(4)
Given the different approaches to data protection in third countries, the adequacy assessment should be carried out, and any decision based on Directive 95/46/EC should be made and enforced in a way that does not arbitrarily or unjustifiably discriminate against or between third countries where like conditions prevail, nor constitute a disguised barrier to trade, regard being had to the Union’s present international commitments.
(9)
In addition to legislation enacted by the New Zealand Parliament, there exists a considerable body of common law whose roots stem from English common law, embodying common law principles and rules that are relevant to data protection. Among the fundamental common law principles is the principle that the dignity of the individual is a paramount concern of the law. This common law principle is a key element in the background context to judicial decision-making generally in New Zealand. New Zealand case-law based on common law also contains a number of other aspects of privacy including invasion of privacy, breach of confidence and incidental protection in the context of defamation, nuisance, harassment, malicious falsehood, negligence and others.
(13)
This decision should concern the adequacy of protection provided in New Zealand with a view to meeting the requirements of Article 25(1) of Directive 95/46/EC. It should not affect other conditions or restrictions implementing other provisions of the Directive that pertain to the processing of personal data within Member States.
(15)
The Working Party on the protection of individuals with regard to the processing of personal data established under Article 29 of Directive 95/46/EC has delivered a favourable opinion on the level of adequacy as regards protection of personal data in New Zealand (2), which has been taken into account in the preparation of this Implementing Decision.
(16)
The measures provided for in this Decision are in accordance with the opinion of the Committee established under Article 31(1) of Directive 95/46/EC,
HAS ADOPTED THIS DECISION:
2. The competent supervisory authority for the application of the legal data protection standards in New Zealand is set out in the Annex to this Decision.
3. Where information gathered under Article 2(1) and under paragraphs 1 and 2 of this Article provides evidence that any body responsible for ensuring compliance with the standards of protection in New Zealand is not effectively fulfilling its role, the Commission shall inform the competent New Zealand authority and, if necessary, present draft measures in accordance with the procedure referred to in Article 31(2) of Directive 95/46/EC with a view to repealing or suspending this Decision or limiting its scope.
The Commission shall monitor the functioning of this Decision and report any pertinent findings to the Committee established under Article 31 of Directive 95/46/EC, including any evidence that could affect the finding in Article 1 of this Decision, that protection in New Zealand is adequate within the meaning of Article 25 of Directive 95/46/EC and any evidence that this Decision is being implemented in a discriminatory manner.
Member States shall take all the measures necessary to comply with this Decision until 20 March 2013.
This Decision is addressed to the Member States.
Done at Brussels, 19 December 2012.
For the Commission
Viviane REDING
Vice-President
(1) OJ L 281, 23.11.1995, p. 31.
(2) Opinion 11/2011 dated 4 April 2011 on the level of protection of personal data in New Zealand. Available at http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp182_en.pdf
ANNEX
Competent supervisory authority referred to in Article 1(2) of this Decision:
Privacy Commissioner:
Te Mana Matapono Matatapu
Level 4
109-111 Featherston Street
Wellington 6143
New Zealand
Tel: +64-4-474 7590
Contact e-mail: [email protected]
Website: http://privacy.org.nz/