Foreign Laws Won't Work for New Zealand Data Protection Compliance, Watchdog Warns
New Zealand agencies must comply with New Zealand data protection laws, not those from overseas, Privacy Commissioner Michael Webster said in a statement Friday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Webster said his office is seeing "more examples of businesses using privacy policies and privacy statements that are based on overseas rules and regulations, instead of New Zealand law."
Some of those statements are based on the EU General Data Protection Regulation, he said. One company used a Texas law as the foundation for privacy policies for its New Zealand-based business, he said.
Apparently, some New Zealand organizations are using AI and fill-in-the-blank templates to create privacy policies and statements to comply with the country's 2020 privacy law. This can lead to mistakes, the commissioner warned. For example, AI can omit information, refer to the wrong country or "even make up laws that don't exist."
Instead, he recommended using his office's privacy statement generator, which, he said, is quickly completed and includes all the core elements needed in a New Zealand privacy statement.