Abstract:
Online, personal information often moves across territorial boundaries. To what extent do national data protection laws apply in this context? Information may be entered and stored on offshore servers connected to the keyboard where the user of the website resides. This raises issues about the location of the collection of the information. However, even if data is not being collected in New Zealand, it may still be within the scope of the Privacy Act 1993. It will be argued that the Privacy Act 1993 ought to provide a more effective means of controlling certain information held overseas. The traditional territorial approach to jurisdiction is abating in relation to other areas of the law. It is particularly anachronistic when applied to data transferred on the internet. Larger and larger amounts of personal information are being divulged in an online context. While this information will facilitate transactions, it is also a danger to consumer confidence in online commerce. The cross-border and extraterritorial effect of national data protection laws provides a means of safeguarding the privacy rights of users of the internet, while at the same time providing levels of reassurance necessary for the expansion of online commerce.