• Home
  • About us
  • Services
  • News and Resources
  • Events
  • Work with Us
  • Contact

A new Consumer Data Right in New Zealand

Amy Kingston-Turner
Director - Commercial

AUTHOR

KEY CONTACT

Katrin Lee
Legal Counsel

AUTHOR

KEY CONTACT

In a significant update in data privacy and usage regulations in New Zealand, there have been recent developments to the New Zealand Draft Customer and Product Data Bill (the “Bill“), which aims to establish a Consumer Data Right (CDR) in New Zealand.

Current Status and Scope

Currently before Parliament, the Bill has not yet been enacted into law. It defines “customer data” to include account histories, transaction records, and product usage information for individuals and businesses, which is distinct from the “personal information” protected under the Privacy Act 2020 (Privacy Act).

Impact on Businesses

Initially, the Bill will be applied to the banking and electricity sectors, with other sectors to be designated in the future. Companies outside these sectors should start considering how they might utilise their own customer data once the Bill becomes law.

Future Implications

Businesses in sectors designated in the future may be required to make product-related data about their customers available in machine-readable formats. This will help customers make informed decisions, facilitate comparisons, and enable easier switching of services. Businesses will need to improve their processes to manage and share customer data more efficiently and to remain compliant with the regulation.

The Bill may also require businesses to share customer-related data upon request, potentially raising confidentiality concerns. However, amendments to the draft Bill aim to limit the obligation to share commercially sensitive or proprietary data. Organisations will have opportunities to make submissions before their sector is designated.

Key Features and Updates:

  • Data Sharing: Customers can request data holders to share information with accredited third-party service providers, such as comparison websites.
  • Designated Sectors: The Bill initially applies to the banking and electricity sectors, with plans to extend to telecommunications, energy, insurance, and health.
  • Accreditation and Security: Accredited requestors must meet various criteria, including a ‘fit and proper’ person test and certain data protection and security requirements.
  • Declining Requests: Data holders can refuse requests under certain circumstances, such as threats to IT system security or requests made under the threat of physical or mental harm.
  • Privacy Integration: The Bill clarifies data requests are distinct from those under the Privacy Act. However, breaches of certain requirements under the Bill will be treated as having committed an “interference” under the Privacy Act, and contraventions relating to storage and security may be considered breaches of security obligations under the Privacy Act.
  • Penalties and Compensation: Penalties range from low-level infringement notices of up to NZ$20,000, through to fines of up to NZ$2.5 million for more serious breaches by companies.

 

Next Steps

The Bill encourages the continuation of industry-led solutions and aims to leverage existing standards and expertise, especially in the banking sector where significant progress has already been made. These frameworks will help shape future CDR regulations and standards.

The team at Source will continue to monitor the Bill’s progress and provide updates.

 

Need help navigating how CDR might affect your organisation? Contact us for support.

Related articles

Digital glowing polygonal brain interface on blue background. Artificial intelligence and circuit concept. 3D Rendering
The World’s First AI Rulebook: The EU AI Act and the Impact on Australia and New Zealand
Businessman signs Paperwork
Understanding Fit for Purpose Obligations in Contracts
Group of diverse coworkers walking down the stairs in an office
From Contractor to Employee: Understanding the New Employment Definition in Closing Loopholes No. 2
Group of colleagues engaging in a discussion during a business meeting in a conference room. Happy business people, men and women, collaborating and working towards their shared goals.
Navigating the new casual conversion process: Key changes ahead

Subscribe to Receive Our Latest Offers and Updates.

Get in
touch.

Email us
evergen
jonas
qmag
hudson
bluefit
pybar
uts
hostopia
Calix Limited Logo
Sofico Logo
Ansarada
For more information or a general chat please email us at info@sourceservices.com.au
Instagram Linkedin

Sydney
Australia Square
Level 42,
264 George Street
Sydney, NSW 2000

Melbourne
Level 33,
360 Collins St
Melbourne VIC 3000

Perth
Central Park
Level 39,
152 St Georges Terrace
Perth, WA 6000

Brisbane
Riverside Centre
Level 19,
123 Eagle Street
Brisbane, QLD 4000

Newcastle
Level 3
21 Bolton St Newcastle
NSW 2300

Auckland
Vero Centre
Level 35
48 Shortland St
Auckland, New Zealand 1010

Source New Zealand is operated by Hamilton Locke (NZ) Limited (Company No. 8463155) trading as Source

Source Legal Australia is operated by Source Services Pty Ltd ACN 150 668 554 (Source Legal Australia).
Liability limited by a scheme approved under Professional Standards Legislation.

Source Legal New Zealand is operated by Hamilton Locke (NZ) Limited (Company No. 8463155) (Source Legal NZ)

Disclaimer