New Zealand: Customer and Product Data Bill enters into force

On 29 March 2025, the Customer and Product Data Bill enters into force. The purpose of the Bill is to establish a consumer data rights framework with a view to facilitating access to and sharing of customer and product data across the economy. The Bill stipulates that designated data holders, such as businesses holding customer data, must provide such data to customers and, with the customers' authorisation, to accredited third parties. The Bill stipulates that data holders must respond to electronic requests from customers and accredited third parties (with customer authorisation) by providing access to customer data or performing actions such as opening accounts, processing payments, or modifying customer plans. Furthermore, the Bill requires that product data, which includes information about a data holder's goods and services, be made available electronically upon request. Furthermore, third parties that have been accredited are subject to obligations under the Bill, including compliance with accreditation conditions and restrictions on the use and retention of data. The Bill sets out requirements for obtaining, managing and withdrawing customer consent. In addition, the Minister is empowered to issue regulations on consumer data rights and to designate sectors and data sets by regulation. The data protection provisions are to be considered in conjunction with the provisions of the Privacy Act 2020, which remains applicable in all instances except those cases where its application is modified or overridden by this Bill.