Personal Data Protection in New Zealand: Lessons for South Africa?


  • A Roos University of south Africa



In 1995 the European Union adopted a Directive on data protection. Article 25 of this Directive compels all EU member countries to adopt data protection legislation and to prevent the transfer of personal data to non-EU member countries (“third countries”) that do not provide an adequate level of data protection. Article 25 results in the Directive having extra-territorial effect and exerting an influence in countries outside the EU. Like South Africa, New Zealand is a “third” country in terms of the EU Directive on data protection. New Zealand recognised the need for data protection and adopted a data protection Act over 15 years ago. The focus of this article is on the data protection provisions in New Zealand law with a view to establishing whether South Africa can learn any lessons from them. In general, it can be said that although New Zealand law does not expressly recognise a right to privacy, it has a data protection regime that functions well and that goes a long way to providing adequate data protection as required by the EU Directive on data protection. Nevertheless, the EU has not made a finding to that effect as yet. The New Zealand data protection act requires a couple of amendments before New Zealand might be adjudged ‘adequate’. South Africa’s protection of the right to privacy and identity is better developed and more extensive than that of New Zealand. Privacy is recognised and protected in the law of delict and by the South African Constitution. Despite South Africa’s apparently high regard for the individual’s right to privacy and identity and our well-developed common and constitutional law of privacy, South Africa does not meet the adequacy requirement of the EU Directive, because we do not have a data protection Act. This means that South African participants in the information technology arena are at a constant disadvantage. It is argued that South Africa should follow New Zealand’s example and adopt a data protection law as soon as possible.


Download data is not yet available.


Metrics Loading ...



ALI Restatement (Second) of Torts

American Law Institute Restatement (Second) of Torts (American Law Institute Publishers St Paul, Minnesota 1977)

Bennett Regulating Privacy

Bennett CJ Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Cornell University Press Ithaca1992)

Bloustein 1964 NYULR

Bloustein EJ “Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser” 1964 New York University Law Review 962-1007

Blume 1997 Int R L Computers & Tech

Blume P “Privacy as theoretical and practical concept” 1997 International Review of Law, Computers & Technology 193-202

Borking “Privacy technology”

Borking J “Privacy technology, a new challenge in cyberspace” in Ippel P,

De Heij G and Crouwers B (eds) Privacy Disputed (SDU Den Haag 1995)

Burns Communications Law

Burns Y Communications Law (Butterworths Durban 2001)

Burrows “Invasion of Privacy”

Burrows J “Invasion of Privacy” in Todd S (ed) The Law of Torts in New Zealand 4th ed (Law Book North Ryde NSW 2005)

Bygrave 2001 UNSWLJ

Bygrave LA “The place of privacy in data protection law” 2001 University of New South Wales Law Journal 277-283

Bygrave Data Protection Law

Bygrave L A Data Protection Law: Approaching its Rationale, Logic and

Limit (Kluwer Law International The Hague 2002)

Eiselen Reg op privaatheid in die inligtingsera

Eiselen GTS Die reg op privaatheid in die inligtingsera Unpublished inaugural lecture PU vir CHE (1994)

Flaherty Surveillance Societies

Flaherty DH Protecting Privacy in Surveillance Societies: The Federal

Republic of Germany, Sweden, France, Canada, and the United States

(University of North Carolina Press Chapel Hill 1989)

Korff Data Protection Laws in the EU

Korff D Data Protection Laws in the European Union (Federation of European Direct Marketing Brussels 2005)

Kuner European Data Privacy Law

Kuner C European Data Privacy Law and Online Business (Oxford University Press Oxford 2003)

Larremore 1912 Columbia L Rev

Larremore D “The Law of Privacy” 1912 Columbia Law Review 693-708

Lloyd Information Technology Law

Lloyd IJ Information Technology Law (Butterworths London 2004)

Madsen Personal Data Protection

Madsen W Handbook of Personal Data Protection (Macmillan Publishers London 1992)

