Exploring New Zealand’s Consumer Data Right
Crescent had the pleasure of facilitating our local FinTech Meetup group, which brought together industry leaders to discuss New Zealand’s new Consumer Data Right (CDR). The proposed CDR framework is designed to empower consumers with greater control over their data. This significant development is set to reshape how businesses approach innovation, data privacy, and technology hiring needs—creating new opportunities for companies and IT professionals alike.
Peter Fernando from Duncan Cotterill presented at the event and has helped us prepare the following on the topics discussed, for those who were unable to attend:
Consumer and Product Data Bill — opportunities for the IT sector
The Consumer and Product Data Bill (the Bill), introduced to Parliament in May 2024, is a major legislative initiative in New Zealand aimed at improving the control and accessibility of consumer data.
What the Bill is all about
The Bill aims to establish a comprehensive framework for sharing and using customer and product data across various sectors in New Zealand, by introducing a “consumer data right” (CDR) to New Zealand, giving consumers greater control over their data. The Bill will enable New Zealand to follow the example set by Australia, the United Kingdom, and Europe who have all already established some form of CDR.
The CDR will grant customers and small businesses the rights to:
- Request their customer data from a data holder and share it with third parties.
- Instruct a data holder to perform certain actions on their behalf, such as opening accounts or making payments.
- Authorise an “accredited requestor” to request their data or to perform specific actions on their behalf.
- Request information about the goods and services a business offers.
The Bill will be rolled out gradually, sector by sector, through a process called ‘designations.’ The Ministry of Business, Innovation and Employment (MBIE) is initially focusing on the banking and electricity sectors and is seeking feedback on these areas.
How the CDR will work in practice
The CDR is designed to help customers switch providers for services like banking, electricity, and telecommunications more easily by allowing them to share their data securely and with their consent.
Additionally, the Bill facilitates access to product data, which includes information about the goods or services a business offers. For example, in a supermarket, this could be the prices of various foods, while for a mobile phone plan provider, it might include details about data, text, and call allowances for each plan.
When a sector is designated, businesses will be required to make certain product data available in formats that can be automatically read and processed by computers, simplifying product comparison and switching for consumers.
What problem is the Bill trying to solve
Businesses hold vast amounts of customer data, such as account histories and product usage information. This data, protected by security measures and the Privacy Act 2020, has the potential to improve customers’ lives. However, customers often cannot fully utilise this data due to access and sharing limitations.
The CDR aims to give customers greater control over their data by allowing them to share it with trusted third parties. This will enable more effective use of data, such as comparing power providers or calculating carbon footprints.
What are the opportunities for the IT sector
Alongside the clear consumer protection focus of this Bill, the CDR also creates new and interesting opportunities for innovative IT experts and providers as:
- businesses in the designated sectors will need to invest in system changes to deliver CDR;
- new roles will exist in the CDR ecosystem, such as businesses or services established to fulfil the “accredited requestor” function; and
- ancillary services will be required to provide confidence that CDR is being implemented in a way that is “trustworthy, competent, and secure.” This could include testing services, data governance and data cleansing, cyber security, and much more.
Next Steps
The Bill is currently before Parliament and will undergo readings, debates, and a Select Committee stage for further public consultation. MBIE is seeking feedback on proposed regulations and sector designations to refine the Bill. Once enacted, MBIE and the Privacy Commissioner will oversee the Bill’s implementation, ensuring compliance and addressing any issues.
The CDR is anticipated to unlock the full potential of customer data, create new opportunities, and boost competition. As the Bill progresses through Parliament and begins to be implemented, it will be interesting to see how effectively it achieves these goals, whilst also ensuring robust protection of personal information.
If you have any questions about the Consumer and Product Data Bill, including how it could affect your business, please contact Peter Fernando at Duncan Cotterill.
Disclaimer: The content of this article is general in nature and not intended as a substitute for specific professional advice on any matter and should not be relied upon for that purpose.