One Register to Rule them All: the privacy implications of person-level tracking
Bonnie Flaws
Part two of a four part series, you can read part one HERE.
- The Statistical Register being created by Stats NZ doesn’t appear to fit with the Privacy Principles
- Stats NZ has certain exemptions from the Privacy Act in order to fulfil its statistical and policy functions
- AI can easily re-identify anonymised data with a few data points, so anonymity can’t be guaranteed
- Stats NZ would be in a position to engage in data matching (cross-referencing identifiers across databases)
- An explanation of terms can be found here
A persistent ID that links data from all agencies – and beyond – does not seem to fit the Privacy Act Principles.
Information Privacy Principles (IPP) say agencies must not assign a unique identifier that is the same as one used by another agency unless necessary, and that the use of a persistent identifier must not lead to unintended tracking or cross referencing beyond the intended statistical purposes. Hence we have different numbers for our passports, drivers license and tax.
“But a Statistical Register like the one being created, does just that”, says a Stats NZ insider who spoke to me on condition of anonymity.
They remain unclear about the legal basis for what Stats NZ is doing.
In light of the Manurewa Marae scandal, the Privacy Commissioner Michael Webster scolded Stats NZ and Health NZ for their roles in the mismanagement of private data. He said agencies “must be better at privacy”, and that “the protection of personal information needs to be treated as a priority”.
Yet notably, Stats NZ has not even consulted the public on the creation of its Statistical Register and Persistent Unique Identifier, a basic first step in transparency.
When I asked the Office of the Privacy Commissioner for comment, I was sent Privacy Impact Assessments for the IDI and the use of admin data in the 2018 and 2023 census.
- Privacy impact assessment for the Integrated Data Infrastructure
- Integrated Data Infrastructure: Overarching privacy impact assessment
- 2018 Census independent privacy impact assessment
- Privacy impact assessment for the use of admin data in the 2023 Census.
Here is the response:
“OPC has been briefed for several years on the proposed use of administrative data by Stats NZ for statistical purposes and more recently its potential use in future Census’.
Stats NZ continues to engage with OPC as they progress this work.
OPC would expect Stats NZ to continue to ensure strong privacy and confidentiality protections are built into the use of administrative data for general statistical and Census purposes, including undertaking Privacy Impact Assessments.”
When I asked about PIAs for the Statistical Register and admin-first 2028 census, and whether or not this new project complied with privacy law, including the use of persistent unique identifiers, I received no further response.
Weak privacy laws and permissive data gathering power
Whether the Data and Statistics Act 2022 grants Stats NZ specific exemptions from certain provisions of the Privacy Act 2020 to facilitate the collection and use of data for official statistics, remains a matter of interpretation that has not yet been tested, according to University of Auckland Associate Professor in Commercial Law, Gehan Gunasekara.
But a general characterisation would be that New Zealand has weak privacy laws and permissive data gathering powers, he says.
The Act authorises Stats NZ to collect, use and disclose personal information in ways that might otherwise conflict with the Privacy Act’s IPPs. This is because, for the most part, the IPPs do not apply to personal information used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned.
But Gunasekara, who specialises in information privacy, says this is where technological developments are increasingly causing strain on the privacy principle to protect anonymity.
Anonymisation can be hacked
Gunasekara says Stats NZ having a persistent real time record of every person is a concern for a number of reasons.
“They have got a lot of powers under the Act. They can source data from public sector agencies very widely, but it’s not clear to me that that allows them to engage in data matching as it were. Sourcing data is one thing, building an integrated system where you can exchange information both ways and match it [is another].”
What is called demographic data or microdata is meant to be anonymised, but Gunasekara says generative AI and large language models mean that there can be no guarantee of anonymisation.
“There are a lot of studies that show that anonymisation is not what it’s meant to be. You can easily reverse that with large language models, and generative AI can easily go through a very large data set and find the links between the various data points and then identify people.
It can also make mistakes. So I’m not saying this is a perfect science and the generative stuff that is available to you and [me] is pretty basic. But there are paid models and people who have developed their own, and they are far more effective. And most companies would have access to those kind of platforms. You could crack open an anonymised data set quite easily – so that is not really an assurance.”
