New Zealand

Explore local frameworks, guidance, and regulatory tools that shape how privacy is governed in Aotearoa New Zealand.

Laws:

• Privacy Act 2020
• Privacy Codes of Practice (secondary legislation)
• Customer and Product Data Act 2025
• Mapping Privacy Act 1993-> Privacy Act 2020

Case law:

• Human Rights Review Tribunal decisions (NZLII)
• Privacy Commissioner case notes
• Index of Tribunal’s decisions by institutions (MoJ)
• Damages awarded by the Tribunal
• Hosking v Runting [2004] NZCA 34 (a tort of privacy)
• C v Holland [2012] NZHC 2155 (a tort of intrusion into privacy)
• R v Alsford [2017] NZSC 42 (Privacy Act and unreasonable search and seizure)
• Te Pou Matakana v A-G (No 1) [2021] NZHC 2942 (Māori data)
• Te Pou Matakana v A-G (No 2) [2021] NZHC 3319 (Māori data)
• Tamiefuna v R – SC 51/2023 (watch this space)

Regulator:

• Office of the Privacy Commissioner

Frameworks:

• Data Protection and Use Policy
• Privacy Maturity Assessment Framework
• Algorithm Charter for Aotearoa New Zealand

Draft legislation:

• Biometric Privacy Code
• Privacy Amendment Bill

Guidance:

• Poupou Matatapu (privacy manaement guidance by the OPC)
• Information sharing (public sector)