6 August 2015

In June 1991 I introduced to Parliament what was then the largest ever Member’s Bill in the history of our Parliament – the Information Privacy Bill, which, subsequently, through the Government’s almost identical Privacy of Information Bill a few weeks later morphed into what we now call the Privacy Act.

At the time I introduced my Bill I made the points that the ongoing questions it would raise would be whether its scope was too wide and the protections that it offered individuals against breaches of their privacy were too great. This was in an environment and time where protecting individual privacy was still a very new concept, and where the general assumption was that the onus should be on greater protection rather than less. And so, what emerged was a regime where the levels of privacy protection were very high.

Unfortunately, because of New Zealand’s extraordinary propensity to launch major legislative change in a vacuum, the high bar that was set for protecting personal privacy led to some downright silly interpretations of what constituted personal privacy, which have sadly tarnished the credibility of the Act in the some people’s eyes ever since. The Privacy Act was never intended to be about preventing parents from seeing their children’s exam results, or denying people basic information about family members in hospital, or any of the other ridiculous interpretations it became subject to.

Over the last 25 years, the need to protect personal privacy has become more critical than ever, as the march of technology has turned into a stampede. While information sharing between government agencies makes sense and ought, with proper safeguards, to be utilised as appropriate in the beneficial interest of citizens, there are two important conditions that must be inviolate at all times.

The first relates to the insidious “nothing to hide, nothing to fear” mentality some have touted as the yardstick to be applied. This is as obnoxious as it is fundamentally wrong. All citizens have an absolute right to the protection of their privacy, and it cannot be qualified in this or any similar way.

The second is to respect the primacy of one’s right to protect personal information. I become wary when I hear talk of privacy law being modified because the focus on individual privacy is but one aspect, which often gets in the way of the “greater good” of effective information sharing programmes. We have heard such comment this week in the context of the approach being considered to curb the scourge of domestic violence.

While technology and information sharing/data matching offers so many possibilities not available in 1991 and there can be many beneficial outcomes for citizens to flow from that, a citizen’s right to privacy is still paramount, and the expectation it will be safeguarded is justifiably very strong.

Weakening the Privacy Act in the interests of wider social policy objectives is not acceptable, in the same way that weakening the Resource Management Act in the interest of economic development is not acceptable. However well intended and sincerely meant, such compromises are not in the wider public interest and need to be resisted.