Pattern grey 400x400

We are being monitored. From the online shopping we do, to the news articles we read, to the websites we frequent, tracking files are monitoring our online activity.

Tracking files, also known as cookies, are small text files that are downloaded onto computers or smartphones when a user accesses a website. These allow the website to recognise the individual user’s device and store information about their preferences or past actions.

Given that practically all Internet users have hundreds of cookies on their devices and many users are unaware of how and why cookies are used, their prevalence may present a privacy concern for visitors and site owners alike. Despite the wide use of cookies, some jurisdictions focus laws and regulations on cookies and others do not.

For example, the United Kingdom’s Privacy and Electronic Communications Regulations 2011 specifically regulates the use of cookies and customer privacy. These regulations sit in conjunction with the Data Protection Act 1998, which deals with the processing of personal data. Together these laws require UK websites to inform users that they are being tracked with cookies, and to ask the user’s consent before trackers are placed on machines. Some sites explicitly ask users for their consent, whereas others display a prominent message asking users if they wish to alter their settings—with the default being to accept. There are some limited exceptions for cookies that are essential in providing an online service at the user’s request, such as providing security during online banking, or remembering someone’s shopping cart. Failure to comply can result in fines up to £500,000.

What about New Zealand?

In contrast, New Zealand law does not specifically regulate cookies. Our websites don’t have free reign though. The collection, use, transmission, and retention of personal information is governed by the Privacy Act 1993 which applies to all persons who collect, store, transmit, disclosure or use personal information. Other relevant laws include the Unsolicited Electronic Messages Act 2007 (UEMA), the Consumer Guarantees Act 1993 (CGA), and the Fair Trading Act 1986 (FTA). The UEMA concerns the sending of unsolicited commercial electronic messages, and the CGA and FTA deal with, among other things, misleading product descriptions given in relation to consumer goods and services.

Under the Privacy Act, if personal information is collected, including through cookies, it must be collected for a ‘lawful purpose’ and must generally be collected directly from the individual concerned. Unlike the UK laws, New Zealand law does not require consent to collect cookies. Instead, when personal information is directly collected, the site owner must take reasonable steps to ensure that the individual is aware of:

  • The fact that this information is being collected
  • The purpose of its collection
  • The intended recipients of the information
  • The name and address of the agency that is collecting the personal information.

The site owner must also take reasonable steps to ensure that individuals are aware of any consequences if all or part of the requested personal information is not provided, as well as their rights of access to, and correction of, the personal information.

What about overseas users of my New Zealand site?

If a site owner is using cookies to collect information on a global platform, particularly if they are processing personal data, they should consider the relevant jurisdiction’s cookie laws and whether they have to comply. For example, the UK cookies laws would apply if the site stored or accessed cookies on a UK user’s device and those cookies processed personal data at an individual level.

Closer to home, the relevant law in Australia is the Australian Privacy Principles. These can also apply to a New Zealand website if the website collects or holds personal information from individuals who are physically located in Australia.

Last bites

There’s nothing inherently bad or malicious about cookies. They typically enable websites to provide useful functionality, customise sites to suit your preferences, and provide tailored information. But, like real life cookies, if you’re not sure why you’ve been given them, you might want to ask a few questions before gorging yourself!

If you’re developing or updating your website, please get in touch with us to discuss ways to manage cookies in a way that will keep you compliant with the law, and your users informed and satisfied.

Our specialist lawyers can assist you in relation to all aspects of cookies and data protection, including review and implementation of appropriate policies and terms.

Please call or email Hayley Miller or Peter Fernando for assistance or for further information.



View All