In December 2020, a new and amended NZ Privacy Act 2020 took effect<\/a>, strengthening cross-border regulations, data breach requirements and more.<\/p>\n\n\n\n In short, New Zealand\u2019s Privacy Act 2020<\/strong> governs all handling of personal information through the 13 NZ Privacy Principles<\/strong>; requiring you to notify and inform<\/strong> users about collection, use and sharing of their personal information and empowering them with the right to access<\/strong> and correct<\/strong> their data. It is enforced by the Privacy Commissioner<\/strong> and applies to all websites<\/strong>, companies<\/strong> or organizations<\/strong> that handle personal information from inside New Zealand \u2013 regardless of where in the world<\/strong> they themselves are located.<\/p>\n\n\n\n Scan your website for free to see where in the world you send data to<\/a><\/p>\n\n\n\n NZ Privacy Act 2020 quick breakdown \u2013<\/strong><\/p>\n\n\n\n Try Cookiebot consent management platform (CMP) for free<\/a><\/p>\n\n\n\n Scan your website to see what cookies and trackers are in operation<\/a><\/p>\n\n\n\n Cookies and trackers are the most common way<\/strong> for websites to process personal information.<\/p>\n\n\n\n Most websites in the world process data that is defined as personal<\/em>, meaning data that is able to identify a living person<\/strong>, either directly or indirectly through inference.<\/p>\n\n\n\n Personal information<\/strong> under New Zealand\u2019s Privacy Act 2020 is defined very broadly as \u201cinformation about an identifiable individual\u201d<\/em>, and this includes data that is commonly collected and processed by third-party trackers and cookies used by social media platforms (e.g., via a like button on your domain) or marketing services (e.g., advertisement on your website).<\/p>\n\n\n\n Cookies and trackers can be notoriously difficult to detect and control without any assisting technology, especially considering that \u2013<\/p>\n\n\n\n 72% of cookies<\/strong> are hidden inside other cookies \u2013 also known as trojan horses.<\/p>\n\n\n\n 18% of cookies<\/strong> hide even deeper inside other hidden cookies, sometimes loaded by eight other cookies.<\/p>\n\n\n\n 50% of trojan horses<\/strong> will have changed upon repeated visits by users.<\/p>\n\n\n\n Source: Beyond the Front Page<\/em><\/a>, a 2020 study of more than ten thousand websites and their cookies.<\/p>\n\n\n\n At the end of the day, the legal responsibility under New Zealand\u2019s Privacy Act 2020 and its NZ Privacy Principles rests with the website owner and operator<\/strong> to be in compliance with the notification and information requirements, including (but not limited to) to always have an updated privacy policy<\/strong> with all required information.<\/p>\n\n\n\n New Zealand\u2019s Privacy Act 2020 revolves around 13 Privacy Principles<\/strong>.<\/p>\n\n\n\n Together, they form a map of the legal way<\/strong> to collect, process, share, store (and in any other way handle) the personal information of users located inside New Zealand.<\/p>\n\n\n\n The 13 Privacy Principles<\/strong> are (in detail later in this blogpost) \u2013<\/p>\n\n\n\n Website owners and operators should be particularly aware of NZ Privacy Principle 3<\/strong>.<\/p>\n\n\n\n Why?<\/p>\n\n\n\n Well, websites most often collect and process personal information from their visitors through cookies and trackers embedded on their domain via analytics software, marketing services or social media integrations.<\/p>\n\n\n\n NZ Privacy Principle 3<\/strong> is the part of the law that requires you to make sure that your website\u2019s users from New Zealand are made aware<\/strong> \u2013<\/p>\n\n\n\n Practical example of NZ Privacy Principle 3<\/em><\/strong><\/p>\n\n\n\n If your website uses a third-party service to get statistics about user visits on your domain (like Google Analytics<\/a>) or use a third-party marketing service (like HubSpot<\/a>), third-party cookies<\/strong> and trackers<\/strong> will be embedded and in operation on your website.