Soon New Zealanders will have more control of their personal data, with the government announcing this week that it will establish a consumer data right framework.

The move brings NZ in line with Australia and the UK which have both introduced data portability.

“Consumers should be in the driver’s seat when it comes to how their personal information is used by third parties,” said Consumer Affairs Minister David Clark in the announcement.

The new system will create a mechanism where you can instruct your bank to share certain data with a third party like a fintech company.

And if giving your data to third parties sounds scary the Minister goes on to add that – “Any data shared through the consumer data right will only take place with a person’s informed consent, and would be strictly used for the reasons agreed upon.”

A Bill implementing the consumer data right will be introduced to Parliament in 2022.

So, how will it affect you?

Having control over how your data can be used makes online life a lot more convenient; no more endless forms to fill when switching mortgage providers for example.

You’d be able to give, say, a budgeting app permission to view your bank account and potentially allow real-time alerts to evaluate your spending.

Changing utility providers or allowing other accredited institutions access to your banking data will also be a lot easier. 

In the UK customers can use bank data to forecast how much someone will be able to save at the end of the month, and automatically move the amount into savings, round up purchases each time they shop, and invest the difference. 

They can separate bill money from spending money and access a range of bank accounts and credit cards in one place.

Data portability is great for businesses too – allowing greater competition and agility in the marketplace. Loans and other credit products would be able to be issued more efficiently because all the data is provided upfront, which means lower fees and compliance costs. 

Why the change?

At the moment consumer data portability is limited and lacking legislative framework. 

That means that industries have been left to develop versions of data portability at their own pace. An example of this is the API Centre – a joint initiative by Payments NZ, which is primarily owned by the big four banks – ANZ, ASB, BNZ, and Westpac – but participation is voluntary and the rate of wider integration has been slow.

MBIE announced it was looking into the issue last year and considered four options. 

The one they’ve adopted is similar to that brought in across the Tasman in 2019. 

The choice makes sense as all four big banks are Australian subsidiaries. 

The framework will be rolled out on a sector-by-sector basis as is the case in Australia where, at present, it applies to banks and electricity providers.

The Minister says that officials are now carrying out work to identify which sectors will be considered for designation first. 

But most likely it will be the finance and banking sector – our major banks are already familiar with the requirements and have systems in place in their Australian operations.

Open banking on the horizon

Data portability is the first step in introducing open banking – something the Reserve Bank and previous Commerce Minister Kris Faafoi has long advocated.

The RBNZ stating on its website in 2018 that – “Open banking could improve the soundness and efficiency of the financial system. It could increase competition and reduce concentration in the provision of financial services, reducing the systemic importance of large banks and reducing the cost of financial services.” 

And last year Faafoi accused banks of not giving open banking sufficient priority.

Unsurprisingly the banking sector hasn’t embraced the proposed new framework as it will increase competition and provide consumers added choice.

Bankers’ Association spokesman Philip van Dyk told Stuff this week that it supported the initiative “in principle” before adding that – “Research shows that few people think sharing your personal information with third parties is a good idea.

“Third parties seeking to use consumers’ personal data will need to show they have proper safeguards in place.”

In October the Association told officials that more analysis was required. 

The association stated that, although it was supportive of a robust consumer data rights regime it saw – “little evidence that the promised benefits and objectives of a consumer data right have been delivered on a large scale, despite significant levels of industry investment” when observing the UK experience.

On the other hand open banking presents opportunities for the growing fintech sector and will be welcomed by New Zealand companies like Jude, POLi and Choice to Pay.


The safeguards put in place, to ensure private data is kept secure, are equally important. 

MBIE states that third party data recipients will need to be accredited and a range of information protection safeguards will be introduced. 

To consent to letting your data be accessed by a third party you must sign a clear opt-in form and understand what you are signing. 

Consumers must also be given the ability to review and amend or withdraw consent at any time – most likely by simply changing a setting on your banking app. Consent for any purpose beyond providing the goods and services the consumer has requested will be optional. 

Minister Clark said that it’s his intention that the consumer data right will “work hand-in-hand” with the Digital Identity Trust Framework legislation that the government has been working on since 2018.

That is expected to set the groundwork for a digital online identity ecosystem that will enable New Zealanders to safely interact with a range of providers both government and private sector.

Putting people in control of their data is a welcome move and a win for businesses, consumers and our emerging fintech industry; the only ones grumbling are the banks.