The minutes for each meeting of the Data Ethics Advisory Group, grouped by date, are summarised here.
Meeting summaries from 2019 to 2022
Advisory Group Members: Professor Colin Simpson (Chair), Jonathan Godfrey, Russell Craig, Andrew Sporle
Apologies: Kate O’Connor, Will Koning, Jonathan Kilgour
Attendees: Centre for Data Ethics and Innovation, Stats NZ
Presenters: Topic One: Customer Services and Support team, Stats NZ
The meeting was opened with a karakia. The Chair welcomed the members and officials and noted the apologies.
The minutes of the meeting held on 14 August 2025 were approved as a true and accurate record of the meeting.
The members noted the actions register.
The presenters provided an overview of the function of the Customer Services & Support team and the purpose of the workshop to explore the future of products and services. The members agreed the feedback provided to the presenters would not be attributed to them individually but in their role as members of the advisory group.
The presenters clarified the meaning of ‘accessibility’ in the context, defining it as broader accessibility and intractability with the general public. The members noted a difference with accessibility for disabled users and invited presenters to carefully consider and discuss the matter with a relevant member, advising to also refer to overseas experience and literature.
The presenters noted the roadmap for Stats NZ products and services and creating a ‘blue sky’ vision on how to improve them followed the feedback received from the 2023 Census products and services and website analytics. They added that the benefit of thinking about the future was not about predicting it but being prepared by understanding what it might mean for the present.
The members were asked to imagine a future where every person, regardless of their ability, context, or technology could access and use Stats NZ’s products and services; with that in mind how could Stats NZ’s products and services adapt to users' accessibility needs and what needs to be done over the next 3-5 years to strive for this goal.
The members discussed what values should be underpinning the services and products to ensure Stats NZ to be a stalwart for quality and trust and a beacon of excellence and trustworthiness and agreed to the following:
The members were concerned around a lack of innovation across the public sector to increase productivity (with caution) and noted the role of DEAG as a forum to support government agencies in discussing new ideas.
The members were asked to discuss what could be done in the present to strengthen future products and services.
The members suggested:
A member distinguished between community data analysis being done by the community compared to a researcher external to that community doing the analysis. They noted that the IDI is not open to all and more needed to be done to ensure data requestors (researchers) understand the limits, highlighting that the boundaries in IDI access are needed to protect from potential harm. They called for responsibility (more what ‘should’, not only what ‘could’, be done).
The presenters advised the plan was to engage with different stakeholders, DEAG included, and bring insights back internally to create a roadmap. They noted the discussion with DEAG was useful and sought recommendations on stakeholder engagement.
The group noted the forward agenda and discussed potential agenda items.
Advisory Group Members: Professor Colin Simpson (Chair), Jonathan Godfrey, Will Koning, Russell Craig, Jonathan Kilgour, Andrew Sporle
Apologies: Kate O'Connor
Attendees: Centre for Data Ethics and Innovation, Stats NZ
Presenters: Topic One: Strategic Response team, Stats NZ
Topic Two: Centre for Data Ethics and Innovation and the Integrated Data Team, Stats NZ
The meeting was opened with a karakia, after which the Chair welcomed the members and officials.
The Chair provided an update to the interest register.
The minutes of the meeting held on 3 July 2025 were approved as a true and accurate record of the meeting.
The members noted the updates to the actions register.
The Strategic Response team provided an overview of the privacy and ethics issues they were seeking DEAG’s advice on:
DEAG noted their support of the work.
A member raised concern around engagement as a first step and instead proposed building on the success of Ngā Tikanga Paihere, working on internal processes to build guardrails and engaging with one group as a test case, while running alongside wider engagement. They also cautioned that Stats might approach engagements with an assumption that communities understand their data needs, what data is available, how it can be used, and the level of data granularity required, suggesting presenting product choices to a group as a helpful approach instead.
