KEITH LOCKE (Green):
The Green Party will support the Privacy (Cross-border Information) Amendment Bill. It is driven by the correct concern of the European Union to have private information on databases etc. protected when that data goes to or through other countries. It is great that the European Union is leading the world on this issue and pulling countries like New Zealand in behind. It is good that the select committee appended to its report the Basic principles of national application set out in Part Two of the OECD Guidelines, because they are very good principles. They state that there should be limits on the collection of personal data, and that there should be a specific purpose for which data is collected, so that it is not just a “broad-brush” collection. The principles also include a use limitation principle, ensuring that data will only be disclosed for particular purposes and to the right people and the right authorities. There is an openness principle, which states that systems should be open and transparent, and a security safeguards principle. The individual participation principle states that individuals should have the right to know if they are on a database. In the New Zealand case, of course, they should be able to gain access to that information. If the information is wrong or dated, it should be erased or changed. The accountability principle states that the whole system should be accountable. They are very good principles and what we are doing with this bill today will help implement them, particularly the thing that previous speakers have mentioned, which is the prevention of information-gathering that avoids European Union privacy laws by passing through New Zealand and on to a country where there are no proper privacy laws. The European Union has had an ongoing battle on this issue, particularly with the United States. That is very relevant to us, because we have very close connections, including the passing of private data between New Zealand and the United States. One of the areas where the European Union has had a battle with the United States authorities is in relation to data about people who travel on airlines. For a few years the American authorities wanted every bit of information that an airline passenger might have used to purchase a ticket and board the aircraft, including the credit card numbers of anyone who bought their ticket by credit card. The European Union said that was too great an intrusion into privacy, and there have been big debates on that matter in the European Parliament and at European Union negotiations. Last month they reached an agreement in terms of what data and what more limited amount of data would be passed on to the US authorities. The other dimension where there has been a big argument is in relation to financial transactions information that passes through the SWIFT computer system. SWIFT is an international bank trading reconciliation system, involving virtually every overseas transaction, including New Zealand banking transactions. New Zealand banks are among the 9,400 banks that are signed up to SWIFT. All that information passes through the SWIFT system, which is based in Europe with a mirror unit in the United States.
The United States said to the European Union because it had SWIFT on its territory that it wanted access to every transaction in order to run it through its terrorist database. The United States said that for security reasons it wanted access to all the financial transaction information. After long negotiations the European Union and the United States reached an agreement. I am not sure of the details; I have not studied it to see whether it is a satisfactory agreement. But it does allow the United States access to that information with certain controls. There will be a European Union representative stationed in the United States to monitor whether the privacy concerns of the European Union are upheld and whether all those principals that I outlined in the appendix of the report back from the Justice and Electoral Committee are being properly upheld. I think it will be challenging because the reality is that—and we found this in previous legislation that has passed through this House—when we talk about passing on, for example, customs information to the United States the idea of passing it to a specific agency in the United States only for use by the agency and for it not to be passed on by that United States agency to some other United States agency has broken down a bit, particularly with the establishment of homeland security, which incorporates a whole lot of agencies that are separate in New Zealand or separate in the European Union countries. So it is very hard to prevent that data crossing all sorts of boundaries in the United States. Secondly, there is the problem of the very loose nature of the United States databases and its very weak privacy laws. I do not think has really been solved yet in the United States. The terrorist database in the United States, as I understand it, has 800,000 names. Well, there are hardly that many dangerous terrorists running around. When people investigated that database and done official investigations and tests to see how accurate that information is they found that there is a huge error rate—up to one-third of the entries are wrong. So there are the problems with all sorts of peoples’ privacy being intruded on that should not be and various people finding it difficult to get on airlines. Cat Stevens was here recently on a singing tour, and he was excluded from the United States because he ended up on the American database, so he was hauled off the plane, etc. There are big problems still with that. I think it is important that we are on our toes, particularly in our dealings with the United States, and working with the European Union to make sure there are better privacy systems and data protection, particularly in the United States. But that is also important for other countries around the world. We want to be a model in that respect. I think what the Privacy Commissioner has done in this area has been fantastic, too. Not only on this bill but on other bills the Privacy Commissioner has insisted on being involved in vetting the regulations worked out to make sure that privacy principals were upheld in earlier legislation, for example, that relating to customs. It was the Privacy Commissioner who was very insistent that any data sent overseas should be for a particular purpose, for a particular agency, and not to be generally transferred. So with those few comments, I would like to like indicate that the Green Party will be supporting this bill. Thank you.