Tracking files, also known as cookies, are small text files that are downloaded onto computers or smartphones when a user accesses a website. These allow the website to recognise the individual user’s device and store information about their preferences or past actions.
What about New Zealand?
In contrast, New Zealand law does not specifically regulate cookies. Our websites don’t have free reign though. The collection, use, transmission, and retention of personal information is governed by the Privacy Act 1993 which applies to all persons who collect, store, transmit, disclosure or use personal information. Other relevant laws include the Unsolicited Electronic Messages Act 2007 (UEMA), the Consumer Guarantees Act 1993 (CGA), and the Fair Trading Act 1986 (FTA). The UEMA concerns the sending of unsolicited commercial electronic messages, and the CGA and FTA deal with, among other things, misleading product descriptions given in relation to consumer goods and services.
Under the Privacy Act, if personal information is collected, including through cookies, it must be collected for a ‘lawful purpose’ and must generally be collected directly from the individual concerned. Unlike the UK laws, New Zealand law does not require consent to collect cookies. Instead, when personal information is directly collected, the site owner must take reasonable steps to ensure that the individual is aware of:
The site owner must also take reasonable steps to ensure that individuals are aware of any consequences if all or part of the requested personal information is not provided, as well as their rights of access to, and correction of, the personal information.
What about overseas users of my New Zealand site?
If a site owner is using cookies to collect information on a global platform, particularly if they are processing personal data, they should consider the relevant jurisdiction’s cookie laws and whether they have to comply. For example, the UK cookies laws would apply if the site stored or accessed cookies on a UK user’s device and those cookies processed personal data at an individual level.
Closer to home, the relevant law in Australia is the Australian Privacy Principles. These can also apply to a New Zealand website if the website collects or holds personal information from individuals who are physically located in Australia.
There’s nothing inherently bad or malicious about cookies. They typically enable websites to provide useful functionality, customise sites to suit your preferences, and provide tailored information. But, like real life cookies, if you’re not sure why you’ve been given them, you might want to ask a few questions before gorging yourself!
If you’re developing or updating your website, please get in touch with us to discuss ways to manage cookies in a way that will keep you compliant with the law, and your users informed and satisfied.
Our specialist lawyers can assist you in relation to all aspects of cookies and data protection, including review and implementation of appropriate policies and terms.
Please call or email Hayley Miller or Peter Fernando for assistance or for further information.