Prepared by Prepared by Saskia Kim, July 2006
with funding from the sponsors of the Ian Axford (New Zealand) Fellowships in Public Policy
Saskia Kim is Chief Counsel to the Senate Judiciary Committee of the California Legislature in Sacramento. She was previously a Principal Consultant to the Senate Office of Research and counsel to the Assembly Judiciary Committee. Saskia works with state legislators to develop public policy initiatives and draft statutes related to civil law matters, including privacy. She received her JD from Northeastern University and her BA from Vassar College.
During Saskia’s Ian Axford Fellowship exchange to New Zealand she was based at the Ministry of Justice and Office of the Privacy Commissioner in Wellington, where she researched how New Zealand and California treat privacy issues, with a focus on emerging technologies such as radio frequency identification (RFID).
New Zealand’s Privacy Act 1993 has been called the most comprehensive national privacy law outside of Europe, applying to the collection of personal information by both the public and private sectors. It is not the only model for privacy protection, however. Sectoral legislation, which specifically addresses a particular sector or problem, and self-regulation in which industry groups establish best-practice guidelines and self-police compliance are the two other principal approaches. New Zealand employs all three approaches while California relies on sectoral legislation and self-regulation. New uses of technologies can challenge the approaches. Whether technologies come within the scope of comprehensive laws, which tend to be broad and general, is often a question, and while sectoral laws can specifically target a problematic practice, if the practice or technology changes the statute may no longer apply.
The report utilises seven key criteria to evaluate the strengths and weaknesses of each approach using radio frequency identification (RFID) technology as a case study. It contains examples of current and future applications of RFID and discussion of the privacy issues raised by the technology. Threshold definitional questions concerning RFID are also addressed in relation to New Zealand’s Privacy Act. The analysis considers the privacy issues raised by RFID with respect to each criterion and discusses how each approach, in addressing those issues, furthers the goals of the criteria. The report draws conclusions and offers policy recommendations concerning whether existing statutory schemes are sufficient to protect privacy.
Download full report in PDF format: