Trustworthy AI Starts with Strong Data Foundations: Welcoming the NZ Privacy Commissioner’s Statement on AI Governance

The Office of the Privacy Commissioner (OPC) has taken a landmark step by releasing a Joint Statement on Trustworthy Data Governance for Artificial Intelligence (AI) alongside other Asia Pacific data protection authorities. The statement sets a clear direction for how organisations in New Zealand should design, develop, and deploy AI responsibly.

At its heart, this message is simple yet powerful: AI innovation must be built on a foundation of robust data governance.

What the Statement Highlights

The joint statement outlines the core expectations for AI systems. They emphasise that organisations must ensure transparency, accountability, and fairness across the AI lifecycle.

Key themes include:

• Embedding trustworthy data governance at every stage of AI development.

• Aligning AI use with existing privacy principles and human rights standards.

• Conducting Privacy Impact Assessments (PIAs) and algorithmic risk reviews.

• Ensuring individuals understand when and how AI systems are using their personal data.

• Considering cultural and community perspectives, including Māori data sovereignty.

This joint statement represents growing international alignment: that trustworthy AI requires disciplined governance, not just technological ambition.

Why This Matters for New Zealand Businesses

For New Zealand organisations, this announcement is both a warning and an opportunity. AI is rapidly reshaping sectors, from healthcare and insurance to education and logistics ,yet many organisations are still unclear about their privacy, ethical, and accountability obligations.

The OPC’s statement reinforces that compliance with the Privacy Act 2020 and the Information Privacy Principles (IPPs) extends directly to AI systems. Whether your business builds AI, buys it, or simply uses it, you are responsible for the data that powers it.

Organisations must be able to answer:

• What data is feeding our AI systems?

• Do we have consent or lawful authority to use it?

• Are we keeping it for longer than necessary?

• Can we explain our AI’s decisions?

• Have we evaluated risks of bias, discrimination, or harm?

Without robust governance, AI quickly shifts from an opportunity to a liability.

Data Governance: The Engine of Trustworthy AI

Data governance is more than a compliance checkbox. It’s the operating system for ethical innovation. Here’s why it matters more than ever in the age of AI:

Ensures Accountability and Oversight

Strong governance creates structure, defining who owns data, who can use it, and how decisions are made.This accountability prevents “black box” AI scenarios and ensures someone is responsible when errors occur.

Protects Privacy by Design

Governance embeds privacy protections at the start, not after a breach. Policies on collection, minimisation, consent, retention, and disposal reduce the risk of unlawful or excessive data use in AI models.

Drives Transparency and Explainability

AI transparency isn’t just a technical issue it’s a governance issue. Data cataloguing and metadata management allow organisations to trace data lineage, showing where information comes from, how it’s transformed, and how AI decisions are derived.

Supports Regulatory Readiness

From privacy regulators to the upcoming global AI standards, demonstrating structured governance is the fastest path to showing reasonable care and compliance. It positions your business as proactive, not reactive.

Building a Practical AI Governance Framework

If you’re implementing or planning AI, here’s where to start:

Map your AI systems and data assets – identify where personal or sensitive data is used.

Establish a governance framework – define roles (data owners, stewards, risk leads), escalation processes, and oversight bodies.

Create clear data retention and minimisation rules – delete or de-identify what’s no longer needed.

Evaluate third-party tools and models – ensure external vendors align with your governance policies.

Integrate privacy and ethics reviews – conduct PIAs and algorithmic assessments for every major deployment.

Communicate transparently – let customers know how AI impacts them and how their data is protected.

Strong AI governance doesn’t stifle innovation it enables it. When governance is baked in, you can scale AI confidently, knowing it’s ethical, explainable, and compliant.

A Turning Point for AI in New Zealand

The Privacy Commissioner’s joint statement is a welcome step towards global alignment and responsible innovation. It acknowledges that while AI offers immense opportunity, it also carries risks that must be actively managed through trustworthy data governance.

At Nandwani Lynn, we believe this marks a defining moment for New Zealand businesses.Those that embed governance, transparency, and accountability into their AI strategies will not only stay compliant but earn public trust — the true currency of the AI era.

If your organisation is exploring AI and needs guidance on how to build a compliant, ethical, and resilient governance framework, we can help. Get in touch today for a no obligation chat !