<\/p>\n\n\n\n These cookies and trackers collect and process personal information from users \u2013 such as IP addresses<\/strong>, unique IDs<\/strong>, search<\/strong> and browser history<\/strong>, among many other kinds of data.<\/p>\n\n\n\n Under the NZ Privacy Act 2020 and the NZ Privacy Principle 3, you are required to notify users<\/strong> of all cookies and trackers and inform users<\/strong> about what kind<\/strong> of personal information they collect, how you use<\/strong> the data and who you share<\/strong> the data with, where<\/strong> it is stored and for how long<\/strong>.<\/p>\n\n\n\n When using third-party services, like Google Analytics or HubSpot, you need to inform your users about the third-party cookies and trackers<\/strong> that these services set on your domain; including what kind of data they collect, for what purposes, for how long the data is retained, and where in the world it is sent to and stored.<\/p>\n\n\n\n You are also required to notify and inform users about these things before<\/strong> any personal information has been collected (with exceptions).<\/p>\n\n\n\n Scan your website for free to see what cookies and trackers are in use<\/a><\/p>\n\n\n\n Learn more about cookies and website tracking<\/a><\/p>\n\n\n\n Learn more about NZ Privacy Principle 3 from the Privacy Commissioner<\/a><\/p>\n\n\n\n Get started with Cookiebot CMP and Google Consent Mode<\/a><\/p>\n\n\n\n Cookiebot CMP<\/a> is the world\u2019s leading consent management platform, built around a powerful website scanner<\/strong> that detects all known cookies, trackers and trojan horses embedded and in operation on your domain.<\/p>\n\n\n\n The biggest compliance issue for your website under the New Zealand\u2019s Privacy Act 2020 is to ensure that you have notified and informed your users in an exhaustive and correct manner<\/strong>, before you collect and process their personal information.<\/p>\n\n\n\n What does this mean in practice?<\/p>\n\n\n\n First of all, it means to make sure that all cookies<\/strong>, trackers<\/strong> and third-party technologies<\/strong> that collect and process personal information on your domain have been detected.<\/p>\n\n\n\n Second of all, it means to notify and inform your users about what kinds of data these cookies and similar tracking technologies collect from them.<\/p>\n\n\n\n Using\u00a0Cookiebot CMP\u00a0takes the hard work out of this.<\/p>\n\n\n\n Scan your entire website with Cookiebot CMP<\/a> and map out exactly what cookies are in use, see what kind of personal information they collect, for what purpose and which third parties they share this data with \u2013 all requirements under the New Zealand Privacy Act 2020.<\/p>\n\n\n\n Cookiebot CMP\u00a0is fully automated and offers you plug-and-play compliance with not only the NZ Privacy Act 2020, but all major data privacy laws, including\u00a0EU\u2019s GDPR\/ePR<\/a>,\u00a0California\u2019s CCPA\/CPRA<\/a>,\u00a0Brazil\u2019s LGPD<\/a>,\u00a0South Africa\u2019s POPIA<\/a>\u00a0and more.<\/p>\n\n\n\n Whether your users are from Europe, the US, South America, Africa or New Zealand,\u00a0Cookiebot CMP\u00a0automatically geotargets their location and ensures that they are presented with the correct and fully compliant data privacy requirements \u2013 without you having to do anything.<\/p>\n\n\n\n Try Cookiebot CMP free for 14 days\u00a0<\/a>\u2013 or forever if you have a small website.<\/p>\n\n\n\n Scan your website for free to see what cookies and trackers are in use<\/a><\/p>\n\n\n\n Get started with Cookiebot CMP and Google Consent Mode<\/a><\/p>\n\n\n\n Let\u2019s look at the New Zealand Privacy Act 2020 and its NZ Privacy Principles in closer detail, including what kind of data \u201cpersonal information\u201d covers, what the 13 NZ Privacy Principles are, and what new amendments have been made to the law in December 2020.<\/p>\n\n\n\n Personal information in New Zealand is any kind of data that can identify an individual.