McQuoid-Mason Privacy

McQuoid-Mason DJ The Law of Privacy in South Africa (Juta Cape Town 1978)

Mount 1992-1995 Auckland University L Rev

Mount S “The Privacy Act 1993” 1992-1995 Auckland University Law

Review 408-413

Neethling 2007 TSAR

Neethling J “Die hoogste hof van appèl verleen erkenning aan die reg op identiteit as persoonlikheids- en fundamentele reg: regspraak” 2007 Tydskrif vir Suid-Afrikaanse Reg 834-838

Neethling 2002 THRHR

Neethling J “Aanspreeklikheid vir nuwe risiko’s: moontlikhede en

beperkinge van die Suid-Afrikaanse deliktereg” 2002 Tydskrif vir Hedendaagse Romeins-Hollandse Reg 574-592

Neethling 1980 THRHR

Neethling J “Die kredietburowese en databeskerming” 1980 Tydskrif vir Hedendaagse Romeins-Hollandse Reg 141-155

Neethling “Databeskerming”

Neethling J “Databeskerming: Motivering en Riglyne vir Wetgewing in SuidAfrika” in Strauss SA (ed) Huldigingsbundel vir WA Joubert (Butterworths Durban1988)

Neethling Privaatheid

Neethling J Die Reg op Privaatheid (LLD-thesis Unisa 1976)

Neethling, Potgieter and Visser Law of Delict

Neethling J, Potgieter JM and Visser PJ Law of Delict (Butterworths Durban 2005)

Neethling, Potgieter and Visser Law of Personality

Neethling J, Potgieter JM and Visser PJ Neethling’s Law of Personality (Butterworths Durban 2005)

NZ Department of Justice White Paper

New Zealand Department of Justice A Bill of Rights for New Zealand: White

Paper (Department of Justice Wellington 1985)


New Zealand Law Commission Study Paper 19 Privacy: Concepts and

Issues: Review of the Law of Privacy: Stage 1 (NZLC Wellington 2008)

OECD Guidelines

Organisation for Economic Cooperation and Development Guidelines on the Protection of Privacy and Transborder Flows of Personal Data: Explanatory Memorandum (OECD Paris 1981)

OECD Recommendation

Organisation for Economic Cooperation and Development

Recommendation of the Council Concerning Guidelines Governing the

Protection of Privacy and Transborder Flows of Personal Data (OECD Paris 1980)

Palmer 1975 NZLJ

Palmer G “Privacy and the Law” 1975 New Zealand Law Journal 747-756

Prosser 1960 Cal L Rev

Prosser WL “Privacy” 1960 (48) California Law Review 383-423

Rogers Torts

Rogers WVH Winfield & Jolowicz on Torts (Sweet and Maxwell London 1989)

Roos 2007 SALJ

Roos A “Data Protection: Explaining the International Backdrop and

Evaluating the Current South African position” 2007 South African Law Journal 400-433

Roos 2006 CILSA

Roos A “Core Principles of Data Protection Law” 2006 Comparative and

International Law of South Africa 102-130

Roos 1990 TSAR

Roos A “Data privacy: The American experience” 1990 Tydskrif vir SuidAfrikaanse Reg 264-278

Roos Data (Privacy) Protection

Roos A The Law of Data (Privacy) Protection: A Comparative and Theoretical Study (LLD-thesis Unisa 2003)

Schulze 1994 THRHR

Schulze WG “The LOA life register – A snap survey of possible legal pitfalls” 1994 Tydskrif vir Hedendaagse Romeins-Hollandse Reg 75-86

Shroff “Privacy and Sovereignty”

Shroff M (NZ Privacy Commissioner) “Privacy and Sovereignty: Data Fight or Flight?” An address to GOVIS 2007 – Innovation in ICT (Wellington 10 May 2007)

Tobin 2004 TLJ

Tobin R “Yes, Virginia, There is a Santa Claus: The Tort of Invasion of Privacy in New Zealand” 2004 (12) Torts Law Journal 95-107

