CookieChimp Logo
Get Started

Guide to New Zealand (Privacy Act) Cookie Consent Compliance

Complete technical implementation guide for New Zealand privacy regulations. Learn about consent requirements, banner elements, record keeping, and technical specifications.

Opt-out Children's Privacy Rules

Summary

This guide provides comprehensive technical implementation requirements for New Zealand (Privacy Act). Transparency and opt-out approach; emphasis on privacy notices and user controls.

This jurisdiction follows an opt-out consent model, meaning websites can place certain cookies initially but must provide clear mechanisms for users to opt-out of non-essential tracking. Users must be informed about cookies and given easy options to refuse them.

Additional requirements for this jurisdiction include: special protections and consent mechanisms for children's personal data.

Website owners and operators subject to these regulations must implement compliant cookie consent banners, maintain proper consent records, and ensure their tracking technologies respect user privacy choices. This guide outlines all technical requirements needed to achieve compliance.

Key Requirements Overview

Consent Model
Opt-out
Default State
Mixed
Cookie Walls
Discouraged

Technical Requirements

Prior consent for non-essential cookies
Purpose granularity required
Equal prominence for accept/reject buttons
No pre-checked boxes allowed
Dark patterns prohibited
Proof of consent required
Local storage covered by regulation

Implementation Guidance

Focus on transparency and easy opt-out mechanisms rather than upfront consent.

Special Protections

Children's Privacy

Additional protections for children's privacy.

Sensitive Data

Care required for sensitive information.

Record Keeping Requirements

Required Consent Record Fields

For each consent action, you must maintain records containing:

  • Timestamp ISO
  • Opt Out Status
Re-consent Trigger: Not Required Generally

CookieChimp handles all of this automatically. Our platform maintains comprehensive consent records including all required fields, timestamps, consent strings, IP addresses, user agents, and more. Records are securely stored and easily exportable for compliance audits. Learn more about our consent management

Legal Disclaimer: For engineering implementation guidance only. Not legal advice. This guide provides technical implementation guidance only and should not be considered legal advice. Privacy laws are complex and frequently updated. We recommend consulting with qualified legal counsel to ensure full compliance with applicable regulations.

Explore Other Jurisdictions

View All

Australia (Privacy Act)

Australia

Opt-out

Transparency and opt-out approach; no specific cookie consent law. Notice and user controls required.

Learn more

EU (GDPR + ePrivacy Directive Art. 5(3))

EU/EEA

Opt-in

ePrivacy governs cookies; GDPR governs personal data.

Learn more

UK (UK GDPR + PECR)

United Kingdom

Opt-in

PECR governs cookies; UK GDPR governs personal data.

Learn more

California (CPRA/CCPA Regs)

United States - California

Opt-out GPC

Covers 'sharing' for cross-context behavioral advertising.

Learn more

Colorado (CPA)

United States - Colorado

Opt-out GPC

Targeted advertising and sale require easy opt-out.

Learn more

Virginia (CDPA)

United States - Virginia

Opt-out

Opt-out rights for targeted ads and sale; no mandatory GPC recognition.

Learn more