Privacy + looks like some executive continued

Question 1

What is the key act for privacy?

Answer 1

Privacy Act 2020

Question 2

What is the Privacy Act 2020’s purpose?

Answer 2

S 3 - To promote and protect individual privacy

Question 3

How does s 3 PA 2020 outline how the purpose will be achieved?

Answer 3

By providing a framework for protection of personal information

AND

Giving effect to international privacy obligations

Question 4

What is personal information?

Answer 4

Section 7
- information about an identifiable individual

Question 5

What are the Information Privacy Principles?

Answer 5

1. Agencies should only collect PI when necessary and for a lawful purpose
2. PI should be collected directly from the individual concerned
3. Agencies should inform individuals of the purpose for collection and their rights of access
4. Collection of PI by Agencies must be by lawful and fair means
5. Agencies shall store PI safely and securely
6. Individuals have right to know whether the agency holds PI about them and right to access this
7. Rights to correct PI that an agency holds about you
8. Agencies to ensure PI is up to date & accurate before using or disclosing it
9. PI not to be kept by Agency longer than necessary
10. PI collected for one purpose must not be used for another
11. PI can be disclosed only in limited circumstances (eg when authorised or anonymised)
12. Agencies can only send PI to someone overseas if it will be protected in the country of destination
13. Unique identifiers used only if necessary

Question 6

How many information privacy principles are there?

Answer 6

13

Question 7

Where is interference defined?

Answer 7

S 69

Question 8

What is interference?

Answer 8

EITHER

A breach of IPPs (not 6 or 7) AND something else – effect on an individual.

OR

a refusal of a request under IPP 6 or 7 “without proper basis.”

Question 9

Proceedings Commissioner v Police [2000]

Answer 9

Alleged breaches of IPP 5 and 11

Facts:
- PI relating to application by 3rd parties for protection order
- Woman in domestic violence relationship
- Known to her parents and police
- Concerned for her, they applied for a protection order on her behalf
- Would stop her partner coming near her or their home
- Police officer contacted a friend in media
- News story was printed about application
- Included PI about her
- Media followed and filmed Police Officer delivering protection order at the complainants home and serving it on the boyfriend
- Woman was not identifiable to the world at large but identifiable to those who knew her

Question:
- What amounts to disclosure of PI?
- Was PI disclosed?

Held:
Was it PI?
- She was not directly identified
- BUT does not need to directly identify her, can constructively identify her
Was the information disclosed?
- disclosure need not be in words or intended
Overall
- It was PI identifiable to others

Question 10

Who investigates claims of breach of privacy?

Answer 10

The Privacy Commissioner - s 79

Question 11

When can the privacy commissioner investigate?

Answer 11

Issues can be raised by complaint or by the privacy commissioner raises them themselves

Question 12

At any time before, after or during an investigation, what must the privacy commissioner do?

Answer 12

Use best endevors to secure a settlement

Question 13

Does the privacy commissioner need to hold herrings?

Answer 13

No, don’t need to a hearing and no one is entitled as of right to be heard - s 81

Question 14

If the Commissioner decides a complaint has substance, what may they do?

Answer 14

1. Refer the matter to the Director (HRRT)
   Usually if pretty serious, may end up with prosecution
2. Make an access direction for personal information
   If complaint is about access denied
3. Take any other action the Commissioner considers appropriate - ss 91, 92 and 94
   E.G. work with company to make sure it doesn’t happen again

Question 15

What is the Human Rights Review Tribunal?

Answer 15

Looks at claims relating to breaches of the Human Rights Act 1993, Privacy Act 2020, Health and Disability Commissioner Act 1994

If the Commissioner refers a complaint/matter to the Director, Director may commence proceedings in the HRRT, s 97

Question 16

What are the remedies in the HRRT?

Answer 16

s 102:
- declaration
- order
- damages - s 103

Question 17

What damages can you get under the HRRT?

Answer 17

s 103
- expenses
- pecuniary loss
- loss of any benefit
- humiliation/loss of dignity/injury to feelings)

Question 18

Kim Dotcom v Crown Law Office [2023] NZHC 3105

Answer 18

Facts:
- Kim Dotcom wanted info the govt had about him to use in an extradition proceeding
- Requests for PI refused.
- Claimed breach of IPP 6

History:
- Initially won claim: HRRT awarded damages.
- Appeals to HC by AG and CA by Dotcom.
- CA allowed the appeal, referred the question of damages back to the HRRT.
- HRRT declined damages.
- Dotcom’s appeal to the HC was dismissed (HC#2).
- Dotcom sought to appeal to the CA. - Leave is denied.
This case is decision on whether he can appeal to CA

Claims:
- Section 103(1)(c): loss of any benefit that “the aggrieved individual might reasonably have been expected to obtain but for the interference”

Held:
- HC#2: agreed loss of benefit can include loss of being able to use the information in extradition proceedings
BUT
- It is not enough just to plead the loss – Dotcom “had to show that the breach of privacy had caused him to lose a benefit” (but for)

Question 19

What are Notification and Compliance Notices?