In one example from 2019, re-identification techniques developed by Imperial College London and the University of Louvain were used by journalists at the New York Times to reveal Donald Trump’s tax returns from the 80s and 90s.
“But it seems they are going a bit further with this persistent unique identifier because I don’t see what the point of that is unless you want to identify somebody or to know it’s the same person – even if you don’t know their name or exact identity. What purpose does that serve? That is what I am not quite clear about.”
Another issue Gunasekara foresees, is a weakening of the privacy principle that data should not be kept for longer than necessary. He says New Zealand is already weak in terms of getting rid of data, and most jurisdictions have this problem.
“Once you get a system like what Stats is developing, there will be more pressure on people not to delete data because it could be useful. They will say ‘we will anonymise it, we can hash it’, but that is a cop-out because you can reassemble it.”
Manurewa Marae and data privacy breaches
Gunasekara says the lessons of Manurewa Marae are already very clear. With such permissive data collection and data sharing laws, abuses can happen.
In the context of the 2023 census, the marae was empowered to collect information and also likely given information to facilitate this – but in all cases where people are given information or authorised to collect it for Stats NZ, they are required to give confidentiality guarantees before doing so. These obligations weren’t followed.
“Section 42 of the Data & Statistics Act says that anyone who is delegated to collect or handle information needs to complete a confidentiality certificate. That was not done.”
This certificate requires individuals to acknowledge and commit to maintaining the confidentiality of data they handle, and it must be done prior to commencing any duties.
He says the breaches raise questions about competence and whether oversight is up to par, especially now that Stats NZ is developing a Statistical Register capable of large-scale data matching.
“If you are going gung-ho and developing more types of information sharing and exchanges then the question is, are there commensurate safeguards?”
Data matching
Data matching is allowed under the Privacy Act for specific purposes and with certain safeguards, and is likely not a breach of the Data & Statistics legislation on a “modern interpretation of the functions of Stats NZ – public use and benefit and collection of data”, he says.
“This can probably be said to include matching and comparing datasets. My concern is there needs to be more transparency around it and social license and also oversight by Privacy Commissioner, which would be the case if information sharing occurred under the parallel Privacy Act provisions.
“Given the failures of the past, there needs to be extra effort put into transparency and social license, to show what value is going to be derived. And what commensurate privacy safeguards are going to be put in place, because when you start to hear things like ‘persistent unique identifier,’ people start to wonder.”
So far, my anonymous source and an expert in privacy law are both unclear about the legality of this activity by Stats NZ, and the OPC has not helped to illuminate the situation.
At a minimum I think we can say the situation is murky.
Follow up questions were put to Stats NZ but they are now treating it as an OIA request and were not able to respond in time for publication. I will update readers with any response I receive in due course.
SUPPORT OFFGUARDIAN
If you enjoy OffG's content, please help us make our monthly fund-raising goal and keep the site alive.
For other ways to donate, including direct-transfer bank details click HERE.
Some recent server maintenance resulted in a loss of a small amount of data, including some of the comments left under this article. We are attempting to retrieve them but it may not be possible, and apologize for the inconvenience.
Thanks Kit.
Dem Gremlins been at it again.
Being a die-hard conspiracy theorist, my Spider senses are tingling – maybe the lizard people zapped them, (says I tongue in cheek), or maybe they were just plain old deleted.
I have also my silver hat on and notwithstanding what Kit is desperately trying to say, I want to emphasize that mossad is still a suspect!
The problem is that Mossad is the only ever suspect. No other humans on the planet could ever have done such a dastardly deed or even any such dastardly deed.. Such as failing to backup one server to another.
Motive-opportunity-means often tend to go out the window under such circumstances.
In which case, there’s often a need to the broaden the investigation to the more plausible.
Dispensed with some of my more regretted posts. So it’s all good.
The eternal lure of the ‘update’ 🤔
My early lost(?) comment was something along the lines of:
They already have full spectrum surveillance through our medical records, purchases, bank details, work histories, travel, internet usage etc.
What the fuck else do they need to know?
Are they looking for revolutionaries or spies? I doubt it.
Those Corparasites just wanna sell more Shit. Algorithms RULE!
