Kia ora koutou,

New Zealand is a popular spot for tourists at this time of year. This really paid off for privacy nerds in Auckland and Wellington this week, as European Data Protection Board Legal Adviser Joelle Jouret took a break from her holiday in the sun to speak about the EDPB’s impressions of the EU General Data Protection Regulation almost two years after it commenced, in sessions organized by the NZ Privacy Commissioner’s Office. 

This was a candid and pragmatic presentation and a welcome respite from the GDPR panic we’ve experienced over the last couple of years. Joelle provided insight into the application of the GDPR to agencies outside the EU, the benefits and drawbacks of the "one-stop shop" mechanism, the practical difficulties with extraterritorial enforcement and the looming threat of the European Commission’s review of NZ’s EU adequacy status (will we keep it?). It was particularly interesting to learn the key challenges the EU faces with the GDPR relate to the myriad national laws that might conflict with it, and securing meaningful cooperation between EU supervisory authorities. You can watch Joelle’s Auckland presentation here, and I’d highly recommend you do. 

On the topic of the GDPR, I took a few minutes last week to evangelize to our Auckland KnowledgeNet attendees about the IAPP’s incredible "GDPR Genius." I’m happy to talk this tool up because it has truly helped me to do my job. "GDPR Genius" pulls together the text of the GDPR with the relevant recitals, EDPB guidance and various other articles and precedents to give us all some assurance that we’re operating from a complete and up-to-date understanding of the law. It really is, well, genius. Check it out, if you haven’t already. 

We recently learned that NZ’s Assistant Privacy Commissioner Jon Duffy will be moving to a new role as chief executive of Consumer NZ. This was sad news for the privacy community, which truly benefited from Jon’s affable and pragmatic approach to his leadership role with our privacy regulator. However, the commissioner announced Tuesday that Liz MacPherson will be taking his place to help guide NZ through the significant changes to come to our Privacy Act this year. As former chief executive of Stats NZ and the government statistician, Liz gets privacy and understands how good data management underpins public trust. I look forward to her contribution to the work of the commissioner’s office.

There’s still a few weeks to go to get your proposals in to speak at the ANZ Summit in Sydney later this year. I’d like to reiterate IAPP Australia Country Leader Stephen Bolinger’s suggestion that you focus on the practical. Tell us how you or your organization is putting law into practice, and share your unique ideas and perspectives with an audience that is hungry for innovation and thought leadership. 

Finally, plans for Privacy Week (11-15 May) have now begun in earnest. In addition to events being planned currently by our dedicated Auckland and Wellington KnowledgeNet chapter chairs, the NZ privacy commissioner has announced plans for a one-day Privacy Forum in Wellington that will focus on mandatory breach reporting, international developments (including EU adequacy), children’s privacy (on that, check out the IAPP’s podcast on the ICO’s "Age Appropriate Privacy Code"), and smart technology. 

Thanks for reading, and enjoy the digest. 

Nga mihi nui