A New Zealander who once called Facebook „morally bankrupt“ is now the U.K.’s new data regulator.
As the Information Commissioner, John Edwards will be in charge of everything from probing Silicon Valley giants to handling sensitive political probes at home. He brings a record of enforcement to the job having ruled against Facebook in his previous role as New Zealand’s top privacy watchdog.
But he faces much larger challenges in his new role, from managing relations with the EU and probing Silicon Valley giants to handling a politically sensitive investigation into former Health Secretary Matt Hancock.
The U.K. has also announced it wants to reform its privacy rulebook and strike a new data transfer agreement with the United States as part of its bid to bolster trade — a move that could strain relations with the European Union further, and could test Edwards‘ diplomatic skills.
He takes over from Elizabeth Denham, a Canadian national who led probes into Facebook’s Cambridge Analytica scandal and issued two major privacy fines that were later watered down.
„There is a great opportunity to build on the wonderful work already done and I look forward to the challenge of steering the organisation and the British economy into a position of international leadership in the safe and trusted use of data for the benefit of all,“ Edwards said in a statement confirming his appointment.
From CCTV to data flows
The New Zealander is known for speaking his mind.
In the wake of the Christchurch terror attack, which was livestreamed on Facebook, he called the company „morally bankrupt pathological liars“ that „allow the live streaming of suicides, rapes, and murders.“
Edwards will continue to deal with Facebook and other Big Tech firms in his new job. He will also oversee a long-running investigation into the online advertising sector and a highly-politicized probe into leaked CCTV footage that led to the resignation of Matt Hancock from his position at Health Secretary.
“The new information commissioner has a hell of a job on their hands and needs to avoid grandstanding or following the headlines. In this new post-pandemic age, this is a crucial role,“ said Julian Knight, a Conservative MP who chairs the parliament’s digital committee.
Edwards will also be dealing with the fallout of Brexit.
The government’s announcement this morning that it intends to seek feedback on changing its privacy laws to make them „even more ambitious, pro-growth and innovation-friendly“ is unlikely to win it friends in Brussels, which requires the U.K. to keep its framework in line with the 27-member bloc’s in order to keep data flowing across the Channel.
„Today’s announcements put the U.K. on a collision path with the EU, but also more widely with civil society organizations, with the likelihood of serious domestic data litigation in the future,“ said Adam Rose, a data protection lawyer at law firm Mishcon de Reya.
In a statement, the U.K. Secretary of State for Digital Oliver Dowden said leaving the EU was an opportunity to develop „a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK.“
Britain’s stated aim to strike data flows deals with the U.S., Australia, the United Arab Emirates, Singapore, South Korea and Colombia — and Brazil, India, Indonesia and Kenya after that — could also spell trouble for its relationship with the EU, since none of those countries currently passes the grade according to European data protection standards. (An EU-Korea agreement is currently pending approval.)
‚Keeping Brussels sweet‘
That could imperil Britain’s data deal with Europe, which must be renewed in four years’ time, since the U.K. must ensure that any EU citizen data it forwards on to other countries retains a level of protection equivalent to European standards. Brussels will be looking carefully at any data sharing arrangements Britain strikes with other countries to see that that promise is kept.
The inclusion of the U.S., whose surveillance standards have repeatedly been found to flout EU standards, and Australia, which currently lacks comprehensive privacy protections, is particularly concerning for the EU.
The British government argues that Edwards, who has experience navigating an independent data regime while maintaining ties with the EU, will help keep Brussels sweet. His track record in successfully walking that tightrope is „vital,“ the government press release said.
His nomination has also been cautiously welcomed by both the business community and civil society, despite questions over why a Brit didn’t get the job.
Ravi Naik, who has been part of numerous British privacy complaints, has previously said that someone with Edwards‘ background is „welcome.”
Meanwhile Eduardo Ustaran, a data protection lawyer at law firm Hogan Lovells, said the the nod for Edwards was „a vote for proven expert knowledge of the area with great doses of can-do pragmatism.“
Denham, the outgoing commissioner, won plaudits for her response to the Cambridge Analytica scandal but was criticized for fumbling high-profile investigations since. She steps down after five years at the helm of the U.K.’s data protection watchdog.
Annabelle Dickson contributed reporting.
Want more analysis from POLITICO? POLITICO Pro is our premium intelligence service for professionals. From financial services to trade, technology, cybersecurity and more, Pro delivers real time intelligence, deep insight and breaking scoops you need to keep one step ahead. Email [email protected] to request a complimentary trial.