Requires agencies using AI tools in New Zealand to conduct privacy impact assessments, ensure transparency, engage with Māori communities, and implement human review of AI outputs. Emphasizes compliance with the Privacy Act 2020 and its Information Privacy Principles.
Analysis summaries, actor details, and coverage mappings were LLM-classified and may contain errors.
This is a guidance document issued by the Privacy Commissioner that provides recommendations and expectations for agencies using AI tools. While it references the binding Privacy Act 2020, the document itself uses predominantly voluntary language ('should', 'recommend', 'may want to') and establishes expectations rather than enforceable obligations.
The document has good coverage of approximately 8-10 subdomains, with strong focus on privacy compromise (2.1), security vulnerabilities (2.2), false information (3.1), lack of robustness (7.3), lack of transparency (7.4), unfair discrimination (1.1), unequal performance (1.3), and overreliance (5.1). Coverage is concentrated in privacy, security, AI system safety, and discrimination domains.
This is a cross-sectoral guidance document that applies to all sectors in New Zealand where AI tools are used to collect, use, or share personal information. The document explicitly states it applies to business, government, and community organizations of all sizes, as well as individuals. Specific examples are provided for real estate, public administration, and educational contexts, but the guidance is designed to be universally applicable across all economic sectors.
The document covers all stages of the AI lifecycle comprehensively, with particular emphasis on the Plan and Design, Collect and Process Data, Verify and Validate, Deploy, and Operate and Monitor stages. It provides detailed guidance on privacy considerations throughout the entire lifecycle from initial planning through ongoing monitoring.
The document explicitly mentions AI tools, AI systems, and AI models throughout. It specifically addresses generative AI in detail, referencing the Privacy Commissioner's previous statement on generative AI. The document takes a broad approach to AI systems including machine learning, classifiers, interpreters, and automation. It does not explicitly mention frontier AI, general purpose AI, foundation models, compute thresholds, or open-weight models.
Office of the Privacy Commissioner (OPC); Privacy Commissioner; Government of New Zealand
The document is issued by the Privacy Commissioner of New Zealand, building on a previous statement of expectations from May 2023. The Privacy Commissioner is the regulatory authority responsible for privacy oversight in New Zealand.
Office of the Privacy Commissioner (OPC); Privacy Commissioner
The Privacy Commissioner has oversight authority for privacy compliance in New Zealand under the Privacy Act 2020. While this guidance document itself is not directly enforceable, the underlying Privacy Act obligations are enforceable by the Privacy Commissioner.
Office of the Privacy Commissioner (OPC); Privacy Commissioner
The Privacy Commissioner explicitly states they are monitoring AI tool developments and privacy impacts, with plans to update guidance over time. They invite ongoing dialogue about AI use cases and privacy issues.
agencies; business organisations; government organisations; community organisations; individuals; landlords; employers
The document explicitly targets all entities using AI tools in New Zealand, including businesses, government agencies, community organizations, and individuals. It applies to those collecting, using, or sharing personal information through AI tools.
11 subdomains (8 Good, 3 Minimal)