Answer 19

Statutory duty on agencies to notify commissioner of breaches it is reasonable to believe have caused, or are likely to cause, serious harm (ss 112-115 and 118)
Commissioner can issue compliance notices to agencies they consider may have interfered with someone’s privacy (s 123)

Question 20

What type of entity is the privacy commissioner?

Answer 20

A crown entity - s 13.

Question 21

What are the functions of the Privacy Commissioner?

Answer 21

s 17 :
- Advise Ministers and “agencies” on privacy
- Promote understanding and acceptance of the IPPs
- Examine proposed legislation or government policy that may affect privacy;
- Inquire into matters including any law or government practice or procedure, if it appears that privacy is being infringed
- Investigating (or investigating complaints about) interferences with privacy

Question 22

What is an agency?

Answer 22

A public sector, govt department, school board of trustee, private sector, business etc… we focus on the public sector agencies

Question 23

What are the privacy comissioner’s duties under sections 20 and 21?

Answer 23

1. Commissioner must act independently
2. Commissioner must
   - have regard to the privacy interests of individuals alongside other human rights and interests
   - take account of NZ’s international obligations
   - take account of cultural perspectives on privacy
   - have regard to the IPPs.

Question 24

How does the cabinet manual 7.9-7.105 set out the making of regulations?

Answer 24

1. Identify need
2. Develop policy
3. Consult (as required)
4. Unless regulations are routine, submit policy and impact statement to cabinet for approval
5. Drafting by parliamentary counsel
6. Submit to Cabinet for approval
7. Notification in the Gazette
8. 28 day stand-down period
9. Publication

Question 25

What are the pros of regulations?

Answer 25

• relieve pressure on Parliament’s time, especially on technical matters
• can be made quickly
• facilitate flexibility and experimentation
• provide powers to respond to emergencies including war and natural disasters

Question 26

What are the cons of regulations?

Answer 26

• potential for abuse by the Executive (CM 40)
• Henry VIII and Henry VIII clauses
• Sir Robert Muldoon and the Economic Stabilisation Act

Question 27

What are Henry VIII clauses?

Answer 27

Henry VIII liked to intimidate parliament into giving him power, including powers to suspend or do something inconsistent with an act of parliament. This is a problem and we don’t like these types of clauses.

Question 28

What is an example in NZ of a Henry VIII clause?

Answer 28

Sir Robert Muldoon and the Economic Stabilisation Act

Question 29

What are the ways in which we can control the executive in exercising their powers?

Answer 29

• Well defined limits to the delegation
• Publication
• Regulations review committee
• Presentation to the House
• Approval
• Disallowance by Parliament
• Judicial Review

Question 30

How do well defined limits control the executive?

Answer 30

We try to avoid vague or widely framed empowering provisions allowing defined legal limits to constrain the use of powers.

Question 31

How does publication control the executive?

Answer 31

Publication ensures that we know about the regulations and what they are.

Question 32

How does the regulations review committee control the executive?

Answer 32

Regulations MUST be presented to the house, the house able to disallow them.

Question 33

How does approval control the executive?

Answer 33

We sometimes require parliament to approve a regulation, typically for things with big consequences.
E.g. classification of drugs.

Question 34

How does Disallowance by Parliament control the executive?

Answer 34

Parliament can overthrow regulations if they are not ok.

Question 35

How does Judicial Review control the executive?

Answer 35

The courts have the ability to look at regulations, etc and say they are unlawful.

Question 36

What is the Regulations Review Tribunal?

Answer 36

A specialist select committee established in 1985.

Question 37

Who are members of the Regulations Review Tribunal?

Answer 37

No legal rules, but convention says membership must consist of 3 opposition MPs (convention says one of which is the chair) and 3 government MPs.
- 50:50 split with opposition chairing it.

Question 38

What do the Regulations Review Tribunal look into?

Answer 38

Functions (SO 326):
- examine all regulations made
- examine draft regulations
- examine regulation-making powers in Bills

Question 39

What can the Regulations Review Tribunal do?

Answer 39

• can make a report
• may report to house

Question 40

On what grounds may the Regulations Review Tribunal report a regulation to parliament?

Answer 40

• Not consistent with the primary act
• Trespasses unduly on personal rights and liberties
• Weird/unexpected use of power
• Unduly makes people’s rights and liberties dependent upon administrative decisions not subject to review on their merits
• Excludes courts jurisdiction without authority
• Contains too high level stuff
• Retrospective without authority
• Not consistent with procedures prescribed by other acts
• any other reasons

Question 41

Is the Regulations Review Tribunal bound by its previous decisions?

Answer 41

No.

Question 42

What can the house do with regulations?

Answer 42

Legislation Act 2019:
- Disallowance (ss 115-120) (wholly or partly)
- Amend or repeal regulations

Question 43

What does disallowing a regulation do?

Answer 43

• As if it has never been made
• Anything it overruled springs back to life

Question 44

What happens if the Regulations Review Tribunal refer something to the House but the House doesn’t do anything?

Answer 44

If RRC refers it to the house and the house doesn’t do anything within 21 days, the legislation will be disallowed automatically