Safeguarding Consumer Privacy in a Technological Era: A Comparison of
Privacy Protections in New Zealand and California
Prepared by Saskia Kim | July 2006 with funding from the sponsors
of the Ian Axford New Zealand Fellowships in Public Policy
Saskia Kim, a Principal Consultant to the
California State Senate Office of Research and previously counsel
to the Assembly Judiciary Committee, works with state legislators
to develop public policy initiatives and draft policy options related
to privacy. She has gained extensive experience in privacy law and
has significant responsibility for drafting statutory language.
During Kim's Ian Axford Fellowship in New Zealand, she was based
at the Ministry of Justice and Office of the Privacy Commissioner,
researching how New Zealand and California treat privacy issues,
with a focus on emerging technologies such as radio frequency identification
(RFID).
Abstract
New Zealand's Privacy Act 1993 has been called the most comprehensive
national privacy law outside of Europe, applying to the collection of
personal information by both the public and private sectors. It is not
the only model for privacy protection, however. Sectoral legislation,
which specifically addresses a particular sector or problem, and self-regulation
in which industry groups establish best-practice guidelines and self-police
compliance are the two other principal approaches. New Zealand employs
all three approaches while California relies on sectoral legislation and
self-regulation. New uses of technologies can challenge the approaches.
Whether technologies come within the scope of comprehensive laws, which
tend to be broad and general, is often a question, and while sectoral
laws can specifically target a problematic practice, if the practice or
technology changes the statute may no longer apply.
The report utilises seven key criteria to evaluate the strengths and
weaknesses of each approach using radio frequency identification (RFID)
technology as a case study. It contains examples of current and future
applications of RFID and discussion of the privacy issues raised by the
technology. Threshold definitional questions concerning RFID are also
addressed in relation to New Zealand's Privacy Act. The analysis considers
the privacy issues raised by RFID with respect to each criterion and discusses
how each approach, in addressing those issues, furthers the goals of the
criteria. The report draws conclusions and offers policy recommendations
concerning whether existing statutory schemes are sufficient to protect
privacy.
Table
of contents
Acknowledgments
Executive Summary
Introduction
Background on Privacy
Legal and Statutory Framework
Radio Frequency Identification (RFID): A Case Study
axford2006_kim.pdf (521kb)
