Kia ora e te whānau
Happy New Year. I hope this finds you well and rested from the holidays. Thank you for reading DINZ’s first newsletter of 2023 on the beach, at the office, or in the tent or caravan out of the rain.
Fraud issues tend to surface in the news much more over the holidays as increased online purchases offer greater opportunities for attackers. Matthew Evetts is the director of security at DINZ member Datacom and did a great job of explaining the issues in simple terms in this piece on RNZ.
So with consumers and their data in mind, it is notable that the Government has just released a Cabinet Paper on the proposed Consumer Data Right (CDR) with a framework similar to that of the DISTF. Russell Mc Veigh has summarised its insights in this helpful publication here. While DINZ could debate whether the banking sector is a better starting point for CDR compared to digital identification, we expect to analyse the paper and offer commentary in due course.
For DINZ itself, each new year brings the need to balance its limited resources across a range of activities. In 2022 greater focus was placed on documented evidence based thought leadership with its submissions, the research and the landscape report that will be published in a few weeks time. In 2023, expect to see more focus on events and interactive mahi, now that grounding documented mahi has progressed. Next month we’ll begin with events to showcase the landscape report on digital identity in Aotearoa that integrates the results of the research we highlighted late last year (we are always looking for member premises to host so please get in touch). We’ll also be kicking off a two-month Summer Series around perspectives of decentralised digital identity where we expect to feature members (get in touch!) with a decentralised service or pilot leading discussion and debate with their perspectives. Planning is already underway for April with an overseas expert visit intermingling with Privacy Awareness Week. So there’s plenty to look forward to before the Digital Trust Hui Taumata 2023 confirmed for 1 August 2023 at Te Papa Tongarewa, Wellington. Get in touch if you’re interested to sponsor or exhibit.
What else is in store for us in the digital identity domain in 2023? Truckloads is the short answer. As I observed in my personal email to members before the break, in legislation alone, we expect to be looking at the DISTF in its final run up to enforcement on 1 January next year, MoJ’s proposed amendments to the AML/CFT legislation that DINZ analysed back in 2020, OPC’s proposed Code of Practice for Biometrics that DINZ responded on last year, the exposure draft of NZ’s CDR legislation and further developments in Open Banking.
The sheer scale of the compliance undertaking for any digital identity service provider looks quite daunting when you think that most service providers will need to comply with most of the above, and also with the Privacy Act 2020 and conceivably the EIV Act 2012, even if today it applies primarily to RealMe. Aotearoa is not alone in this regard. The EU is a great example where in the fullness of time the upcoming Data Act will sit beside the Data Governance Act, the GDPR, the Free Flow of Non-Personal Data Regulation, the Open Data Directive, the Digital Markets Act and the Digital Services Act as part of the European strategy for data, not to mention EIDAS 2.0. Will 2023 be remembered as the melting pot year for digital law? We’ll see.
But let’s hope that lawmakers everywhere are setting aside resources in the coming years for legislative harmonisation!
Colin and the DINZ Executive Council of 2023