Another member noted that identifiability issues do not only apply to small groups and queried who owned the data of a community, especially with the pressure to provide highly granular data to the Integrated Data Infrastructure (IDI) and the Disability Survey, while also considering what is important for data collection. They noted some communities have recognised authorities to speak on their behalf, but some don’t, and added the nature and extent of an outcome is based on how sensitive an individual is to being identified (i.e., whether data is a weapon or a tool).
A member noted that the cross-over of marginalised groups could result in breaches of confidentiality and a loss of privacy at an individual level. They queried indirect harm and when group privacy becomes individual privacy.
DEAG noted the distinction between what people can observe and infer, versus the data that is published, and the likelihood of exposure at the intersection of two marginalised groups. They noted the requirement for ‘safe outputs’ under the Five Safes Framework, and the need for careful consideration when a group already feels targeted by society.
The members acknowledged the complexity of the problem and the public policy challenge. They advised Stats to seek the best possible arrangement to move forward, while being alert, aware, quick to learn and adapt, ensuring trust, while reducing or eliminating harm. The members agreed it was a multi-dimensional problem and suggested to look at ‘near adjacent’ for part-solutions, such as the data approaches of Māori communities. The group agreed that deficit statistics and stories lead to harm and noted there were subtleties and challenges to face, with questioning who is in control of the narrative and what data is being sought and exposed being critical.
DEAG further advised being content-sensitive and vigilant on ramifications and noted the importance of the work being done ‘with and by’ communities, rather than ‘for’, or ‘to’ communities, with approaches forward including evolving technical and social relationship elements.
The members advised progressing with a useful pilot case and offered DEAG’s support and advice along the way.
The group noted the IDI and DataLab users had a process of assessing data and research and discussed how Ngā Tikanga Paihere and Five Safes should be applied more generally. They noted the requirement for being alert, having guardrails in place and being prepared, all while taking a learning system approach. The members also advised that the team liaise with the Centre for Data Ethics and Innovation (CDEI).
The group noted the CDEI-developed, draft ethics guide for social investment using the IDI, which was a follow-up from the meeting on 3 July 2025.
DEAG members were asked to provide advice on the following matters, with a focus on immediate practical steps:
The members discussed issues around informed consent, public confidence in government, and future choices for individuals enabled by technology. The Group agreed that people (i.e., Service Users) should be put first, then NGOs. They acknowledged the robustness of the work and noted the importance of training for NGOs (e.g., consider an auditable certification regime – this could be online), while collecting and sharing information.
A member noted that data used for social investment purposes should navigate between personal identification (a ‘red line’) and good practice exemplars (‘green lines’). They suggested the introduction of a ‘traffic light system’ to support NGOs where ‘green’ (low risk) could be managed by following exemplars; ‘orange’ (medium risk) would indicate a pathway for engagement; and ‘red’ (high risk) should not be contemplated.
Another member noted the benefit of segment identification (cohort of characteristics), while others noted wider systems issues (e.g., data governance, accountability, data quality and cleaning, lack of informed consent), and the importance of a learning system being wrapped around social investment.
CDEI advised they would come back to DEAG with a work programme to support the implementation of the guidance.
The group noted the forward agenda and discussed DEAG representation at the Government Information Systems Managers’ Forum (GOVIS).
Advisory Group Members: Professor Colin Simpson (Chair), Jonathan Godfrey, Will Koning, Kate O’Connor, Russell Craig
Apologies: Jonathan Kilgour, Andrew Sporle
Attendees: Centre for Data Ethics and Innovation, Stats NZ
Presenters: Topic One: Integrated Statistical Data System Futures team, Stats NZ
Topic Two: Centre for Data Ethics and Innovation and the Integrated Data Team, Stats NZ
The Chair welcomed members and officials, and the meeting was opened with a karakia.
A member provided an update to the interest register.
The minutes of the meeting held on 22 May 2025 were approved with a minor amendment.
An update on Stats NZ’s Integrated Statistical Data System (ISDS) was provided following a written update to DEAG in November 2024, which, among other updates, outlined an approach for a literature review of international examples of register-based statistical systems. The group noted the ISDS work would be accelerating to align with the Census work programme and that they are working with the Centre for Data Ethics and Innovation (CDEI) on ethical considerations.
