Accessible News

Top storiesNew ZealandPoliticsBusinessEntertainmentSportsWorld

‘Data sovereignty’ law needs to go further to gain public trust, MPs told

Thursday, 12 September 2024

A new era of personal data sovereignty is around the corner, and MPs hope it will give the public power to drive healthy competition in industries like banking, power and insurance.
A new era of personal data sovereignty is around the corner, and MPs hope it will give the public power to drive healthy competition in industries like banking, power and insurance.

MPs have been told their proposed ‘data sovereignty’ laws don’t go far enough to protect the public from abuses by companies, including being charged fees to access their own data.

The Customer Data and Product Bill, if passed into law, would give people ‘sovereignty’ over their own data, enabling them to instruct the likes of banks, insurers and power companies to share their data with rivals and fintech companies.

This could make switching banks and insurer easier and faster, and could enable the rise of “open banking”, which the Commerce Commission said could drive competition through better and cheaper payment, deposit and loan services.

Privacy Commissioner Michael Webster wants the Privacy Act to be updated to include big fines for law-breaking companies. Currently, he says, “The most I can do is to give people a stern telling off”.
Privacy Commissioner Michael Webster wants the Privacy Act to be updated to include big fines for law-breaking companies. Currently, he says, “The most I can do is to give people a stern telling off”.

Personal data sovereignty in the power sector could see the creation of power and telecom shopping apps, allowing people to shop around using their actual use data for the deal on the market that would be best suited to them.

But Dr Marcin Betkier, chair of Privacy Foundation New Zealand, said changes needed to be made to the proposed laws to assure the public they really did have control over their own data.

“We think what maybe missing here is customer trust,” he said.

Beicker said laws and regulations must ensure their data was used by companies only to deliver the immediate service members of the public were sharing their data to receive.

And when people stopped using the service that was using their data, they should have the assurance their data would be deleted, Beicker said.

People must also have a right to object to direct marketing, he said.

Privacy Commissioner Michael Webster said the Office of the Privacy Commissioner (OPC) would be the regulator of the privacy aspects of the proposed laws.

But the OPC had had its funding “cut significantly”, he said.

In addition, Webster asked the Government to update the Privacy Act to give the OPC the ability to fine companies and other organisations that break privacy laws.

“Unlike every other privacy regulator in the OECD and around the world, we don’t have a financial penalty regime,” he said.

Blinkpay co-founder Adrian Smith tells MPs not to let companies charge customers for access to their own data.

Currently, he said: “The most I can do is to give people a stern telling off.”

Australia had beefed up its fines for major privacy failures to tens of millions of dollars, he said. That had sharpened up the focus of directors that privacy mattered.

Adrian Smith, co-founder of open banking payment service Blinkpay, was keen that the likes of banks and power companies would not be allowed to charge high fees to provide access to data.

When a person gives an open banking fintech like Blinkpay the go-ahead to retrieve their data from a bank, that bank should not be able to charge a fee that was more than “cost recovery”, he said.

‘We are at risk of entrenching inequity in the system,’ says Adrian Smith, co-founder of BlinkPay.
‘We are at risk of entrenching inequity in the system,’ says Adrian Smith, co-founder of BlinkPay.

“Philosophically do we think it’s right people should be charged to access their own data?” he asked MPs.

Currently, there was deep data inequity in New Zealand, he said.

‘We need to get it right, and it’s more difficult to get it right, than it is to get it wrong,’ says Payments NZ chief executive Steve Wiggins.
‘We need to get it right, and it’s more difficult to get it right, than it is to get it wrong,’ says Payments NZ chief executive Steve Wiggins.

“The ‘haves’ have access to information and data to do things to be better off,” said Smith, the former digital director for Barclays Bank in the UK.

“We are at risk of entrenching inequity in the system,” he said.

MPs also heard conflicting pleas on whether industries like banking should be allowed to develop and administer their own rules and standards for data access.

Steve Wiggins, chief executive of Payments NZ, the bank-owned company that controls New Zealand’s payments system, argued for industries to be able to develop those rules and standards under the watchful eye of regulators.

But Josh Daniel, co-founder of open banking start-up Akahu, said: “We think the natural incentives are for incumbents to weaken and slow the development of industry standards.

“That has been our experience to date,” he said.