ITP Techblog

Brought to you by IT Professionals NZ
Menu
« Back to Government

Brislen on Tech: Consumer Data Rights

Paul Brislen, Editor. 21 August 2020, 3:11 pm

While we may not show it often, most people have data they consider to be their own.

Their bank account numbers. Their health ID number. Their IRD or credit card or login details for that insurance or savings account.

Consumer Data Right.jpg

Yet we have to share this data with the agencies with whom we engage and quite often it's they who hold all the chips.

Try telling your bank that you're migrating, or your insurance company and you'll find they're simply unwilling to let go quite that easily. The only operation more difficult to leave is of course the gym, but that's another story.

I applied for a mortgage a few years ago (I know, a rash move but with children and a wife it seemed appropriate). I was with one particular bank who'd always been good to deal with so I thought great, they'd love to lend me hundreds of thousands of dollars. They already know all there is to know about me so I'll start with them because it will be easiest.

Reader, it was not.

They wanted me to fill in forms containing a lot of information they already had. They knew my name, my date of birth, my address. They knew how much money I earned and how long I'd lived at my current address, yet they wanted me to fill it all out again. Why? Nobody could tell me. Just because.

Well, if I was going to do that, I'd go to market and see who else wanted to chain me to them for the next 30 years. It turns out a lot of banks want that, and so I quickly had three players on the table: One was my existing bank - holding out a sheaf of forms. The second was a bank with a branch conveniently within walking distance who would buy me a coffee. The third was a bank who agreed to send someone round to my house to do all the paperwork.

This was such an important life decision I based it almost entirely on who was easiest to deal with. Not the best price, not the legal contract, not the banks' credit ratings, but on how hard they made it for me to deal with them. I went with the bank that came to me and did all the paperwork.

I have not regretted that process in the years since.

Dealing with bureaucracy can be a nightmare, and I'm not just talking about the spelling. Yet this is our data, we own it, it's about us, so we should own it.

Most companies might disagree but a new discussion paper from the government is seeking input into a code that would allow just that - it's the introduction of a Consumer Data Right (CDR) code that would enshrine that ownership with the user, not with the organisation.

This is important because as we move through life two things happen. Firstly, we interact with a lot of organisations that like to keep our data for themselves and that list is growing all the time, and secondly we want to change providers easily and readily without all the hassle.

Remember the good old days when telcos wouldn't let you keep your number as you swapped providers? That simple act of migration (churn, as they call it) was blocked for many by the logistical nightmare of having to update all your records to reflect the new number. Even when one telco offered to pay to have business cards reprinted it really only scratched the surface of the problem. Everyone's got that one contact who won't update their records and in those days the number was the only way people had to get hold of you, short of walking round to your house and banging on the door. It's hard to explain to kids who've grown up with apps and over the top providers about what a hurdle that was, but it really was a game changer when number portability was introduced.

Now imagine being able to change credit card providers or banks and not have to do the dance of a thousand websites as you update everything. Imagine just being able to contact your new bank and say "I give you authority" and they do all the hard work.

That's what the new discussion document is all about but I think it should go further. Do I get to keep my bank account number? Why not! What about the problems inherent in making sure my pay still goes into the right account if the bank no longer has visibility of my details? Not my problem - we have computers to handle all of that.

And let's take it further - I want to migrate all my data from one social media platform to another. Again, that's a monumental task but in the future we will need to consider how best to handle this kind of thing.

Ensuring the user is the owner of the content also means those who get it wrong when it comes to handling or protecting that data can be taken to task. Currently our Privacy Act has no provision for CDR but we have a new Act that comes into effect in December. Sadly, it too does not have any provision for this, but it's yet another reminder that our new privacy laws are already out of step with the world in which they're used so we might want to update them properly in the next year or two.

The provision of strong CDR is good for privacy, it's good for consumer peace of mind and it's good for competition. Just look at the telco market which is now far more vibrant and active than it was when we were artificially locked in. The telcos have to compete on service, not just on how difficult it is to leave them. Let's see what we can do with banks and insurers as well.


Comments

You must be logged in in order to post comments. Log In


Web Development by The Logic Studio