This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Protections - Authorisation

40: Accredited requestor must comply with prescribed duties in respect of authorisation

You could also call this:

“Special companies must follow rules when asking for your permission”

The new law might say that when a special kind of company (called an accredited requestor) wants to get permission from you or someone who uses your account, they have to follow some rules.

These rules might tell the company how to explain things to you, so you can understand what you’re agreeing to. They might also say how the company should ask for your permission, like using a special tool where you have to do something to show you agree.

The law might also say there are times when the company isn’t allowed to ask for your permission at all. The company would have to follow any other rules about getting your permission too.

The government will decide exactly what these rules are later on.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS925513.


Previous

39: Customer or secondary user must be able to control authorisation, or

“You can choose who sees your info and for how long”


Next

41: Authorisation must not be required as condition of providing product, or

“Sellers can't make you agree to share extra data just to buy their stuff”

Part 3 Protections
Authorisation

40Accredited requestor must comply with prescribed duties in respect of authorisation

  1. If an accredited requestor (A) seeks to obtain, or may accept, an authorisation from a customer (or a secondary user on their behalf),—

  2. A must take the prescribed steps (if any) to enable the customer or secondary user (as the case may be) to be reasonably informed about the matter to which the authorisation relates; and
    1. A must use only prescribed methods (if any) to obtain the authorisation (for example, a tool that requires the customer to perform an affirmative action in order to give the authorisation); and
      1. A must not obtain, or accept, an authorisation from a customer (or secondary user) in the prescribed circumstances; and
        1. A must comply with any other requirements in connection with obtaining, or accepting, the authorisation.
          1. In this section, prescribed means prescribed by the regulations or the standards.