(1)
Pursuant to Directive 95/46/EC, Member States are required to provide that the transfer of personal data to a third country may take place only if the third country in question ensures an adequate level of protection and if the Member States’ laws implementing other provisions of the Directive are complied with prior to the transfer.
(6)
New Zealand operates on the principle of Parliamentary sovereignty. Nevertheless, by convention there are a number of statutes that are of particular constitutional importance and are regarded as ‘higher law’. This is in the sense that they form part of the constitutional background or landscape by informing government practice and the enactment of other legislation. Moreover, cross-political consensus would be expected in the event of amendment or repeal of this legislation. Several of these statutes — the Bill of Rights Act of 28 August 1990 (Public Act No 109 of 1990), the Human Rights Act of 10 August 1993 (Public Act No 82 of 1993), and the Privacy Act of 17 May 1993 (Public Act No 28 of 1993) — are relevant to data protection. The constitutional importance of this legislation is reflected by the convention that they must be taken into account when developing or proposing new legislation.
(9)
In addition to legislation enacted by the New Zealand Parliament, there exists a considerable body of common law whose roots stem from English common law, embodying common law principles and rules that are relevant to data protection. Among the fundamental common law principles is the principle that the dignity of the individual is a paramount concern of the law. This common law principle is a key element in the background context to judicial decision-making generally in New Zealand. New Zealand case-law based on common law also contains a number of other aspects of privacy including invasion of privacy, breach of confidence and incidental protection in the context of defamation, nuisance, harassment, malicious falsehood, negligence and others.
(11)
The application of the legal data protection standards is guaranteed by administrative and judicial remedies, and by independent supervision carried out by the supervisory authority, the Privacy Commissioner, who is endowed with the kinds of powers set out in Article 28 of Directive 95/46/EC, and who acts independently. Moreover, any interested party is entitled to seek judicial redress for compensation for damages suffered as a result of the unlawful processing of his personal data.