Source: Privacy Commissioner
“My thanks to the Police Association for giving me the opportunity to address your annual conference on the subject of body-worn cameras and, in particular, the privacy implications of the use of this technology.
I am of course aware that the Police Commissioner has tasked senior staff with exploring options over the next twelve months for equipping frontline officers with cameras, and that he has said that there are a range of legal, privacy, and operational issues that need to be addressed as part of that work.
My Office will be involved in that work, so, today, in discussing the use of body-worn cameras by Police, I will necessarily keep my remarks at the broader level of privacy principles and policies that need to be carefully worked through before moving to implement such a significant initiative.
Just to note, I’m not here today to give legal advice, and not here to formally sign off on the use of body-worn cameras by the Police.
Context
But before I do share some thoughts around the use of cameras, I want to place the use of this technology within the broader context of the state of privacy in New Zealand.”
In doing that, I want to emphasise that my Office’s purpose is ensuring that privacy is a core focus for organisations, in order to:
- protect the privacy of individuals
- enable agencies to achieve their own objectives, and
- safeguard a free and democratic society.
It’s fair to say that when I talk about what I see as the sometimes-precarious state of privacy in New Zealand, and express concerns about the various risks to privacy, people often say to me “well, you would say that, wouldn’t you; you’re the Privacy Commissioner!” … apparently, I’m sort of like the technology fun police!
So, given that, I do want to share with you all some survey results from my Office’s 2025 Privacy Survey.
Remember, it’s not what I think; it’s what people out there – the citizens of New Zealand – are thinking.
A few highlights from the survey results:
- 47% of those surveyed are concerned about their individual privacy and the protection of their personal information
- 67% are concerned about the privacy of children
- 62% are concerned about government agencies or businesses using AI to make decisions about them, using their personal information
- 65% are willing to see an increased use of privacy intrusive technology if it reduces theft
- 64% are willing to see an increased use of privacy intrusive technology if it increases personal safety
- 77% think the Privacy Commissioner should have the power to ask a Court to issue a large fine for a serious privacy breach that an agency had caused either intentionally or due to negligence
- 77% think the Privacy Commissioner should have the power to audit the privacy practices of a business or government agency and
- 82% agree they want more control and choice over the collection and use of their personal information.
As with me, I am sure these results prompt a number of questions in your minds, includin
- How can organisations lift their games in terms of providing assurance to kiwis that their right to privacy is being taken seriously?
- How damaging could a personal information privacy breach be, in terms of lost trust and confidence – and given that, are organisations doing enough to avoid – or at least respond well to – a privacy breach?
- How can we best balance public good goals around things like public safety, and privacy?
- And, how does this play into the increasing amount of discussion in privacy circles and elsewhere around the concept of social licence?
Social licence has been defined as “a community’s perception of acceptability of a business or organisation, and its operations.”
You might have the legal right and might to do something, but have you got widespread community buy-in?
So, for example, if we are thinking about the use of body-worn cameras, the path of social licence might move through what some authors on social licence have seen as a series of boundaries:
- from acceptance – yes, as a citizen, I agree you have the ability to use body-worn cameras;
- to approval – over time you’ve demonstrated to me that you’re credible in how you are using body-worn cameras in a privacy protective manner;
- to identification – I trust you, and your use of body-worn cameras is good for me and good for you.
As you would expect, building and maintaining this social licence requires significant effort.
Our recent interactions with Police
I’m conscious that my Office has, in relatively recent times, had a number of interactions with the Police and, more broadly, in relation to law and order policy and responses to retail crime.
Examples include:
I thought it might be useful to remind everyone of some of the key positions my Office has taken in relation to those matters that involved the collection of personal information – not least, because when it comes to body-worn cameras, we are of course talking about the collection of personal information.
In summary:
- When Police are photographing people, they can do so when either there is a specific statutory authorisation or there is full compliance with the information privacy principles.
- When turning their minds to their reasons for collection of personal information using photography, officers must be able to connect this to a policing function or purpose.
- The combined effect of the Privacy Act and Bill of Rights Act ensures that there are effective safeguards to limit indiscriminate collection and retention of information, or the inappropriate surveillance of individuals or particular groups.
- While individuals can be observed in public places, they do not automatically waive all their privacy rights; the right to privacy includes the right to be left alone by state agencies unless there is a reasonable justification for the public surveillance.
- The act of recording people in public places, for ongoing use and retention in databases, can have a potential chilling effect on people’s civil and political rights.
- The principles of proportionality and necessity, which are fundamental to the social licence of our democratic institutions, are critically important.
- Any risk of indiscriminate collection would be highly concerning; there must be a threshold that means collected information is of reasonable relevance to a policing function.
The Privacy Act and body-worn cameras
Let’s turn now to the privacy regulatory framework operating here in New Zealand, and what it might mean for the use of body-worn cameras.
The Privacy Act is concerned with personal information.
Personal information is any information that tells us something about a specific identifiable person.
All sorts of things can contain personal information, including notes, emails, photos and scans and, of course, audio and visual recordings.
The 13 Information Privacy Principles – or IPPs – are at the heart of the Privacy Act.
