Data Protection Litigation in New Zealand: Processes and Outcomes

Abstract

This article examines the first 14 years of New Zealand's experience with regulating data protection from the standpoint of the processes for resolving disputes that are available to complainants. The Privacy Act 1993 applies to both the private and public sectors and provides a "one size fits all" regime unlike those of other jurisdictions. The extent to which it provides effective remedies may be studied through the reported case law of the dedicated tribunal that hears privacy complaints.
The article examines the decisions of this tribunal and the few instances where further appeals have occurred. It also includes a statistical analysis of the nature of defendants (how many were from the public as opposed to the private sector), which information privacy principles were litigated the most, the remedies obtained and the range and average amount of compensation awarded. In addition an assessment is made as to the extent to which parties were legally represented and the effect this had on outcomes for them.
The success of a country's privacy law depends on its ability to provide real remedies in concrete instances affecting real people. The article assesses the success or otherwise of the New Zealand regime in achieving this and in particular the merits of a system of dispute resolution that largely avoids recourse to the courts. The article finds that legal issues and technicalities have played a major part in litigation before the tribunal and that these have been a hurdle for litigants.