Right to privacy in New Zealand

[5] It is suggested that privacy was not included in NZBORA due to its difficulty to define, and because the social environment at the time was not one in which it was appropriate to implement a right with vague and uncertain parameters.

The Privacy Act was created to combat concerns about technological advances and their potential to be used to access private information, when this risk had been far less under manual data systems.

[19] A few years later in Bradley v Wingnut Films, the judge accepted that a tort of privacy did exist in New Zealand law, but that it should be approached with caution as it was in the earlier stages of development.

Prior to the introduction of the Intelligence and Security Act 2017, these bodies operated strictly independently of one another, and general mystery surrounded their exact functions and capabilities.

Much of the confusion originated from the fact that the SIS and GCSB appeared to have differing objectives which meant that, if required, co-operation and coordination would likely be complex and convoluted.

There were stipulations as to what 'spy-activities' were permitted, and as a pre-requisite, any proposed surveillance had to be relevant to "security" and its associated threats, such as instances of 'espionage, sabotage, subversion or terrorist attacks'.

[26] In September 2012, Paul Neazor, the Inspector-General of Intelligence and Security advised John Key, the then New Zealand Prime Minister, of a situation which would later be called an "unlawful interception" of an individual known as Kim Dotcom by the GCSB.

[28] Following this widely publicised incident, GCSB Director Ian Fletcher and Chief Executive of the Department of the Prime Minister and Cabinet Andrew Kibblewhite initiated a review of compliance.

[29] They assigned the then Cabinet Secretary Rebecca Kitteridge with undertaking the review to look into the "activities, systems and processes since 1 April 2003".

The “Kitteridge Report” ultimately concluded that GCSB lacked the legal basis and authority to perform many of its intelligence acts – including the surveillance carried out on Kim Dotcom.

These included giving the GCSB the express capability to legally perform surveillance on New Zealanders when required by the SIS, the police or Defence forces.

[31] At the time when these changes were introduced, with mounting public concern about New Zealanders' rights to privacy, the then Prime Minister John Key stated that the "new legislation does not add up to an expansion of the bureau’s powers".

[26] In addition, the GCSB's role has expanded and it is now able to perform surveillance on "behalf of the SIS, the police or the Defence forces, or for the purposes of cyber security".

[34] The review was completed at the end of February 2016, and its findings proposed that one Act be introduced to bring all of New Zealand's intelligence and security agencies together.

As terrorist groups continue to advance in their technological capabilities, the current legislation was quickly becoming out-dated and unsuitable for present day society.

[citation needed] The new Act has extended the GCSB's capabilities to perform surveillance on New Zealanders, whereas previously, only the SIS was permitted do this.

This extension of the GCSB's powers has the potential to have serious ramifications for all New Zealanders, as author and associate professor of law Stephen Penk notes, "surveillance of an individual may lead to a loss of privacy through an individual’s loss of control or autonomy when, typically, he or she is subjected to undesired monitoring of his or her functions, movements or communications"[41] As per the recommendations made by Cullen and Reddy the new Act covers a number of points such as: The Act's purpose was expressed in Section 3; which is to "protect New Zealand as a free, open, and democratic society".

[42] One such safeguard is expressed in sections 12 and 13 that "require that the agencies operate in accordance with New Zealand law and all human rights obligations, including when co-operating or sharing intelligence with foreign partners".

[43] Section 22 of the Act provided a further safeguard extending protection to "the right to engage in lawful advocacy, protest and dissent".

The NZ Privacy Commissioner from 2014-2021, John Edwards
Rebecca Kitteridge in 2015. She conducted a review of the GCSB's compliance with the law. She is also current Director of the NZ SIS.