<\/p>\n\n\n\n This includes the more obvious information, such as \u2013<\/p>\n\n\n\n But also, the not-so obvious yet very common information, such as \u2013<\/p>\n\n\n\n Your website might not be collecting or processing much data from the more obvious set, such as passport numbers and sexual orientation of your users, but it almost certainly collects data from the not-so obvious set<\/strong>, namely information about your users\u2019 online presence<\/strong>, their devices, history of preference and behavior on the Internet.<\/p>\n\n\n\n This is personal information<\/strong> \u2013 and most third-party cookies and trackers in the world have it as their mission to collect exactly such kind of data for their operations, be it analytics, advertisement or social media interactions.<\/p>\n\n\n\n If your website is in contact with such data through its cookies and trackers<\/a>, you are required by New Zealand\u2019s Privacy Act 2020 and its NZ Privacy Principles<\/strong> to notify users before collection and inform them of what, why and who you share it with.<\/p>\n\n\n\n Scan your website for free to see all cookies and trackers<\/a><\/p>\n\n\n\n Learn more about website cookies and trackers<\/a><\/p>\n\n\n\n Try Cookiebot CMP free for 14 days<\/a>\u00a0\u2013 or forever if you have a small website.<\/p>\n\n\n\n Of the 13 NZ Privacy Principles<\/strong>, let\u2019s look at the most relevant for your website and its use of cookies and personal information collection.<\/p>\n\n\n\n All 13 NZ Privacy Principles are vital for full compliance with the New Zealand Privacy Act 2020, but we\u2019ll focus particularly on the ones that are paramount to websites, who processes personal information via cookies and trackers.<\/p>\n\n\n\n For a full overview of the 13 New Zealand Privacy Principles, visit the Office of the Privacy Commissioner<\/a><\/p>\n\n\n\n NZ Privacy Principle 1<\/strong> concerns the purpose of collection<\/strong><\/p>\n\n\n\n NZ Privacy Principle 2<\/strong> concerns the sources of personal information<\/strong><\/p>\n\n\n\n NZ Privacy Principle 3<\/strong> concerns the information requirement to users<\/strong><\/p>\n\n\n\n NZ Privacy Principle 4<\/strong> concerns the way you collect personal information<\/strong><\/p>\n\n\n\n NZ Privacy Principle 5<\/strong> concerns the storage and security<\/strong><\/p>\n\n\n\n NZ Privacy Principle 6 <\/strong>concerns a user\u2019s right to access their personal information<\/p>\n\n\n\n NZ Privacy Principle 7 <\/strong>concerns a user\u2019s right to correct their personal information<\/p>\n\n\n\n NZ Privacy Principle 8 <\/strong>concerns the accuracy of personal information<\/strong><\/p>\n\n\n\n NZ Privacy Principle 9 <\/strong>concerns the retention<\/strong> (i.e. for how long you store data)<\/p>\n\n\n\n NZ Privacy Principle 10 <\/strong>concerns the use of personal information<\/strong><\/p>\n\n\n\n NZ Privacy Principle 11 <\/strong>concerns the disclosure of personal information<\/strong><\/p>\n\n\n\n NZ Privacy Principle 12 <\/strong>concerns the cross-border disclosure of personal information<\/strong><\/p>\n\n\n\n![\"NZ](\"\/media\/4029\/aaron-birch-w_j6znpgru4-unsplash.jpg?width=341&\")
\n
![\"Mirror](\"\/media\/4030\/adrien-olichon-rui6l-akra-unsplash.jpg?width=348&\")
Cookies, trackers and the NZ Privacy Act 2020<\/h2>\n\n\n\n
![\"View](\"\/media\/4033\/tobias-keller-73f4pkoukm0-unsplash.jpg?width=341&\")
The 13 NZ Privacy Principles<\/h3>\n\n\n\n
\n
\n
![\"Man](\"\/media\/4034\/steven-coffey-_q4v8_iy0ra-unsplash.jpg?width=341&\")
NZ Privacy Act Compliance with Cookiebot CMP<\/h2>\n\n\n\n
Cookiebot CMP offers plug-and-play control of all cookies and trackers<\/h3>\n\n\n\n
NZ Privacy Act 2020, in detail<\/h2>\n\n\n\n
NZ Privacy Act 2020 and personal information<\/h3>\n\n\n\n
\n
\n
![\"Auckland](\"\/media\/4035\/dan-freeman-hikvsvkh7no-unsplash.jpg?width=341&\")
NZ Privacy Principles<\/h3>\n\n\n\n
![\"Man](\"\/media\/4036\/stephen-dawson-faqfyuod-ra-unsplash.jpg?width=341&\")
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
![\"Three](\"\/media\/4037\/steven-biak-ling-rteyd-gdag4-unsplash.jpg?width=341&\")