Your Cart

ABLI-FPF Convergences Series - Status of Consent for Processing Personal Data (New Zealand report)

On Sale
SGD0.00
Free Download
Added to cart
ABLI-FPF Convergences Series - Status of Consent for Processing Personal Data (New Zealand report)

Author: Dominic Paulger, Policy Manager (APAC), Future of Privacy Forum

Asian Business Law Institute and Future of Privacy Forum

June 2022

This report provides a detailed overview of relevant laws and regulations in New Zealand on
  • notice and consent requirements for processing personal data;
  • alternative legal bases for processing personal data which permit processing of personal data without consent if the data controller undertakes a risk impact assessment (e.g., legitimate interests); and
  • statutory bases for processing personal data without consent and exceptions or derogations from consent requirements in laws and regulations.
Table of Contents 

1. INTRODUCTION 

2. ROLE OF THE PRIVACY COMMISSIONER 
    2.1 Health Information Privacy Code 2020 (“HIPC”)

    2.2. Credit Reporting Privacy Code 2020 (“CRPC”)

3. CONSENT AND PRIVACY SELF-MANAGEMENT IN THE PRIVACY ACT 2020

4. CONDITIONS FOR CONSENT

    4.1. Definition and forms of consent

    4.2. Withdrawal of consent

    4.3. Bundled consent

5. CONSENT FOR SPECIAL CATEGORIES OR USES OF DATA

    5.1. Children

6. CONSENT FOR CROSS-BORDER DATA TRANSFERS 

7. TRANSPARENCY AND NOTICE   

8. SANCTIONS AND ENFORCEMENT

    8.1. Case Note 2976 [1996] NZ PrivCmr 1

    8.2. Case Note 19740 [2002] NZ PrivCmr 5

    8.3. L v J [1999] NZCRT 9

    8.4. L v L [2001] NZCRT 15

    8.5. Lehmann v CanWest Radioworks Ltd [2006] NZHRRT 35

    8.6. Powell v Accident Compensation Corporation [2014] NZACC 89

9. COLLECTING, USING, AND DISCLOSING DATA WITHOUT CONSENT SUBJECT TO A RISK IMPACT ASSESSMENT

    9.1. Impact assessments

10. COLLECTING, USING, AND DISCLOSING DATA WITHOUT CONSENT IN OTHER CIRCUMSTANCES DEFINED BY LAW

       10.1. Collecting PI from a third party

       10.2. Using PI for a secondary purpose

       10.3. Disclosing PI

       10.4. Exemptions to the Act

       10.5. Collecting, using, or disclosing PI where obtaining consent is impractical, impossible, inappropriate, and/or would require disproportionate effort

       10.6. Necessity for performance of a contract between the individual and controller

       10.7. Necessity for a research purpose

       10.8. Necessity for carrying out a task in the public interest

       10.9. Necessity for law enforcement, defense, or national security

       10.10.Necessity for vital interests of the individual, a health emergency, etc.

       10.11. Necessity for compliance with a legal obligation

       10.12.Necessity for prevention, detection, mitigation, and investigation of fraud, security breach, or other prohibited/illegal activities in high-risk scenarios

       10.13.Rule of interpretation

       10.14.COVID-19

You will get a PDF (3MB) file
No products found