Stats NZ provided context around the ISDS, a programme tasked with building an underpinning statistical structure to enable delivery to Census, Measuring a Modern Economy (MME), social investment, and a cohesive administrative-data first approach. The group noted the ISDS implementation would bring together social, environmental and economic domains with key deliverables being:
Stats NZ outlined the key principles underpinning the ISDS implementation:
A DEAG member queried if there were any plans to deploy modern data governance tools, as robust policies and protocols ought to be enforced at a technological level. They also questioned if data stewardship obligations were met, especially if security and access attributes were met in time. Stats NZ responded that they would come back to the group with a response from a relevant team.
DEAG noted that a ‘zero-trust’ approach (technical parameters and culture) would be required to prevent any ethical transgressions. A member noted proper risk management would need to be in place to the level of people feeling comfortable to report their own breaches, while Stats NZ responded that more information would be shared following the data maturity and risk assessment.
Stats NZ advised there had been engagement with the United Kingdom’s Office for National Statistics (ONS), and a review of six other countries with register-based statistical systems. The selected countries (i.e., Australia, Canada, Finland, Ireland, Singapore and Sweden) had a similar population size to New Zealand and were deemed more comparable.
A DEAG member was interested in the suitability of New Zealand’s legal framework and if any relevant information had been received from other countries on how to ensure a top-down enforcement (i.e., how to ensure technology does only what it should). They asked who would be responsible to gate-keep from harm and bias. Stats NZ advised of the legal constraints, noting that only de-identified data, with a statistical level of control, would be used for official statistics. Regarding gatekeeping, Stats NZ noted the relevance of staff training and a potential change of legislation.
A DEAG member expressed concern around potential negative legal implications with the change in Census; Stats NZ responded that census-type information would be produced by doing a different collection. Ethics is included in the Data and Statistics Act.
A member raised concern that, with the ISDS feeding into the IDI, building trust and confidence was not on the project timeline and both were needed at every step. Stats NZ advised that the ISDS team were working with the Comms team to build narrative around the Programme, with relevant teams already engaging with external stakeholders.
DEAG noted that a focus on the data and linking complexities could be detracting from a focus on data governance and advised Stats NZ to look at Estonia as a reference. The members also advised caution: ‘statistics is harmless but not benign’. They were also concerned around the work in process before assurance was in place, and the potential impact on Stats NZ’s reputation and public trust and confidence. A member highlighted the importance of protecting from any bad actors and ensuring internal teams do not work in silos.
A Stats NZ official provided the background on the service blueprint developed by the Centre for Data Ethics and Innovation (CDEI), which outlined the Social Investment test-and-learn trials led by the Social Investment Agency (SIA) and Stats NZ. The group noted that the blueprint described the roles and responsibilities of Service Users, NGOs, the SIA (generic agency example) and Stats NZ in the process, which comprised six phases, and identified ethical considerations at each phase. The team sought DEAG’s feedback on any overlooked ethical issues, focus areas, and practical and achievable solutions.
The group discussed the process of de-identifying individuals and raised concerns around the possibility of reidentification of individuals by an agency who holds the original identifiable data. Noting that if 100% probabilistic matching occurs, any reidentification process would not necessarily be definitive. DEAG members agreed they would need to be across the issue.
DEAG agreed the quality of data linking in the IDI was important for good analysis. A member recommended that CDEI reach out to COMPASS Research Centre at Auckland University (which had been researching link quality in the IDI) for insights.
The CDEI team clarified that the SIA researchers had no visibility of the identifiable NGO data, before explaining the process: Stats NZ collects data directly from the NGO, links it and removes identifiers before making the data available in the Data Lab. The SIA can only access this de-identified data for their research, and all research results are output from the Data Lab at an aggregate level with additional rules applied to ensure the output is confidentialised (no individual could be identified). A DEAG member asked if any other organisation other than Stats NZ could be a trusted third party.
