Consumer data right planned for next year

New Zealand’s government plans to give consumers more control over using the data about them that companies and organisations collect and store. This is the idea of a consumer data right.

Similar rights exist in other countries. From our point of view the most important is example is Australia. Our rules look set to follow a similar model.

Today Australia’s consumer data right covers banking. Soon it will cover power companies. Over time it will extend to other sectors.

One sector at a time

New Zealand plans a similar step-by-step approach.

In banking a consumer data right means if you, say, found a cheaper mortgage at a rival bank, you could ask your existing bank to send them your records.

This makes it easier to shop around for services.

It should work well in banking. New Zealand’s big four banks have something called the API Centre. This was set up in 2019. It’s a common series of standards for payment account information. The scheme is voluntary and is open to other finance sector companies.

Last year the Commerce Commission suggested a data right for mobile customers looking to move from one network to a rival. Mobile customers often lack the information needed to comparison shop.

In general it is hard to move consumer data between companies and organisations at the moment.

Consumer data right needs rules

Rules are essential for this kind of initiative.

Commerce and Consumer Affairs Minister David Clark says the government is working on the regulatory structure needed and plans to introduce legislation next year.

He says: “Any data shared through the consumer data right will only take place with a person’s informed consent, and would be strictly used for the reasons agreed upon. For example, if a person was seeking financial advice, they could ask their bank to share data, such as transaction information, with their chosen adviser."

It’s an opt-in service. You can choose to use it, but don’t have to.

Clark says there will be safeguards put in place to that companies receiving this data can handle it safely and securely.

This is likely to be the hardest part of the exercise.

To make data rights work, the government has been working on something it calls the Digital Identity Trust Framework. This is, in effect, a set of rules to identify people online.