined Unicredit, Italy’s second largest bank, €2.8m for a breach case dating back to 2018.
Article