Book a demo Log in / Sign up

Cookie Consent Notice Template for New Zealand

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Cookie Consent Notice?

The Cookie Consent Notice is essential for any organization operating a website in New Zealand that uses cookies or similar tracking technologies. This document became particularly important following the implementation of the Privacy Act 2020, which strengthened requirements for transparency in data collection and user privacy. The notice must be displayed to users before deploying non-essential cookies and should clearly explain what cookies are, how they are used, and provide users with options to manage their preferences. While New Zealand doesn't have specific cookie legislation like the EU's GDPR, the Cookie Consent Notice helps organizations comply with privacy principles under New Zealand law, particularly regarding transparency and user consent in data collection.

Frequently Asked Questions

Is a Cookie Consent Notice legally required for New Zealand websites?

Yes, under New Zealand's Privacy Act 2020, websites must obtain informed consent before collecting personal information through cookies and tracking technologies. The Act requires organizations to be transparent about data collection practices and ensure users understand how their information is being gathered and used. Failure to comply can result in privacy complaints and potential penalties from the Privacy Commissioner.

What are the penalties for not having a proper Cookie Consent Notice in New Zealand?

The Privacy Commissioner can investigate complaints and issue compliance notices for Privacy Act 2020 violations. Penalties can include requiring you to take specific actions, cease certain practices, or pay compensation to affected individuals. Serious or repeated breaches may result in prosecution and fines up to $10,000 for individuals or $25,000 for organizations.

How does a Cookie Consent Notice differ from a Privacy Policy under New Zealand law?

A Cookie Consent Notice specifically addresses cookie and tracking technology consent, while a Privacy Policy covers all personal information collection and use practices. The Cookie Consent Notice appears as a pop-up or banner to obtain active consent, whereas a Privacy Policy is typically a static page providing comprehensive information about data handling practices as required by the Privacy Act 2020.

How long does it take to implement a Cookie Consent Notice on my New Zealand website?

Implementation typically takes 1-3 days depending on your website's complexity and technical setup. This includes customizing the notice content, integrating the consent mechanism with your website, and configuring cookie management systems. Simple websites with basic tracking may be completed in a few hours, while complex e-commerce sites may require additional development time.

Can I use the same Cookie Consent Notice for customers in New Zealand and other countries?

While possible, it's generally better to customize notices for different jurisdictions as privacy laws vary significantly. New Zealand's Privacy Act 2020 has different requirements than GDPR, CCPA, or other international privacy regulations. A single notice must meet the highest standard among all applicable jurisdictions, which may create unnecessarily restrictive requirements for New Zealand operations.

What are the most common mistakes businesses make with Cookie Consent Notices in New Zealand?

Common mistakes include using pre-ticked consent boxes, burying the notice in terms and conditions, failing to provide clear opt-out mechanisms, and not updating the notice when adding new tracking technologies. Many businesses also fail to distinguish between essential and non-essential cookies, or don't provide adequate information about third-party data sharing as required by the Privacy Act 2020.

Does New Zealand's Privacy Act 2020 require consent for all website cookies?

No, strictly necessary cookies for website functionality (like shopping carts or security features) don't require explicit consent under the Privacy Act 2020. However, non-essential cookies for analytics, advertising, or social media tracking do require informed consent before deployment. The key is distinguishing between essential operational cookies and those that collect personal information for other purposes.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

New Zealand

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Notice

Sector

Business

Cost

Free to use

Last updated

About the Cookie Consent Notice

A Cookie Consent Notice is your website's first line of legal compliance when collecting user data through cookies and tracking technologies. Under New Zealand law, you must inform visitors about data collection practices and provide them with meaningful choices about their privacy. This document serves as both a legal requirement and a trust-building tool that demonstrates your commitment to user privacy.

When do you need this document?

You need a Cookie Consent Notice if your website uses any cookies beyond strictly necessary ones for basic functionality. This includes analytics cookies that track user behavior, marketing cookies for targeted advertising, social media integration cookies, or any tracking pixels and similar technologies. E-commerce websites, content platforms, marketing sites, and any business website with Google Analytics, Facebook Pixel, or third-party integrations require this notice. The document must be displayed before non-essential cookies are activated, typically through a banner or pop-up when users first visit your site.

Key legal considerations

Your Cookie Consent Notice must clearly explain what cookies are in plain language that average users can understand. You need to categorize cookies by type and purpose, such as necessary, functional, analytical, and marketing cookies. The notice must specify what personal information is collected, how long cookies remain active, and whether data is shared with third parties. Users must have granular control over their preferences, with easy options to accept, reject, or customize cookie settings. You cannot use pre-ticked boxes or assume consent through continued browsing. The notice should also explain how users can withdraw consent and manage cookies through their browser settings.

Legal requirements in New Zealand

Under the Privacy Act 2020, your Cookie Consent Notice must align with the 13 privacy principles, particularly around collection, use, and disclosure of personal information. You must have a lawful basis for collecting personal data through cookies, whether through consent, legitimate interest, or contractual necessity. If you transfer cookie data overseas, you must comply with cross-border data transfer requirements and inform users about international data sharing. The Fair Trading Act 1986 requires that your notice is not misleading or deceptive about data practices. For marketing-related cookies, consider the Unsolicited Electronic Messages Act 2007 requirements. Your notice should integrate with your broader privacy policy and ensure consistent messaging about data handling practices across your website.

GOVERNING LAW

Applicable law

This Cookie Consent Notice is drafted to comply with New Zealand law. Key legislation includes:

Privacy Act 2020: The primary legislation governing the collection, use, storage, and disclosure of personal information in New Zealand. It includes 13 privacy principles and requirements for cross-border data transfers.
Unsolicited Electronic Messages Act 2007: Regulates commercial electronic messages and could be relevant if cookies are used for marketing purposes or tracking email interactions.
Contract and Commercial Law Act 2017: Part 4 of this Act (Electronic Transactions) governs the legal requirements for electronic transactions and could affect how consent is obtained electronically.
Fair Trading Act 1986: Ensures businesses don't engage in misleading or deceptive conduct, which is relevant for transparency in cookie notices and privacy policies.
Consumer Guarantees Act 1993: While primarily focused on goods and services, it may be relevant regarding the quality and reliability of digital services that use cookies.

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it