LAWCOMM 746: Data Privacy and the Law

Course details

Semester: Two
Type: Intensive
Dates: 2,3 and 4 September 2020
Time: 9am - 5pm
Venue: Room 332, Building 810, 
1-11 Short Street
Points: 15

Lecturer biography

Gehan Gunasekara is an Associate Professor at the University of Auckland Business School and specialises in the areas of franchising law and information privacy law. He has published widely in these areas both locally and overseas. He is especially interested in the issue of business compliance with privacy laws which increasingly span national boundaries. Gehan was a member of the academic reference committee for the Review of the Privacy Act 1993 by the Law Commission, completed in 2011. His research has been cited by the Canadian Privacy Commissioner, the Australian Law Reform Commission and adopted by the New Zealand Law Commission in its recommendations on the cross-border transfer of personal information.

Gehan teaches Law in a Business Environment, Commercial and Corporate Law (in the Graduate School of Management), Franchising Law and Data Privacy Law. He has commented in national media on issues concerning both privacy and franchising and is a member of the International Association of Privacy Professionals (IAPP/ANZ) and is Deputy Chair of Privacy Foundation New Zealand.

Course outline

This course examines the rapidly developing field of data or information privacy from a conceptual and a global standpoint. It evaluates the challenges data privacy faces from technological developments and from competing interests. The course evaluates the risks posed to privacy in the online environment and difficulties in the application of the Privacy Act 1993 to phenomena including Big Data, the Internet of Things and Metadata. Proposals for overhaul of the Act are evaluated against developments overseas. The importance of information privacy for businesses (especially those operating across more than one jurisdiction) is examined as well as the implications of future regulatory trends emanating from overseas.


The following areas will be covered:

  • The rationale for data privacy law, its relationship to other sources of privacy law and to competing interests
  • International influences on data privacy and national divergences
  • Online privacy: the Internet and social networking
  • The Privacy Act 1993: dispute resolution & enforcement
  • The Privacy Bill and General Data Protection Regulation (GDPR) contrasted
  • Application of the Privacy Act in Employment and other selected areas.


Students who complete this course should be able to:

  • Consider the jurisprudential basis for and conceptual difficulties associated with data privacy as a discrete legal right
  • Evaluate the sources of data privacy law in New Zealand and globally
  • Explain the importance of Information Privacy law globally, the technological challenges it faces and its implications for business and individuals
  • Examine the scope of the Privacy Act, how it is enforced and its dispute resolution process
  • Evaluate the implications for individuals and agencies of the major changes contained in the Privacy Bill
  • Apply data privacy concepts in employment and other selected areas.

Recommended texts

Reference will be made, in particular, to several chapters contained in the following book. You are encouraged to refer to this for reference (copies are available on short loan at the Davis Law Library). These references may be found under “recommended reading” or referred to under “see also” in the canvas reading lists.

  • Lee Bygrave Data Privacy Law: An International Perspective (Oxford University Press, Oxford, 2014)
    • DAVIS LAW LIBRARY Short Loan (2 hour) (KN347.9 BYGi)

An earlier book containing a comparative treatment of the origins of data privacy law is:

  • James Rule and Graham Greenleaf (eds), Global Privacy Protection: The First Generation (Edward Elgar, 2008)
    • DAVIS LAW LIBRARY 5 day loan (KM209 P7 RULg)

Useful background reading is:

  • Daniel Solove, Understanding Privacy (Harvard Press, 2008)
    • DAVIS LAW LIBRARY Short Loan (2 hour) (KM209 P7 G1 SOLu)

A useful treatment of the wider development of privacy law in New Zeeland is contained in:

  • Stephen Penk and Rosemary Tobin (eds), Privacy Law in New Zealand (2 ed.) (Brookers, 2016)
    • DAVIS LAW LIBRARY 5 day loan (KM209 P7 L1 PEN)

For black-letter law on the Privacy Act an essential reference work available through the library electronic database is the excellent commentary by Paul Roth Privacy Law and Practice (looseleaf ed, LexisNexis).

Assessment and criteria

  • 90% research essay (6,500 words due by 4:00 pm, 19 November 2020)
  • 10% class participation

Class participation will be based on students’ contributions to discussions in the seminar sessions. Each student will be assigned one or more focus questions from the Learning Guide and will be expected to present this to the rest of the class. In addition, each student is expected to make individual contributions to seminar discussions including being prepared to critique the views expressed by the lecturer and by other students. Students will be individually assessed on the quality of these contributions.

  • Students will be individually assessed on the quality of their contributions with reference to the following criteria:
  • the extent to which the student has identified the important and relevant issues,
  • the depth and thoroughness of understanding of the seminar materials,
  • the strength and clarity of the arguments presented,
  • the extent to which issues are placed in their wider context,
  • the extent to which the student has displayed a grasp of the doctrinal and normative issues.

Contact details

Postgraduate Law Centre
Level 2, 1-11 Short Street