22 May 2018
EU and NZ Privacy Laws: a Global Community Perspective
European Union's General Data Protection Regulation (GDPR) law will start to be enforced in just a few days – 25th May 2018 – aiming at protecting its citizens’ privacy and prevent data breaches.
What does that mean for us? Let's try to figure it out, shall we.
First of all, we better set some records straight as, as usual, there has been a lot of smoke-and-mirrors type talk around the interwebs. I always imagine the interwebs being a chaotic, busy place where there’s millions of things happening all the time, and their opposites. Imagine New York, but on crack. Oh hmm… anyway, that’s beside the point.
So, what’s this GDPR? Essentially, it’s a law set to significantly strengthen a hefty amount of consumer’s rights. It will give the power back to the people, allowing them to force companies to reveal and/or delete any personal data held in their possession (the “right to be forgotten”). The EU has made a real effort to give this law heavy weaponry, with the maximum fine reaching either 20M € (yep, twenty million) or 4% of the company’s global turnover. Ouch.
While it’s clear that this move is a prompt response to Facebook’s latest shenanigans, it will have real effects on a worldwide scale, including New Zealand.
Any Kiwi businesses with a website and a database will potentially have to adjust and make sure the information stored is compliant with the EU law - and EU's definition of data is as broad and inclusive as it gets: anything that can be used to identify a person, directly or indirectly, from email addresses to IP addresses to medical information.
In practical terms, Kiwi businesses might still get away with not complying as we're an extra-European country, unless they work on a seriously worldwide scale already, like Air New Zealand and Xero.
More realistically though, we would find ourselves in a position of disadvantage and we'd be put in a shaming-spotlight if our Privacy Policies suddenly were not nearly as good as the ones enforced in the EU.
Interestingly enough, New Zealand government hasn’t been idle on this matter, and has been working for a while now on a new Privacy Bill, designed to replace the old one set in nostalgic 1993 – a time when the interwebs were made of FrontPage and DreamWaver and nobody really remembers what we were up to in terms of web content.
So, we’re good, right? Not exactly.
According to New Zealand's Privacy Commissioner, John Edwards, they’re working hard to make the law as tough as possible, giving Kiwis tools to challenge companies, and giving the whole country a better shield against cyber-crimes. He also points out how the local businesses compliance to the new Privacy Bill should keep the EU at bay for a long time. Which implies that our law is basically a puppy against privacy and security issues, whilst the GDPR is the real beast.
To sum it all up, GDPR initially set out to be a pain in the neck for a lot of New Zealand businesses, casting a nasty shadow over the current Ts&Cs and systems put in place.
Overall though, our government seems to be already reacting to the big EU move to fight, let’s be clear, mainly the tech titans of Silicon Valley & Co – and also acknowledging that it’s a very good chance for our tiny country to tailgate the European Union in this crusade for better privacy and security, providing an overall better service to its people, the communities, and businesses too in the long run.
Serena Cappellini