Plain language law

New Zealand law explained for everyone

This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Protections - Authorisation

37: Ending authorisation

You could also call this:

“How your permission to share data can stop”

The proposed law says that when you give permission for someone to access your data, that permission will end at a certain point. This could happen in a few different ways:

The permission might end after a certain amount of time. The exact time limit would be set out in other rules.
The permission might end when something specific happens. For example, if you close your account with the company that has your data, the permission might end then. The specific events that could end the permission would be listed in other rules.
You (or someone you’ve allowed to act for you) might set a specific time for the permission to end when you first give it.

Whichever of these happens first is when the permission will end.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on 11 December 2024

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS789073.

36: Giving authorisation, or

“Giving permission to someone to act for you”

38: Authorisation must be confirmed, or

“Companies must check if you've said it's okay before using your data”

Part 3 Protections
Authorisation

37Ending authorisation

An authorisation ends on the earliest of the following:
the expiry of the maximum period for an authorisation specified by the regulations (if any):
the occurrence of an event specified by the regulations (if any) (for example, when the customer closes an account with a data holder):
the time (if any) specified by the customer (or a secondary user on their behalf).