Internet experts have warned of New Zealanders' carefree attitude to online privacy, saying that most of our personal data is held by foreign companies which are not subject to New Zealand law or ethics.

IT specialists, watchdogs, politicians, bloggers and others gathered yesterday in Wellington for a major privacy forum Think Big? Privacy in the Age of Big Data.

Minister of Justice Judith Collins told the forum: "A post or status update today may be capable of being retrieved in 5, 10 or 100 years.

"And there is no way of telling who might be able to retrieve that information in the future as personal information stored overseas is not necessarily protected from use and disclosure like it is in New Zealand."


British Telecom chief security technology officer Bruce Schneier said a change had occurred in the posting and collection of personal data online.

"Google knows more about what I'm interested in than my wife does.... and it is all stored and searchable. You are not Google's customers. You are the product they sell to their customers."

He said the undiscerning attitude towards privacy on the internet could develop into one of this generation's biggest regrets.

"The creation of data is the pollution problem of the information age. It's like a new industrial age... and we are going to be judged by our children on why we failed to deal with it."

Mr Schneier said most people still cared about their privacy, but many online companies deliberately made privacy agreements obscure and exhaustive.

Several panelists at the forum explained that many online companies compelled people to waive their privacy rights by instilling a fear that they were missing out on social interaction.

Ms Collins said law changes only partially solved online threats to privacy, and the public needed to put pressure on software providers to meet their privacy needs.

Some experts downplayed the threats of cloud computing, or the use of remote servers to store information.

Microsoft corporate affairs manager Waldo Kuipers said the privacy threat did not lie in Facebook or Twitter, but in the third parties the information was sent to.

Mr Kuipers said online companies' privacy agreements were often unreadable, and people should research a business' track record, leaders, and motives before signing up to them online.