<i>Gehan Gunasekara:</i> Trojan horse at the doors of our privacy protection

COMMENT

The recent case of the New Zealand man who was unable to send money to an ill relative overseas because a similar name was on a terrorist blacklist is a timely warning to New Zealanders that their privacy cannot be taken for granted.

The existence of secret files on citizens and lists held by domestic and foreign agencies have the potential to affect all of us, as opposed to a few who we might consider a threat to New Zealand.

The money-transfer case involved a person conducting legitimate business with a corporation - Western Union through the agency of New Zealand Post.

Every time we transact business, multiple items of information about us as individuals are collected by both companies and Government agencies. Where does this information end up and how might it be used? These are the concerns of information privacy statutes, such as our Privacy Act.

A major focus of laws such as the Privacy Act is to prevent the existence and use of secret blacklists or databases, where individuals are unaware that information is being used and where they are unable to verify its accuracy.

This is a major concern with credit reporting, as well as with other applications, such as data-matching between Government agencies.

In New Zealand, the Privacy Act provides a bulwark against such concerns. The legislation applies to businesses and companies, as well as to the Government.

In essence, information cannot be collected without the purposes of collection and the intended recipients being notified at the point of collection.

While there are numerous exceptions, the role of the Privacy Commissioner is to monitor compliance with the act and its various codes of practice.

It is important to remember that New Zealand's first privacy law was enacted much earlier, in the 1970s, precisely because of worries over the Big Brother implications of use of law-enforcement information at the Wanganui Computer Centre.

Although the computer was being used by the police for legitimate security applications, it was felt necessary to institute a Privacy Commissioner to assuage citizen concerns over possible misuse.

Subsequent privacy concerns in the decades that followed have focused more on potential misuse of personal information by the private sector - ranging from credit information, health information and even the information collected daily on customer-loyalty cards about dietary or retail preferences - and the possibility of profiling. Hence the Privacy Act.

Since September 11, however, attempts have been made in other countries, if not yet in New Zealand, to reverse many of these advances. The all-pervasive fear of terrorism has been used as the Trojan horse to introduce security overrides to privacy protection.

Such attempts must be fiercely resisted here. The New Zealand experience has been that privacy safeguards are a necessary prerequisite for allowing the use of privacy-intrusive technologies, not that the use of such technologies - regardless of the purpose - should be exempted from having to comply with privacy rules.

Foreign companies which collect information about individuals here are no less subject to the Privacy Act than New Zealand ones.

The European Union, a trading block with considerably more muscle than New Zealand, has forbidden companies from doing business with countries where there is insufficient privacy protection. This led to a major dispute with the United States, but the Europeans have stood firm.

American companies have been mainly opposed to any attempts to restrict their ability to collect information about foreigners. Now, however, this dispute is likely to be sidelined by other more insidious attempts by the US Government to collect information about foreigners on security grounds.

It may be that through this back door they are able to collect pretty much any information they wish. Once personal information, particularly biometric information such as is now incorporated in passports, is held overseas, there is very little that New Zealanders can do to monitor how it is used.

We will have allowed the Trojan horse in, and who knows what it may contain.

* Gehan Gunasekara teaches commercial law and privacy law at Auckland University.

Herald Feature: Privacy

Related information and links