The Privacy Commissioner hopes reform of the Privacy Act, sparked by a wide-ranging Law Commission study of privacy, will enable her office to investigate and pursue remedies for “generic” infractions of privacy, without having to wait for clear demonstration of harm to one or more individuals.
Commissioner Marie Shroff raised the possibility in the course of a discussion of NZPost’s massive Genius population survey yesterday at the NetHui organised by InternetNZ in Auckland yesterday.
Legal advice to the Commissioner said Post’s “renting” of the survey results to third parties for marketing purposes was a breach of privacy principles, but not a breach of the Privacy Act itself, because it had done no demonstrable harm.
“I hope the Law Commission will look at this issue; generic harms are quite difficult to deal with, because often they don’t raise sufficient harm to one person to enable it to be addressed [as a breach of the Act],” Shroff said. “Maybe that’s a loophole for some of the bigger companies.”
She compares the situation to thinly-spread air pollution. One speck of carbon is not of itself harmful, but many of them constitute pollution even though no one person can demonstrate significant harm. “When there’s a tiny bit of harm to a million people, then I think we have a problem,” Shroff said. “There is privacy pollution.”
Meanwhile, NZPost spokesman John Tulloch has clarified a question that puzzled some media and members of the public. How does Post “rent” the Genius information and claim it back at the end of the designated period during which the customer is allowed to use it?
Post seeds the lists of records with fictional customers, Tulloch explains. Any marketing material sent to those addresses will go to NZPost, so it will know the survey is being used in breach of the contract and will be able to exact appropriate penalties from the customer company.