Digital Policy Alert logo

New Zealand: Privacy Commissioner adopted Biometric Processing Privacy Code 2025

Policy overview

Description

Privacy Commissioner adopted Biometric Processing Privacy Code 2025

On 21 July 2025, New Zealand’s Privacy Commissioner adopted the Biometric Processing Privacy Code 2025, issued under section 32 of the Privacy Act 2020. The Code strengthens existing notification, purpose, and transparency obligations and introduces a requirement for agencies to conduct a proportionality assessment weighing the privacy risks and public benefits of biometric processing, as well as to implement appropriate privacy safeguards. It applies to all biometric identification, verification, and categorisation activities except those carried out by health agencies handling health information, and restricts biometric categorisation for purposes such as emotion or personality analysis. The Code also establishes conditions for overseas disclosure of biometric information to ensure comparable data-protection safeguards. It takes effect on 3 November 2025 for new biometric systems and on 3 August 2026 for existing ones.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
other service provider, infrastructure provider: cloud computing, storage and databases
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2023-07-25
in consultation

On 25 July 2023, the New Zealand Office of the Privacy Commissioner (OPC) opened a consultation on …

2023-08-27
processing consultation

On 27 August 2023, the Office of the Privacy Commissioner (OPC) closed its consultation on a potent…

2023-11-23
under deliberation

On 23 November 2023, the Office of the Privacy Commissioner announced its intention to seek public …

2024-04-10
in consultation

On 10 April 2024, the New Zealand Office of the Privacy Commissioner (OPC) opened a public consulta…

2024-05-08
in consultation

On 8 May 2024, the New Zealand Office of Privacy Commissioner (OPC) closed its public consultation …

2024-12-18
in consultation

On 18 December 2024, the Privacy Commissioner opened a consultation, due to close on 14 March 2025,…

2025-03-14
processing consultation

On 14 March 2025, the Privacy Commissioner closes its consultation on a draft Biometric Processing …

2025-07-21
adopted

On 21 July 2025, New Zealand’s Privacy Commissioner adopted the Biometric Processing Privacy Code 2…

2025-11-03
in force

On 3 November 2025, the Privacy Commissioner Biometric Processing Privacy Code 2025, issued under t…