Plain language law

New Zealand law explained for everyone

Customer and Product Data Act 2025

Protections - Authorisation

38: Ending authorisation

You could also call this:

“How permission to use your information can stop”

You should know about how an authorisation can end. An authorisation is like permission for someone to use your information. There are different ways it can finish.

If the rules say there’s a maximum time for an authorisation, it will end when that time is up. Sometimes, the rules might say it ends when something specific happens, like if you close your bank account.

You can choose when you want the authorisation to end when you give it. You or someone you trust can also decide to end it at any time. There’s more information about how to do this in section 40 of the law.

The person or company you gave the authorisation to can also decide to end it themselves.

Whichever of these happens first is when the authorisation will end.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS789073.

Topics:
Money and consumer rights > Consumer protection Rights and equality > Privacy
Previous

37: Giving authorisation, or

"Explaining how to allow someone to use your information"

Next

39: Authorisation must be confirmed, or

"Companies must check if you've allowed them to share your information before they do it"

Part 3 Protections
Authorisation

38Ending authorisation

  1. An authorisation ends on the earliest of the following:

  2. the expiry of the maximum period for an authorisation specified by the regulations (if any):
    1. the occurrence of an event specified by the regulations (if any) (for example, when the customer closes an account with a data holder):
      1. the time (if any) specified by the customer (or a secondary user on their behalf) when the authorisation is given:
        1. the time (if any) that the customer (or a secondary user on their behalf) ends the authorisation (see section 40):
          1. the time (if any) determined by the accredited requestor.