They are counting on compliance using blackmail. All the data they have data gathered over the years on the individual must contain gold. Selling us more shit is way down the ladder. Forcing us into a system of complete control is at the top of the list.
They’ve had control for decades, centuries even.
We school, we work, we shop, we drink, we breed, we watch shit, we die.
Unless _ _ _ _ we create.
This time it’s different, Johnny.
Just wearing that Che Guevara T-shirt will have your name added to Ze List of domestic terrorists and your future spawn genetically erased. Think, Johnny, think. You know the end game.
Feds under the beds hey?
Holy shit.
They no longer need to hide under the bed. They create crises so they can do it right out in the open for our “safety.”
Under you bed, in your head.
They know what you downloaded last Summer.
Calm down for Iran. The great Islamic nanotechnology revolution was not in vain.
Ok. That means that everybody on this clown globe counts artificial lolita dolls, plastic dildos, artificial reality and artificial Intelligence as something to be.
Could Moslem Leadership please explain the divine thing in Artificial this and that?
Have you forgotten Michael Hudson? Lord, but the man makes sense of what’s happening. He must be in his 90s– but then history is just something he actually lived, not something he read about. You must listen to this.
https://michael-hudson.com/2025/01/as-good-as-it-gets/
We here think we’re seriously unraveling things. Nothing like that, however, as it turns out.
I click around in conspiracy sites (we’ve all done it), just walk around to keep fit and not have to get to the insidious wearable RFKjr devices, and click by click I get to… don’t kill the messenger… Wes Penre. : ) (He sells a lot of books. There is also a substack, as it turns out, such as “Putin’s/multipolar’s strategist,” according to some, such as I.D. – Dugin, and Donny Dark Maga’s “dark enlightener,” Yarvin.) Of course, I immediately head to the latest statements of the teacher to find out the truth about the hot questions: Q&A SESSIONS June 22, 2025
Everything became clear to me. I hope for you too.
It seems to me that the potential for if not the actual practice of data matching in the US and its colonies already exists through what’s euphemistically called a social security number.
“It couldnt happen here !” ?
https://reclaimthenet.org/germany-emoji-fine-woman-vigilantism-online-speech-crackdown
(I wonder if thumbs down is still legal ?)
What’s going on A1 and A2?
Two comments gone.
Someone hit the delete button by mistake?
Two comments? People, people, hello, is there a connection? Do you only look at your own comments? Disappeared between one and two days of all comments (and not only), (1.5-2 days according to my estimate by eye, from about the late 28th to earlier today, I was online and was just writing a comment when it happened). Why, in your opinion, would be deleted between one and two days? Maybe it’s something else, external, do you think?
Which does not mean that it is tactful to continue commenting on the matter, the sophisticated gentlemen know the manual of good manners towards the host.
I read most comments, but I don’t memorise them.
It’s the YouTube effect 😉
Mi6 rule prevails over here: no decent dissent. You comments are wiped as if they never existed.
They want to silence you because you love Donald and the (((company))), and that’s why they did it. All the other missing comments of all the other commentators, from the last between one and two days to now, just fell victim in the process; but it was all because of you. !!
Leading scientist: “This is the future of McDonald’s”, video
https://substack.com/@lastcall1/note/c-129946231
Good sentiment in the article but most people do not realize that they ‘do business as” their juridical person, their NAME as shown on all their legal documents which is really a sub-corporation of the STATE, another corporation which created the NAME from the registration of the birth certificate or naturalization process.
All data is attached to the NAME, which being a juridical person, falls into the jurisdiction of Commerce, UCC and ultimately Unidroit law, based in Rome.
Has anyone ever though of drug testing these people, that might be enough to scare away the problem
Health NZ / Stats NZ: “Make New Zealand Healthy / Stealthy again”
Is it just me or have lots of comments in the previous article and perhaps this one too have disappeared?
A glitch in the matrix.
Yes. It’s not just you. I also notice, and this is kind of strange, up-votes disappearing.
On top of that the supermarket lost my rewards points. Can you imagine somebody hacking your supermarket rewards card. Sheesh.
A sad indictment of the times. If ain’t nailed down they’ll steal it. Reminds me of charity boxes in shops needing padlocks and chains to stop thieving scrotes doing a runner with them.
