Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Privacy Act 2020

Print | Email this page

Biometric Processing Privacy Code 2025

A woman stands and puts her finger into a fingerprint scanner to gain access to another space. She has a brown bobbed hairstyle with a fringe and wears a blue business shirt and blue jeans. She is carrying a notepad. About the code

The Biometric Processing Privacy Code 2025 was issued on 21 July 2025.

The Code came into force on 3 November 2025, but agencies already using biometrics have a nine-month grace period to move to the new set of rules. That transition period ends on 3 August 2026. 

The Code, made under the Privacy Act, sets out the privacy rules for organisations and businesses who collect and use people’s biometric information in biometric processing.

Biometric processing is the use of technologies, like facial recognition technology, to collect and process people’s biometric information to identify them or learn more about them.

Biometric information relates to people’s physical or behavioural features. For example, a person’s face, fingerprints, voice, keystroke patterns, or how they walk.

Read the full Code

Biometric Processing Privacy Code 2025 (opens to PDF, 277KB).

Guidance about biometrics

We have full and detailed guidance for agencies wanting to use biometric technologies. Read the guidance and use case examples in our Resources and Learning section

Read our summary factsheets

What's changed?

We made some changes to the Biometric Processing Privacy Code based on the feedback received in our recent public consultation on a draft version. These changes are outlined in our 'What's changed' document (opens to PDF, 180KB). Most of the changes are minor or drafting improvements. Many of the rules have stayed the same.  

Submissions received 

Between December 2024 and March 2025, we consulted on a draft version of the Code and received 146 submissions from members of the public, businesses, organisations, and government agencies. In line with our notification to submitters, we have published submissions received.  

Report: Summary of submissions on Biometric Processing Privacy Code consultation

(opens to PDF, 365KB)

Submissions received from members of the public - Part 1

(opens to PDF, 6.9MB)

Submissions received from members of the public - Part 2

(opens to PDF, 5.1MB)

Submissions received from businesses and organisations - Part 1

(opens to PDF, 9.92MB)

Submissions received from businesses and organisations - Part 2

 (opens to PDF, 5.4MB)

Submissions received from government agencies 

(opens to PDF, 4.3MB)

The draft Code was assessed for consistency with the New Zealand Bill of Rights and other human rights obligations by external legal counsel (Ben Keith, barrister). Read this assessment.  

Read about the history of the project.

Back to top