Most of us have had some version of the same experience.
You fill out a government form. Then another. Then another. Each one asks for information the state already has somewhere: your name, address, date of birth, tax number, benefit status, licence details, health number, company number, court record, and then to top it all off, proof (again) that you are who you say you are.
At one level, this is just annoying. But at another, it tells us something important about how public systems are built. They often organise information around agencies, not people.
There is a better idea, already being tested overseas, the “once-only principle”.
The idea is simple: if a person or business has already given standard information to one part of the state, they should not have to give it again to another. The state should be able to check the trusted source, with proper legal authority, rather than making you carry the paperwork from office to office, form to form.
It sounds obvious. But making it work is not simple.
Estonia’s useful lesson
After regaining independence, Estonia built much of its modern public administration around digital identity, secure data exchange, and distributed public databases.
The important point is that: Estonia did not simply build one giant database containing everything about everyone, instead, it built a secure exchange layer between different systems. Agencies can request verified information from the correct source, rather than creating endless copies.
In plain English, the state should know where the official version of a fact lives.
That has real advantages. It reduces paperwork, cuts errors, speeds up services, and makes government feel less like a maze. It also changes the role of public data. A verified record is no longer just a file sitting in one agency. It becomes part of a civic infrastructure.
But that is also where the possible concern begins.
If information can move easily between institutions, people need to know more than whether the data exists. They need to know who accessed it, why, under what authority, and what happened because of it.
The old burden was having to prove the same thing over and over.
The new burden is having to understand what the system already thinks it knows, who it shares it with, and what that means.
The Nordic trust model
The wider Nordic region gives another useful comparison. Countries such as Denmark, Finland, Norway, and Sweden have built strong digital public services in high-trust societies. People expect government to work. They expect public systems to be relatively competent, connected, and fair.
Finland is especially interesting because of its human-centred data thinking. The “MyData” tradition treats personal data not just as something institutions collect, but as something tied to individual personal agency. It asks how people can have more visibility and control over how their data is used.
Denmark shows the power of digital public infrastructure. Its Digital Post system gives citizens and businesses, a secured, legally recognised mailbox for official communication with public authorities, connected to national digital identity. When identity, secure messaging, online services, and public-sector architecture are joined up, life becomes easier for many people. But when digital communication becomes the default, the state must also protect those who need help, exemption, or a human alternative.
Digital-by-default government has its own danger. Not everyone has the same access, confidence, literacy, time, disability support, language ability, or trust in institutions. A system that is convenient for the majority can become punishing for people at the edge.
So the lesson is not simply “make everything digital”.
The lesson is: make systems work better, but do not remove the human door.
New Zealand’s different problem
New Zealand is not starting from zero. We already have strong data capability.
Stats NZ’s Integrated Data Infrastructure links de-identified information from different parts of government for research and policy. The health system has the National Health Index. Agencies share information under legal agreements. The justice system has its own web of police, court, corrections, customs, and ministry records. Public datasets are listed through data.govt.nz.
But from the ordinary person’s point of view, the picture can be much less clear.
Where is the official version of your information? Which agency holds it? Has it been copied? If it was corrected, has it been corrected everywhere? Has one system updated while another still carries the old version?
If a decision is made about you, was it based on a clean record, a partial record, or an inference drawn from several systems?
These questions matter in every area. In health, fragmented data can affect care. In welfare, it can affect access. In education, it can affect access to learning support, specialist services, funding assistance, or other help that students may need to participate and succeed. In justice, it can affect liberty.
That last point deserves special attention.
Police and courts do not operate from one simple database. They work across operational systems, identity records, dispatch records, intelligence records, case-management systems, criminal-history information, disclosure material, and cross-agency data flows. Some systems are used for evidence, intelligence, administration, or statistics. Some may sit above the others, helping officials find links and patterns.
The courts are also moving toward more modern digital case-management systems. Done well, these will improve efficiency, reduce delays, and make information easier to access across different parts of the justice system.
The more connected these systems become, the more important it is to ask: what can a person actually see of their own data, what can be corrected, challenged, or appealed?
A wrong address is inconvenient. A wrong justice-sector link can be life-changing, or at the least, very stressful (and inevitably expensive).
The next layer of rights
Privacy law has often focused on collection and disclosure: who can collect information, who can share it, and whether there is consent or legal authority.
Those questions still matter. But they are possibly no longer enough.
Modern data systems do more than store records. They connect, sort, rank, infer, predict, and recommend. A person may be affected not only by a file, but by a profile. Not only by a fact, but by a pattern. Not only by a decision, but by a system that quietly shapes which decisions are possible.
The world accepted broad changes around data rights and surveillance post 9/11, maybe we need to revisit that.
A mature public data framework should include more than efficiency. It should include visible access logs, clear purpose limits, correction rights, dispute pathways, human review, appeal rights, and accessible alternatives for people who cannot easily use digital systems.
It should also recognise that consent is not magic. Most people cannot manage dozens of complex data permissions across agencies, platforms, health providers, schools, banks, insurers, and automated services. Future systems will need better tools to help people understand and manage what is happening on their behalf.
The real test
The once-only principle starts with a sensible promise: the state should not keep asking people for information it already holds.
But a deeper principle sits behind it.
The citizen should not have to carry the burden of a badly connected state, or objectively, the burden of responsibility for maintaining data for future judgement or inference. Nor should they be made powerless inside a well-connected one.
There is a balance New Zealand should be aiming for.
We should want public systems that are efficient, accurate, and joined up. We should also want systems that remain visible, contestable, correctable, and human.
The state should not ask twice.
But neither should the person have to guess what the state already thinks it knows.
Sources consulted
Sources consulted include European Commission material on the once-only principle, Estonia’s e-Estonia and X-Road documentation, the Danish Agency for Digital Government, MyData Global, Stats NZ, Health New Zealand, the Office of the Privacy Commissioner, New Zealand Police, and the Ministry of Justice.
Machine-readable summary
This section provides compact page context for search systems, accessibility tools, and AI readers.
{
"page_type": "Article",
"article_title": "The State Should Not Need To Ask Twice",
"section": "Digital Rights Infrastructure",
"standfirst": "As governments connect more data, the real question is no longer whether the state can reuse what it knows. It is whether citizens can see, correct, contest, and understand how that knowledge is used",
"summary": "An essay on the once-only principle, connected government data, Estonia, Nordic digital public infrastructure, New Zealand data systems, and the need for public systems that remain visible, contestable, correctable and human.",
"topics": [
"once-only principle",
"data rights",
"digital government",
"public-sector data",
"contestability",
"correction rights",
"human review"
],
"site": "Aperi Studio"
}