Digital Policy Alert logo

New Zealand: Biometric Processing Privacy Code 2025 enters into force

Policy overview

Description

Biometric Processing Privacy Code 2025 enters into force

On 3 November 2025, the Privacy Commissioner Biometric Processing Privacy Code 2025, issued under the Privacy Act 2020, enters into force. The Code strengthens existing notification, purpose, and transparency obligations and introduces a requirement for agencies to conduct a proportionality assessment weighing the privacy risks and public benefits of biometric processing, as well as to implement appropriate privacy safeguards. It applies to all biometric identification, verification, and categorisation activities except those carried out by health agencies handling health information, and restricts biometric categorisation for purposes such as emotion or personality analysis. The Code also establishes conditions for overseas disclosure of biometric information to ensure comparable data-protection safeguards. Existing biometric systems have to comply from 3 August 2026.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
other service provider, infrastructure provider: cloud computing, storage and databases
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2023-07-25
in consultation

On 25 July 2023, the New Zealand Office of the Privacy Commissioner (OPC) opened a consultation on …

2023-08-27
processing consultation

On 27 August 2023, the Office of the Privacy Commissioner (OPC) closed its consultation on a potent…

2023-11-23
under deliberation

On 23 November 2023, the Office of the Privacy Commissioner announced its intention to seek public …

2024-04-10
in consultation

On 10 April 2024, the New Zealand Office of the Privacy Commissioner (OPC) opened a public consulta…

2024-05-08
in consultation

On 8 May 2024, the New Zealand Office of Privacy Commissioner (OPC) closed its public consultation …

2024-12-18
in consultation

On 18 December 2024, the Privacy Commissioner opened a consultation, due to close on 14 March 2025,…

2025-03-14
processing consultation

On 14 March 2025, the Privacy Commissioner closes its consultation on a draft Biometric Processing …

2025-07-21
adopted

On 21 July 2025, New Zealand’s Privacy Commissioner adopted the Biometric Processing Privacy Code 2…

2025-11-03
in force

On 3 November 2025, the Privacy Commissioner Biometric Processing Privacy Code 2025, issued under t…