Source: Privacy Commissioner
The European Commission has determined that New Zealand has an adequate level of protection for personal data transferred from the European Union. Essentially ‘adequacy’ says that our legislation isn’t the same as Europe’s, but its outcomes are similar and can be trusted. Read about how the EU determines if a non-EU country has an adequate level of data protection.
Adequacy means that New Zealand is seen as a good place for the world to do business; we have strong privacy protections in our legislation and are an empowered regulator.
It’s good news for trade and ease-of-doing business in the digital age and helps ensure smooth cross-border data transfer.
Why is it important?
Only a small number of countries have achieved EU adequacy status, and this recognition is important for New Zealand in a global business environment. This recognition gives New Zealand has a competitive trade advantage because the EU has formally recognised that our privacy law meets current EU standards. This EU adequacy status allows the unrestricted transfer of European data for processing.
Privacy regulation supports the digital economy, with the Privacy Act being the only statute that requires data security safeguards to be in place; that underpins our relationships with key trading partners, which is crucial for any global operator.
An example of that is New Zealand’s $400 million video and computer games sector, which is enabled by good data protection standards.
How is it monitored?
The Privacy Commissioner and European Commission officials have an agreement for our office to provide six monthly update reports as part of the EU’s ongoing monitoring of our adequacy status.
Media release: NZ is adequate and we couldn’t be happier (January 2024)
Extra for experts: Report on the first review of the functioning of the adequacy decisions adopted pursuant to Article 25(6) of Directive 95/46/EC.