They establish the obligations and safeguards for collecting, using, and sharing personal information.
Key concepts within the IPPs include agencies being required to have a lawful purpose to collect personal information, to store the information with security safeguards and only as long as necessary, and use and disclose the information for the purpose it was collected – albeit, with some exceptions.
Individuals are provided with protections relating to fairness and transparency, and rights to request access and correct personal information held by agencies.
Importantly, in today’s context, the IPPs are technology neutral and flexible enough to apply to a range of different contexts and to new technologies.
The public interest is integrated in the Privacy Act through exceptions to the IPPs, including through enabling the use and disclosure of information for law enforcement purposes.
The Privacy Act has been described as a “how to”, not a “don’t do”, regulatory framework.
At a broad level, then, what do organisations need to do to operate in a manner that is lawful when seen through the lens of the Privacy Act?
Organisations need to take reasonable steps to ensure individuals are aware of the fact that personal information is being collected, and how it will be used.
The information collected must be for a specific, legitimate purpose and you should be told what that purpose that is.
Organisations can generally only use your information for the reason they collected it.
Information won’t be shared, except in certain circumstances, which are outlined in the Privacy Act.
Organisations must have safeguards in place to keep your information secure and protect it from loss, misuse, or unauthorised access.
You can ask any organisation to provide the information they have about you.
You can ask any business or organisation to correct any information it holds about you that you think is wrong, incomplete, or misleading.
Body-worn cameras
So, given all this, what are the general principles and policies that are critical to an assessment of the use of body-worn cameras?
In answering this question, as with many initiatives, New Zealand has the ability to benefit not just from our own experiences of working within the Privacy Act framework, but also from the experiences of other countries whose police forces use body-worn cameras, and who operate them within their privacy frameworks.
At the outset, we should acknowledge that body-worn camera technology poses serious implications for individuals’ right to privacy.
Recording individuals’ actions and conversations is inherently privacy intrusive.
Addressing those privacy considerations can allow an appropriate balance to be achieved between the needs of law enforcement and the privacy rights of individuals.
An organisation thinking of using this sort of technology needs to identify its lawful basis for collecting personal information using the technology.
There must be a demonstrable operational need that a body-worn camera programme is designed to address.
The cameras should meet the test of being an effective solution to the operational needs that have been identified.
Any identified privacy intrusion must be minimised to the extent possible and offset by significant and definable benefits.
A comprehensive analysis would also include a consideration of whether any less-privacy intrusive measures would achieve the same objective.
At this point, can I do a shout out for Privacy Impact Assessments.
A privacy impact assessment or PIA is a tool used by organisations to help them identify and assess the privacy risks arising from their collection, use or handling of personal information.
A PIA will also propose ways to mitigate or minimise these risks.
A PIA can be particularly useful when an organisation is considering introducing a new policy or operating system, or when making changes to an existing process.
So, in the case of body-worn cameras, those preparing the PIA can work up a use case, or multiple use cases, for cameras, to enable themselves to work through the Privacy Act obligations.
Noting my earlier comments on social licence, I’m of the view that with something as significant as body-worn cameras, a PIA should also include a plan for consulting and engaging with the community on what is proposed.
A PIA might also introduce the idea of conducting a pilot or trial of the use of this technology.
And employee privacy should also be taken into account.
Transparency and openness are also key to building social licence.
This suggests that there should be reasonable efforts made to raise public awareness that officers are equipped with cameras, and that people’s actions and words may be recorded when they interact with, or are near, officers.
I know that the question of access to camera footage is a much-discussed topic, both here and overseas.
Any camera proposal will need to work through the relevant law – both the Privacy Act, and the Official Information Act.
Under the Privacy Act, people have a right to ask for access to their personal information.
In most cases people must be given their information, but sometimes there may be good reasons to refuse access.
One of the key issues which can be worked through in a PIA will be the question of continuous versus intermittent recording – whether the cameras should record continuously or whether officers should have the discretion or duty to turn them off and on, and under what circumstances.
My observation of overseas experience is that, from an accountability perspective, continuous recording may be preferable because it captures an unedited recording of an officer’s actions, and the officer cannot be accused of manipulating recordings for his or her own benefit.
However, from a privacy perspective, collecting less personal information is always the preferred option.
If it is decided, because of the identified purpose for the use of the technology, to proceed with an approach involving continuous recording, then what will be critical is policies and controls on retention and use to ensure proportionality, and to mitigate the impact on privacy – along with clear operational thresholds and discretion for officers to turn cameras off in some sensitive situations.
But, as I said earlier, these are the sorts of challenging issues that need to be fully explored in a PIA.
A PIA should also address the need to minimise, to the greatest extent possible, the recording of innocent bystanders, or innocuous interactions with the public.
I acknowledge that that won’t be possible all the time, and so setting and implementing limited and appropriate retention periods, and restricting access to recordings databases to a need-to-know basis, will help address privacy concerns.
On this access point, my Office has noticed that unauthorised employee browsing is increasingly becoming a source of privacy breaches – and I’m sure we’ve all seen stories about this in the media.