A member queried how an informed consent decision could be made by a service user given the complexity of the process. They advised that a multi-language, standardised information brochure for service users be developed to clearly outline what their decisions would mean, including how identifying information would be removed. They questioned if the IDI could adequately support and have protections in place for an influx of data and suggested an independent group be established to monitor and determine if objectives, informed consent, and the safety of data were achieved in the process.
A DEAG member added an ethical oversight on methods would be required. Stats NZ advised of a guiding principle that Stats NZ remain the trusted broker, which was a condition when the IDI originated, with no intention to alter that. The group noted that everything involving data would need ethical review.
A member suggested that Stats NZ’s CDEI bid to co-develop the process with NGOs, as they need to be crosscutting with everything.
DEAG reiterated that Stats NZ should not be doing everything in the process, but an ethical panel (including service users) would be required to provide assurance, with Stats NZ facilitating.
The group noted the forward agenda and discussed possible future agenda items.
Advisory Group Members: Professor Colin Simpson (Chair), Frith Tweedie, Will Koning, Andrew Sporle, Kate O’Connor, Pieta Brown, Russell Craig, Jonathan Godfrey, Jonathan Kilgour
Attendees: Centre for Data Ethics and Innovation, Stats NZ
Presenters: Topic One: Sats NZ and Social Investment Agency
The Chair welcomed members and officials, and the meeting was opened with karakia.
No conflicts of interest were identified. The Chair reminded members to keep their interests updated.
The minutes and the advice from the meeting on 10 April 2025 were approved. All action points were completed.
The Group had a wide-ranging discussion with the agency representatives on the secondary use of administrative data, particularly in relation to Social Investment, Census priorities, and Government expectations for innovation and use of AI.
All present agreed that the use of secondary data needs to be innovative and have ethical principles underpinned with human principles, to ensure people are at the centre. A balanced approach to consent in secondary uses of data is needed.
The Group discussed the potential for changes in legislation, specifically the Data and Statistics Act 2022 (the Act). The Act allows the collection of data to be delegated to other agencies which increases the requirement for guardrails.
Obtaining social licence from New Zealanders in the collection of data for Social Investment is needed, with clear communication on how data can be used safely for public good.
The Group asked provided questions for consideration:
The Group agreed on the need for transparency of decisions relating to how data is used in the public interest, the need for a robust framework and practical guardrails to allow acceptable data for the public, and the need for early public engagement. In addition, there should be good practice guidance and the ability to communicate a process in a way that is transparent for communities to engage with. A process that is not transparent will create roadblocks.
The Group discussed the likelihood of decreased social licence in secondary use of administrative data, and how to have oversight and be transparent about what the secondary uses of administrative data will be. It was argued that there is a responsibility to use secondary data with guardrails for its use to be appropriate and serve New Zealanders well.
The Group was interested in exploring the definition of appropriate use of secondary data and what tactical guardrails would look like. It is important to have a transparent ethical review process built into projects, dealing with AI and data, at the start and as they develop. Expanding the use of administrative data should include an independent review of best practice. It is important that the holders of data and the guardians of data are not the same role.
The Group discussed the Privacy Act’s role in protecting individual data so that it cannot be identifiable, and controls on the use of the IDI. These controls were considered to provide a robust and trusted environment, providing safe datasets for research.
It was identified that there could be issues with agencies having to bear the cost of collating data, ensuring the quality of data, and being tasked with obtaining consent for secondary uses. New Zealanders need to have trust and confidence in the ability of those collecting and using data.
The Social Investment Agency has a critical role in ensuring government agencies adhere to guardrails for social investment, including the need:
Areas the Group felt would benefit from further discussion and clarity included what data should be collected, the impact of integration, accuracy of data, why certain data is missing, how data sets for priority populations could be improved, the role and ability of people using data, and the need to justify the purpose and benefits of collection and use of data.
Data systems need to be set up for safe development and application of new technologies and should be done independently of the organisation who holds the data, with routine monitoring. The Group recommended that agencies look to use models already implemented, rather than build new. Members discussed what protective AI capabilities could be used and the importance of having independent bodies ensure that decisions are made without cognitive bias or conflicts. This would provide transparency in decision making.
