Privacy & Cybersecurity Law Blog

On December 19, 2012, the European Commission announced its formal recognition of personal data protection in New Zealand. The European Commission approved New Zealand’s status as a country that provides “adequate protection”  of personal data under the European Data Protection Directive 95/46/EC. This determination means that personal information from Europe may flow freely to New Zealand.  Although the law in New Zealand has been modernized over the years, it is not new.  New Zealand will be celebrating the 25th anniversary of its data protection law in 2013. Furthermore, New Zealand has been very active in the development of international standards at the OECD and APEC, and has participated in initiatives such as the Global Accountability Project. New Zealand’s request to be deemed adequate has been pending for several years. This determination follows the positive Opinion of the Article 29 Working Party issued on April 4, 2011, concerning the level of protection under New Zealand’s law.

Under the EU Data Protection Directive, transfers of personal data to countries outside of the European Economic Area that are not considered to provide an “adequate” level of data protection are subject to strict conditions. To date, the European Commission has recognized the adequacy of Andorra, Argentina, the Canadian Personal Information Protection and Electronic Documentation Act, Faeroe Islands, Guernsey, Israel, Jersey, the Isle of Man, Switzerland, Uruguay and the U.S. Department of Commerce Safe Harbor Privacy Principles.