Tobin 2000 NZLJ

Tobin R “Invasion of Privacy” 2000 New Zealand Law Journal 216-218, 222

Tobin “Privacy and Freedom of Expression”

Tobin R “Privacy and Freedom of Expression in New Zealand” in Colvin M

(ed) Developing Key Privacy Rights (Hart Publishing Oxford 2002)

Turkington and Allen Privacy Law

Turkington RC and Allen A Privacy Law: Cases and Materials (West Group St Paul Minnesota 1999)

Warren and Brandeis 1890 Harv L Rev 193

Warren S and Brandeis L “The Right to Privacy” 1890 (4) Harvard Law Review 193-220

Westin Privacy and Freedom

Westin AF Privacy and freedom (Atheneum New York 1967)

Register of court cases

South Africa

Bernstein v Bester NO 1996 2 SA 751 (CC)

Carmichele v Minister of Safety and Security (Centre for Applied Legal Studies

Intervening) 2001 4 SA 938 (CC)

Financial Mail (Pty) Ltd v Sage Holdings Ltd 1993 2 SA 451 (A)

Gosschalk v Rossouw 1966 2 SA 476 (C)

Grutter v Lombard 2007 4 SA 89 (SCA)

Investigating Directorate: Serious Economic Offences v Hyundai Motor Distributors (Pty) Ltd 2001 1 SA 545 (CC)

Janit v Motor Industry Fund Administrators (Pty) Ltd 1995 4 SA 293 (A)

Jansen van Vuuren v Kruger 1993 4 SA 842 (A)

Kidson v SA Associated Newspapers Ltd 1957 3 SA 461 (W)

La Grange v Schoeman 1980 1 SA 885 (E)

Mhlongo v Bailey 1958 1 SA 370 (C)

Motor Industry Fund v Janit 1994 3 SA 56 (W)

National Media Ltd v Jooste 1996 3 SA 262 (A)

O'Keeffe v Argus Printing and Publishing Co Ltd 1954 3 SA 244 (C)

Protea Technology Ltd v Wainer [1997] 3 All SA 594 (W) 608

Rhodesian Printing and Publishing Co Ltd v Duggan 1975 1 SA 590 (R)

S v A 1971 2 SA 293 (T)

Universiteit van Pretoria v Tommie Meyer Films (Edms) Bpk 1977 4 SA 376 (T) 386

New Zealand

Andrews v TVNZ [15 December 2006] HC AK CIV 2004-4-4-353

Auckland Medical Aid Trust v Taylor [1975] 1 NZLR 728 737 (CA)

Bradley v Wingnut Films [1993] 1 NZLR 415 (HC)

Brooker v Police [2007] NZSC 30

Hosking v Runting [2005] 1 NZLR 1 (CA)

L v G [2002] DCR 234, [2002] NZAR 495 Moulton v Police [1980] 1 NZLR 443 (CA)

P v D [2000] 2 NZLR 591 (HC)

R v Fraser [1997] 2 NZLR 442 (CA)

R v Grayson and Taylor [1997] 1 NZLR 399 (CA)

Ramsay v Cooke [1984] 2 NZLR 680 (HC)

Rogers v Television New Zealand Ltd [2007] NZSC 91

Savelio v R [2005] NZCA 198

Transport Ministry v Payn [1977] NZLR 50 64 (CA)

Tucker v News Media Ownership Ltd [1986] 2 NZLR 716 (HC)

TV3 Network Services Ltd v Farhey [1999] 2 NZLR 129 (CA)

United Kingdom

Campbell v MGN [2004] 2 AC 457 (HL)

Douglas v Hello! Ltd [2001] QB 967; [2001] 2 All ER 289

Kaye v Robertson [1991] FSR 62

Malone v Metropolitan Police Commissioner (No 2) [1979] 2 All ER 620

R (on the application of Wainwright) v Richmond upon Thames London

Borough Council [2001] EWCA Civ 2062 CA

R v Brown [1996] AC 543 557 (HL)