Hopefully, it wasn’t that many points, worse had it been your bank account that was hacked. I’m guessing that someone hacked your online supermarket points account, rather than accessed the points through the physical card.
When wages go down and/or prices go up, shoplifting and robberies rise, the super-rich close some shops, their familirs have to drive further, or more more enforcers swarm around at public cost. The ID thing is part of the delusion that denies this reality.
The entire 29th. article The Real National Emergency..” has disappeared. Too hot for someone.
The link to part1 at the top of this post isn’t working for me. Anyone else have a problem?
“…you can read part one HERE.”
FYI, no link! It looks like “HERE” was meant to be a hyperlink, but someone forgot to actually add the link bit. 🤔
There is no link even if you look at page source ; epic html fail. 🙂
But what a great article! Government C21st style – make all the rules and break them 🙂
Subverted legislators go along, exempting the little Napoleons in government from every restriction imposed on the little people.
Is it true that all Brits are all organ donors by law?
You have to opt out, which I’ve done.
You consent when you dont dissent.
Australian’s medical records were hoovered-up by the national government.
Your not ‘opting-out’ was taken as your consent, though your ‘opting-out’
was ignored anyway…
A local medical doctor was hounded by public health authority because he
didnt have his patient’s files on computer… They couldnt hoover-up his
doctor-patient privacy files…
How do you opt out?
The only opting out they want for the plebs, is opting out of life.
Seriously, to opt out tell your GP, or go online to do it. Whether that wish will respected is a totally different thing.
There is a list of eager
vulturesbuyers and their clients with cold, hard readies willing and able to skip the queue and ensure that a donor’s organs are picked over like a carcass. Nothing goes to waste I am sure.If they can make money from any part of you that opt out option won’t mean a thing unless you have a signed document.
According to someone out of the audience from a recent live appearance in the UK by UK Column you can’t just opt out on the gov site but you need to send your drivers license to the relevant UK agency and have the code on there (which automatically make the holder a donor) changed to a non-donor. This was apparently news to the UK Column team as well.
Are you looking for?
Are you doing a bit of organ harvesting on the side?
Got some kidneys, hearts, lungs, spleens to go?
I hope no-one here needs a brain transplant. What’s available in the outside world doesn’t seem great. You may come back wanting a few Covid-1984 boosters, a chip implant and joining Faecesbook and Instascam.
PS. It seems someone is downvoting all your comments. Have an upvote.
See my comment to Paul Cardin
Run the logic.
Digital data is virtual, not reality based, totally plastic and can exist or not exist without trace. It is a tool only and should never be used for any other purpose, such as replicant realities. As replicant realities, it’s manifestations are infinite and thus totally insecure at all times. Unless kept isolated offline. Any interconnection, like networks, web or clouds makes access always possible. Those who are foisting digital as virtualized realities, that administer automated and human activity, are ignoring the implications and charging ahead blindly.
For digital, connection is access, period. Wireless devices and environments establish an equally accessible and insecure access network where the totally plastic contents can be access, altered, deleted, reprogrammed or commanded to do anything interconnected that can be affected. Individual workstations that are not connected to wired or wireless environments, are secure. Just as someone’s cursive notebook is secure. Until read or fraudulently altered, which would be extremely difficult. Reality, unique physical things in the real world, are secure of their own nature. Creation is difficult. Humanity has lived with natural innate security from fraud, until digital arrived.
We now live in a world of completely vulnerable virtual environments, simulating realities that serve only to profit the owners of those environments and to control users from any personal agency. These connected simulations, all of us users work daily, are two-way mirrors. The owners see us. We see whatever they project, like a mirror. It’s a trap, a cage.
IMHO, the only way out is to disconnect from the connection networks of virtual simulations and return one’s life to rules of physical reality as much as possible. Selective intelligent use only. All wireless devices should be first to go. (“Convenience” will kill us.) Smartphones should only be used to keep from being fired. Wireless is permanent, all around connectivity that will be required for their IoT remote control economic society. Dump it NOW. Powerline adapters and fiber can give you, as desired, ethernet connectivity. They cannot track you if you are not connected. Work offline, and jack-in, only as needed.
Imagine if society stopped using their smartphones for one week. Our overlord’s brains would explode. We have the power. Imo.