So, the issue of proper safeguards, retention, destruction and storage of camera recordings is one that also deserves careful consideration and investment – in both technical systems, and also in training and reinforcing an appropriate culture.
Overseas, steps to safeguard recordings include encrypting them and storing them on a secure server, restricting access to recordings on a need to know basis, having edit-proof video and audio, and implementing audit trails to provide assurance that recordings have not been modified or accessed inappropriately.
Returning to the theme of data minimisation, under the Privacy Act, an organisation must not keep personal information for longer than is required for the purposes for which the information may lawfully be used – in short, don’t keep personal information for longer than is necessary.
Indefinite retention is incompatible with the Privacy Act.
Setting and respecting access limits and retention periods will limit any opportunities for inappropriate disclosure or misuse of the information, including the potential for monitoring individuals without an authorised basis or good reason.
When a retention period is up, recordings need to be disposed of in a secure manner in accordance with agreed policies and law.
The governance of all this is of fundamental importance; as with all aspects of a body-worn camera system, there should be systems in place to ensure that safeguarding, retention and destruction policies are respected.
Use of body-worn cameras in New Zealand
So, what does this all mean for any proposed use of body-worn cameras in New Zealand?
The use of body-worn cameras is becoming an increasing feature of those who work in certain areas – we will be hearing about the Department of Corrections’ experience later – but people here may have seen them in use by council staff, by fisheries inspectors, and by bailiffs.
My Office has had a long-standing position on their use.
It is quite possible to use body-worn cameras within the Privacy Act regulatory framework.
I appreciate that there might be some operational difficulties or regulatory challenges to be overcome, but they can be successfully worked through.
As my earlier comments reinforce, it’s important that you define exactly what you are going to use the cameras for – and, therefore, how they will not be used.
Information Privacy Principle 1 in the Privacy Act is quite clear: you can only collect personal information if it is for a lawful purpose connected with a function or an activity of an agency, and the information is necessary for that purpose.
The purpose question is critical – this is not about untethered intelligence gathering or recording – and clearly defining the purpose for collection is an important step in minimising the unnecessary collection of personal information.
Once you are clear on your purpose, it will also be clear that to achieve this purpose there will be some personal information that you will not need to collect – such as private conversations between passing members of the public.
Organisations using body-worn cameras also need to think about how the wearer can retain some privacy – is the camera able to be turned off during breaks, or personal conversation?
My starting point would also be that the cameras should not be used to monitor the officer’s own performance or working hours, as there are less intrusive ways to achieve this.
Since the cameras will capture personal information about the wearers as well as the general public, both should be adequately notified about what information will be collected and what will be done with it.
Developing a user guide for officers will help ensure that they are aware when the camera needs to operate, and how to use the cameras appropriately.
I’m not going to run through every possible scenario now, but, for example, if an abusive situation arises, the guide might state that officer should tell people that they are being filmed and that the recording may be used as evidence.
Other matters to consider include how audio/visual material will be stored securely, and how long it will be retained.
How such material is used once captured will also need careful thought; for example, if images or audio are shared with the public for the purposes of identifying someone, other persons in the image should be obscured.
Some of these are matters or questions that come with significant resourcing implications – privacy issues are of course only some of the matters that will need to be considered.
Conclusion
As I wrap up my comments, I want to acknowledge something that is a day-to-day reality for the members of the Police Association: we all live in what has become an increasingly fractious and fractured world.
And it’s a world where personal data – including visual and audio data – has significant value – and that is seeing governments and businesses reach for solutions that have both known and unknown consequences for privacy.
At the same time, privacy regulators and human rights advocates are, in their own way, and under their own legislation, working to maintain our civil and political rights.
As we all go about our respective roles, let us all please remember that our ability as citizens to make our own decisions as to what we want to keep private – to exercise our own agency – gives us the space and freedom to exercise our other civil and political rights:
- the reasons behind why our voting is by secret ballot,
- what we decide to share about ourselves when seeking a rental property or a job,
- the views we express to only those we trust to share them with,
- the groups or causes we belong to,
- and so it goes on.
If our citizens lose their own agency over their personal information, they risk losing more than that.
The right to privacy, and living in a free and democratic society, are precious taonga.
It is for this reason that I am absolutely focused on the need to re-frame the language of privacy, and protecting and respecting personal information, in New Zealand.
We need to break what I call the false dichotomy narrative … that we live in a world of either/or … that you can either have public safety, or privacy … that you can either have law and order, or maintain a right to privacy … that you can either have technological innovation, or privacy … that you can either embrace AI within your organisation, or protect and respect personal information.
In the language we use … in addressing complex public policy problems … in developing new operational strategies, we need to own and communicate that it’s not an either/or – but that it’s an “and”, or a “while”.
It’s keeping people safe while protecting individuals’ privacy rights.
It’s implementing new technology, while giving people confidence it’s being done fairly and in a manner that protects and respects privacy.
It’s rolling out data collection initiatives and ensuring personal information is kept safe and secure.
It’s doing privacy well.
As discussions on initiatives like body-worn cameras progress, my Office will be focused on ensuring that New Zealanders can have trust and confidence in the way their personal information is collected, stored, used and shared … for the benefit of all.
