On 12 August 2015, the Office of Privacy Commissioner (OPC) completed its first investigation into a complaint about a drone.
The drone had been filming a cricket match and, in doing so, flew over the apartment of the complainant. The complaint alleged that the drone may have captured highly sensitive information in an unreasonably intrusive manner. He did not give consent for the drone to film him.
Following inquiries made to SkyTV, which had been operating the drone, the OPC was not satisfied that the complainant’s personal information had been collected: while in the air the drone was filming only intermittently (when requested by SkyTV’s producer), and had not in fact filmed the complainant. Accordingly the OPC found that SkyTV did not breach the Privacy Act.
The OPC noted that SkyTV had used the drone to film and broadcast other identifiable individuals during the same cricket match. In that instance, the drone operator could see the individuals, and had used hand gestures to show that he wanted to film them with the drone. The individuals in turn signalled their consent with hand gestures.
Link: Privacy Commissioner Case Note
Three points of interest from the Justice and Electoral Committee’s 2014 report on the performance of the Privacy Commissioner are:
• the Commissioner does not yet have full assurance that adequate privacy protection considerations are being designed into government IT systems
• PwC has been engaged to update the Commission’s privacy impact assessment toolkit for use in the design stage by IT system developers and agencies, and
• the Commissioner wants complainants and respondents to take more responsibility for reaching resolution, with its own role limited to setting parameters and explaining the legal position.
Link: Justice and Electoral Committee’s annual report
The Privacy Commissioner may create a central register to record Police requests for personal data without search warrants from service providers such as airlines, banks, electricity companies, telcos and internet providers. Police are said to rely on the Privacy Act’s Principle 11, which permits disclosure of personal information where required “for the maintenance of the law”. The District Court has queried the legality of such demands.
Full article at nzherald.co.nz
APEC hopes to have an update of its privacy framework completed by the end of this year. The New Zealand Privacy Commissioner has undertaken the review as part of an Australia, Canada and New Zealand stocktake group.
Areas identified for strengthening include:
- introducing the concept of privacy management programmes
- adding breach notification to the list of remedies, and
- outlining factors to be considered in balancing trade considerations when restricting cross-border transfers for privacy reasons.
See the full statement on the Privacy Commission website
The Privacy Commissioner has advised power companies to take “additional care” in how they look after the data collected by smart meters. They should inform consumers how the data will be used, and have “strong security standards to ensure information is transmitted safely online”.
Read the full Privacy Commissioner Case Note