The Chair and the Director for the Centre for Data Ethics and Innovation thanked the Group for their work over the last two years noting that renewal contracts would be sent out to those agreeing to a further term. It was noted that two members would not be renewing for a further term.
The group noted the forward agenda and discussed next agenda items.
Advisory Group Members: Professor Colin Simpson (Chair), Jonathan Godfrey, Andrew Sporle, Russell Craig, Will Koning, Pieta Brown
Apologies: Jonathan Kilgour, Kate O’Connor, Frith Tweedie
Presenters: DIA and Te Puna Aonui representatives
Topic One and Two: Currently withheld - under active consideration
Advisory Group Members: Professor Colin Simpson (Chair), Jonathan Godfrey, Andrew Sporle, Firth Tweedie, Kate O’Connor, Russell Craig
Apologies: Will Koning (due to conflict of interest), Pieta Brown, Jonathan Kilgour
Attendees: Centre for Data Ethics and Innovation, Stats NZ
Presenters: Social Investment Agency and Stats NZ representatives
The Chair welcomed members and officials, and the meeting was opened with karakia.
Members noted the Data Ethics Advisory Group Register of Interest and updates from members.
Members acknowledged the importance of the IDI as a valuable tool for providing insight into the impact of services and interventions on communities served, and note the collaborative relationships being built with the small sample of NGOs voluntarily participating in the ‘Test & Learn’ trials of limited data sharing. Members note that SIA intends to share insights derived from the data provided by NGOs, back to those NGOs, including visibility of cohorts that may be missing out on services. The usual IDI confidentialisation rules would still apply to any outputs, dashboards, etc. provided to the NGOs.
The IDI is explicitly a research environment, and members questioned if the social investment work aligns with the definition of ‘research’ under the Data and Statistics Act then legislation.
The IDI can be viewed as a tool used by the state to make decisions on people lives, and growing numbers of New Zealanders have concerns regarding this. Ethical guardrails will be important for this work to ensure that that trust and confidence of New Zealanders is maintained, especially as the (in design) Outcomes Based Contracts evolve and start to come into effect.
Members would like to see the development of ethical guardrails to protect against unintended consequences and harm. Where it is intended for data collected from participants as part of government funded research to be deposited into the IDI, then ethical requirements need to be established ensuring that this linking should occur transparently and with the informed consent of participants. Only the data that is needed for the research should be collected – this is a standard research requirement. Members recommend involving lived experience in developing the work and investing in raising the capability of NGOs to be able to work with IDI data.
A member recommended that an Algorithm Impact Assessment be undertaken. This is a practical tool that the SIA can systematically work through to help identify the relevant risks and mitigants.
DEAG looks forward to having the Social Investment Agency and Stats NZ representatives back to the Group to hear how this work is progressing and also to renew guidance should this be appropriate.
Advisory Group Members: Professor Colin Simpson (Chair), Frith Tweedie, Will Koning, Andrew Sporle, Kate O’Connor, Pieta Brown, Russell Craig, Jonathan Godfrey
Apologies: Jonathan Godfrey (attended in part)
Attendees: Centre for Data Ethics and Innovation, Stats NZ
Presenter: DIA representative
The DEAG members attending at Stats NZ office were welcomed by Mark Sowden (Government Chief Data Steward, Stats NZ Chief Executive) and Tia Warbrick (DCE - Strategic Engagement, Māori Partnerships & Data Capability).
The Government Chief Data Steward (GCDS) shared insights on the challenges and opportunities facing Stats NZ as it transforms and takes on a stronger system leadership role, and he invited members to consider how the leadership team at Stats NZ can support DEAG to succeed.
Discussion across the government data system touched on issues such as trust and confidence, social investment, digital transformation, AI, and capability—especially in data and privacy. Members identified the challenges and opportunities to influence the system more proactively, to ensure necessary ethical safeguards are in place.
GCDS finished with thanking the members for their work and support in strengthening data ethics across the government data system.