Register of legislation

Bill of Rights Act 1990 (NZ)

Broadcasting Act 1976 (NZ)

Broadcasting Act 1989 (NZ)

Care of Children Act 2004 (NZ)

Children’s Online Privacy Protection Act 1998 (USA)

Computer Matching and Privacy Protection Act 1988 (USA)

Constitution Act 1986 (NZ)

Constitution of the Republic of South Africa 1996 (SA)

Crimes Act 1961 (NZ)

Data Protection Act 1998 (UK)

Electronic Communications and Transactions Act 25 of 2002 (SA) Electronic Communications Privacy Act 1986 (USA)

Fair Credit Reporting Act 1970 (USA)

Human Rights Act 1977 (NZ)

National Credit Act 34 of 2005 (SA)

Privacy Act 1974 (USA)

Privacy Act 1993 (NZ)

Privacy Commissioner Act 1991 (NZ)

Privacy Protection Act 1980 (USA)

Promotion of Access to Information Act 2 of 2000 (SA)

Right to Financial Privacy Act 1978 (USA)

Statute of Westminster Adoption Act 1947 (NZ)

Supreme Court Act 2003 (NZ)

Telecommunications Act 1996 (USA)

Wanganui Computer Centre Act 1976 (NZ)

Wet Bescherming Persoonsgegevens 2000 (Netherlands)

Register of international documents

Charter of Fundamental Rights of the European Union [2000] Official Journal C 364/1

Council of Europe Convention for the Protection of Individuals with Regard to

Automatic Processing of Personal Data No 108/1981 (Strasbourg 28 Jan 1981)

European Union Directive on the Protection of Individuals with regard to the

Processing of Personal Data and on the Free Movement of such Data

Directive 95/46/EC 1995 Official Journal L 281/ 31

Treaty of Waitangi 1840 (NZ)

Treaty on European Union 1992

United Nations International Covenant on Civil and Political Rights General Assembly Resolution 2200A (XXI) 16 December 1966

Register of Internet sources

BSA 24 Nov

BSA 2008 Information about the Broadcasting Standards Authority [Found on internet] [Date of use 24 November 2008]

Council of Europe 2008 16 Jun Council of Europe 2008 About the Council of Europe [Found on internet] [Date of use 16 June 2008]

DoC Safe Harbor Agreement 24 Nov Department of Commerce Safe Harbor Agreement [Found on internet] [Date of use 24 November 2008]

Engelbrecht 2008 16 Jun

Engelbrecht L 20 February 2008 Data Privacy Bill in suspended animation

[Found on internet] [Date of use 20 February 2008]

EU 2008 24 Nov

EU 2008 Countries [Found on internet]

[Date of use 24 November 2008]

Greville 2002 LLRX 16 Jun

Greville M "An introduction to New Zealand Law and Legal Information"

LLRX [Found on internet] [Date of use 16 June 2008]

NZ Privacy Commissioner Fact Sheet no 2 18 Jun

NZ Privacy Commissioner Fact Sheet no 2: Information Privacy Principles

[Found on internet] [Date of use 18 June 2008]

NZ Privacy Commissioner Annual Report 2007 27


New Zealand Privacy Commissioner Annual Report 2007 [Found on

internet] [Date of use 27 November 2008]

OECD 2008 24 Nov

OECD 2008 Organisation for Co-operation and Development [Found on internet] [Date of use 24 November 2008]

SALRC Privacy and Data Protection Discussion Paper 109 24 Nov

South African Law Reform Commission Privacy and Data Protection Project 124 Discussion Paper 109 [Found on internet] [Date of use 24 November 2008]



How to Cite

Roos, A. (2017). Personal Data Protection in New Zealand: Lessons for South Africa?. Potchefstroom Electronic Law Journal, 11(4), 61–108.