Privacy & Information Security Law Blog

On September 2, 2010, police in New Zealand issued a statement to confirm that there was no evidence Google committed a criminal offense in relation to the data it collected from unsecured WiFi networks during the Street View photography capture exercise.  The case has now been referred back to the New Zealand Privacy Commissioner.  A spokesperson from the New Zealand police force took the opportunity to underline the need for Internet users to make sure that security measures are properly implemented when using WiFi connections in order to prevent their information from being improperly accessed.

As we previously reported, the UK Information Commissioner’s Office released a statement including similar findings following its investigation of data collected by Google Street View.  A coalition of states in the U.S. and the French data protection authority (the “CNIL”) have launched investigations into Street View data collection practices as well.  On August 20, 2010, the CNIL indicated that it considers Google’s plans to recommence Street View data collection in France premature in light of the ongoing investigation.

* * *

Meanwhile, on August 26, 2010, the New Zealand Parliament passed the Privacy (Cross-border Information) Amendment Bill.  “Until now, the Privacy Act 1993 has been silent on cross-border enforcement of privacy laws,” said New Zealand Justice Minister Simon Power.  “This law changes that, and allows businesses to assure their international partners that their customers’ personal information will be protected by the full force of the law.”

As first reported in BNA’s Privacy Law Watch, New Zealand’s Privacy Commissioner, Marie Shroff, anticipates that the passing of the bill will clear the way for an EU adequacy finding.  Under EU Data Protection Directive 95/46/EC, the European Commission maintains a list of countries that have data protection laws that the Commission deems adequate for personal data exports.

“This amendment is important for two principal reasons: first, for international trade, and second, for effective consumer protection in a global digital economy,” said Commissioner Shroff.  “For trading reasons the amendment is needed to satisfy the expectations of a major trading bloc, the European Union, so that European businesses can freely send data to New Zealand for processing.  This can give New Zealand businesses a competitive edge internationally.  An EU adequacy finding is also likely to satisfy data export requirements of other countries.  I believe New Zealand businesses are already losing some trading opportunities through a gap in our privacy laws.  This change will allow New Zealand to compete on a secure basis for international data business.  The second benefit is consumer protection and redress in a global economy.”

The countries the European Commission currently deems adequate for data transfer purposes are Canada, Argentina, Switzerland, Guernsey, Jersey and the Isle of Man.  In addition, adequacy applications from Israel and Andorra are under review.