The Public Service Commissioner convened a cross-government agency group, including DIA, the Office of the Privacy Commissioner, Crown Law, Stats NZ, and the Public Services Commission in response to the Findings of inquiry into protection of personal information released (the inquiry looked at how government agencies protected personal information provided for the 2023 Census and COVID 19 vaccination purposes).
The result was the development of Information sharing standard | NZ Digital government between government agencies and non-government third parties, so that these parties could access government-held personal information to provide services to citizens. The Standard would allow the agency to retain a view of the data and how it is used. The intent was, that a legally binding agreement would reinforce good practice and enable accountability. The Standard would be mandated for government public service agencies under section 57 of the Public Service Act 2020, by the Government Chief Digital Officer (GCDO), and be recommended for other agencies. The Standard would not override other data sharing laws
Definitions
Members identified definitions that were missing or needed greater clarity, especially in relation to the Privacy Act 2020. These included ‘personal information’, ‘transfer outside New Zealand’, and ‘Agent’. Members also requested greater clarity of roles and responsibilities and recommended including the concept of a ‘processor’ in the documentation, similar to the role defined in the European Union’s General Data Protection Regulation (GDPR).
Ethical considerations
The Group expressed concern that there was an absence of ethical considerations within the Standard and that the completion of a Privacy Impact Assessment (PIA) alone was insufficient to identify all ethical issues. Given the absence of informed consent of the people whose data is being shared, an ethics lens is especially critical.
Support for third parties, especially NGOs
Members expressed concern that third parties (and NGOs in particular) might require support to meet this Standard. The Group advised for the need to identify what support was needed (e.g., privacy training) and the provision of quality training.
Data management and oversight
DEAG asked for guidance to be provided on the critical clause 11.5 (regarding specific data controls) and the inclusion of a confirmation process to assure that deletion of the data has occurred (e.g., certification). Members noted that data sharing agreements would require a high level of visibility within an agency to ensure that there was no loss-of-sight of the data shared and the obligations of the third party, especially as agency staff move on.
Audits, non-compliance and breaches
Members were pleased that an audit clause was included and recommended that triggers, or ‘red flags’ be identified that would necessitate an audit and to include these in the Standard.
The Group recommended that a wider definition of ‘harm’ was included along with clarity on roles and responsibilities to address any harms caused, e.g., breaches of law, harm to the individuals whose data has been shared.
More clarity was also needed on the roles and responsibilities of each party when a privacy breach occurs, including who would notify that there had been a breach
Infrastructure and Technology
Members advocated for data to be viewed as a system not a siloed approach, seeing the Standard as an opportunity to advocate for a more trusted and better way of working, even if there were limitations on current infrastructure. Preference would be a data infrastructure where data would remain in situ with the government agency, allowing third-parties access through permissions. This would also support Iwi data environments and Māori providers.
Coverage
Members raised potential areas of ambiguity around the types of third parties that the agreements would cover and sought clarification on these. DIA was asked to ensure that the provisions in all-of-government marketplace contracts comply with the Standard e.g., for large technology firms acting on behalf of a government agency.
Strengthening privacy practices
DEAG noted that New Zealand lacked a strong culture around data privacy and misunderstandings exist across the system. The Standard was an opportunity to reinforce existing guardrails and protections (such as ‘5 safes’, Ngā Tikanga Paihere, data minimisation, risk-based thresholds, etc.) by adding in these safeguards. Accompanying guidance should also reinforce that a PIA be completed before entering into a data sharing agreement.
Future proofing
The Group suggested that DIA acknowledge that this was an interim approach, given the existing data structures in government and the Privacy Act 2020 and work towards safer data sharing infrastructure that respects data sovereignty issues. Noting that as this Standard was designed to operate under Privacy Act 2020, it might need to be revised when this changes.
Members reflected on their time in DEAG: the successes, challenges, and surprises, and identified opportunities for improving the Group’s ability to proactively influence data ethics capability across the government data system.
Members reflected on what they had personally hoped to achieve upon joining DEAG, what Group success would look like, ongoing challenges, opportunities that could improve their influence, the Group’s public perception, and learnings from relevant peer groups.