Gehan Gunasekara: European confidence in our privacy laws encouraging

Finance Minister Bill English. Photo / Mark Mitchell

Finance Minister Bill English recently ruffled feathers across the Ditch when he suggested that New Zealand was out to beat Australia in business, not work with it as a partner.

Specifically, he said that our regulations and laws were superior to Australia's, especially where the business environment is concerned. But can this be supported objectively?

This month, the Article 29 Data Protection Working Party (an independent body of experts set up to advise the European Union) released its official opinion on the level of protection of personal data in New Zealand.

It found that this country ensures an adequate level of protection under its laws for information about individuals, including personal information sent here from European Union countries. It is also significant that Australia had been found not to ensure adequate protection under its laws.

The ruling is not one to be scoffed at. Apart from the fact our privacy laws have been given a prominent tick of approval by an independent overseas panel, stringent European Union laws prohibit the sending of personal information from within its borders to other countries that lack adequate levels of protection for the information.

The Privacy Act 1993 and other laws in New Zealand, together with the existence of the office of Privacy Commissioner and a specialist tribunal for determining privacy complaints all but guaranteed the result. Formal adoption of the opinion by the European Commission is a near certainty.

This means New Zealand is likely to join a select group of countries outside the European Union itself that have been officially sanctioned to receive data transfers from European nations.

These include some South American nations (such as Argentina), Hong Kong, Israel and the United States (the latter due to its bargaining position was able to negotiate a special "safe harbour" scheme for its companies that trade with Europe, provided certain safeguards are met).

The implications in economic terms are obvious. In an age of outsourcing and service-oriented business (such as "follow the sun" business models) any restriction on New Zealand firms handling personal information originating in Europe could have been disastrous for a small economy such as ours.

In addition, since European privacy laws are seen as setting the gold standard for privacy protection globally, the working party's endorsement gives New Zealand a marketing advantage businesses can capitalise on.

The uptake of electronic commerce is also largely dependent on consumer confidence that firms will maintain the privacy of client information and protect it against identity thieves and the like.

Increasingly, privacy authorities worldwide are acting co-operatively in order to monitor and, where necessary, bring to heel multinational companies that are found to be infringing personal privacy. Even global giants such as Google and Facebook have been caught out and forced to give undertakings to comply.

To be sure, the working party did see some areas where New Zealand could do better.

If the opinion can be compared to an NCEA format we might be said to have "achieved" the standard, perhaps with merit but certainly not with excellence.

Areas of concern included inadequate safeguards where personal information is sent from New Zealand to other countries where protection may be lacking and the still self-regulated area of direct marketing where "do not call" registers bind only members of the association and where an "opt-out" model applies instead of the more stringent "opt-in" model favoured in Europe.

Undoubtedly, privacy laws form only a small part of the total regulatory scheme. In other areas - such as laws protecting franchisees and small businesses against bullying tactics by larger entities - this country's business laws may indeed fall far short of Australia's.

However, for the time being we might take some comfort from the European Union's opinion on our privacy laws.