Skip to main content

Data-in and Data-Out

In New Zealand's regulated open banking framework (enabled via the Consumer Data Right under the Customer and Product Data Act 2025, effective from 1 December 2025), "data-in" and "data-out" refer to the directional flow of financial data through intermediaries. This is distinct from direct bank-to-third-party sharing.

  • Data-in: Refers to data flowing into the intermediary from banks. Banks (data holders) share customer-authorized financial data via secure APIs (e.g., account balances, transaction history, metadata) directly to the intermediary, following user OAuth authorization with the bank (no credential sharing). This leverages official APIs from designated banks, ensuring real-time, tamper-proof access.

  • Data-out: Refers to processed data flowing out from the intermediary to third-party apps. The intermediary standardises, enriches (e.g., categorises transactions, adds merchant details), and delivers the data via its own unified API to clients, abstracting complexities like accreditation and multi-bank integrations.