John Edwards has described Facebook as morally bankrupt pathological liars who cannot be trusted

In January, Britain’s privacy sheriff Elizabeth Denham was given an extra three months in the job. Ministers said at the time that extending the Information Commissioner’s term from July until the end of October would give it the few more weeks needed to find the right candidate.

The delay might also just have been enough to convince John Edwards to give up Wellington for London. After 18 months of relative internal freedom spearheaded by shuttered borders, New Zealand has recently been hit by repeated lockdowns, just as Britain opened up. Denham’s replacement has timed the move exceptionally well.

Edwards, New Zealand’s privacy commissioner, will move to London next month to lead the Information Commissioner’s Office (ICO), the increasingly powerful and relevant regulator tasked with keeping technology giants in line and protecting citizens’ personal data.

The role is, traditionally, relatively quiet: cracking down on nuisance calls and enforcing Freedom of Information legislation. Until 2017, the maximum fine the body could levy for data breaches was £500,000.

But in the era of Big Tech, government surveillance and personal data flying around the world, it has become one of Britain’s more prominent watchdogs. Its budget and staff have doubled in the last five years, as have its powers. The ICO – which reports to Parliament – now has the power to fine companies up to 4pc of their annual turnover, and has used it, fining British Airways £183.4m in 2019 for a data breach the previous year (this was watered down to £20m during Covid).

Biggest GDPR fines chart

At the same time, Denham has been criticised for pursuing flashy causes, diverting resources to an investigation into scandal-plagued Cambridge Analytica’s alleged role in the EU referendum, which found little evidence.

Elizabeth Denham has been the ICO commissioner since July 2016


Going our own way

Edwards, a Kiwi who has served in government for seven years after a career in law and has repeatedly sparred with Facebook, has been presented as a breath of fresh air. His nomination was announced as Oliver Dowden, the Culture Secretary, unveiled post-Brexit plans to relax Britain’s data laws from the strict GDPR legislation inherited from the EU. Last week, Dowden’s department said it would “remove unnecessary barriers to responsible data use”.

Crucially, the Government is using the reforms as an opportunity to present a more business-friendly regime than Europe’s, and sign data agreements with countries around the world. The Government estimates there are £67bn worth of data-enabled exports from the UK to the US that could be better oiled with changes to privacy rules. In an appointment hearing in front of MPs last week, Edwards appeared to endorse this move, saying Britain was “entitled to take Fleetwood Mac’s advice and ‘go your own way’”.

“You must regulate what’s in the best interests of the people of the UK,” he said. “It’s for the UK to determine what suits the UK. It is the world’s sixth largest economy, it certainly has the wherewithal to chart its own course.”

Gehan Gunasekara, an associate professor at the University of Auckland and chairman of New Zealand’s privacy foundation, says Edwards devoted much of his time in the southern hemisphere to international agreements on how to rein in Big Tech, likely to prove crucial as Britain seeks data transfer agreements with a group of countries as diverse as Korea, Singapore and Colombia.

“These are very powerful networks. If they all work together then there’s a good chance that these companies could be reined in,” Gunasekara says.

Speaking to MPs last week, Edwards dismissed fears that the Government would have to walk a tightrope between international agreements and a current deal with the EU, which the bloc has warned could be in jeopardy if the UK strays too far from its own rules. However, he indicated that he was willing to take a more common-sense approach than Britain’s neighbours, saying overzealous data requirements have held back investment.

John Edwards is a longtime critic of Facebook over its privacy policies

“If I can turn that dial just a couple of points, that can make the difference of billions of pounds to the UK economy and thousands of jobs,” he said.

Cookie-free diet 

In particular, Edwards criticised the ubiquitous cookie notices that have blighted web users since their introduction a decade ago, suggesting they had knocked economic output. “Although they seem like a trivial output when crossing from one site to another, just take a second to try to calculate the hundreds of millions of clicks per day, to quantify that in terms of the lost productivity, never mind the administration required for those sites.”

Marcin Betkier, a privacy lecturer at the University of Victoria in Wellington, says Edwards is likely to shift Britain from complicated European data standards, which focus heavily on how businesses process data, to actual results. “For John, it’s more about protecting people from harm,” he says.

While thousands of businesses are likely to hail a more welcoming data regime, campaigners have warned against it. Even before Edwards’ appointment, the Open Rights Group, which campaigns to preserve digital freedoms, had claimed that the Government’s ambition to hire an information commissioner with “commercial and business acumen” was an effort to roll data protection laws back, just as the state had expanded its data gathering powers during Covid.

Gunasekara says that in New Zealand, privacy activists have been disappointed at Edwards declining to take a more forceful stance on controversial issues such as contact tracing apps or facial recognition.

At a glance | Your data rights under GDPR

But if privacy hawks fear the Government will get an easy ride, one company is not. Edwards shot to international prominence in 2019, a month after the Christchurch mosque shootings, for taking to Twitter to label Facebook a group of “morally bankrupt pathological liars who enable genocide [and] facilitate foreign undermining of democratic institutions”. He also accused the company of allowing the livestreaming of rapes and murders, and said it “cannot be trusted”. At the same time, he deleted his own Facebook account.

Edwards later removed the tweets, and said he was being hyperbolic to express frustration after feeling the company had not co-operated in the aftermath of the shooting, which was livestreamed on Facebook.

“I am not making a judgment on the conduct of the company today,” he said, promising to treat businesses equally.

However, Edwards has said he thinks the biggest tech giants are a societal risk, and one that countries should push back on. “We confront with these platforms a phenomenon that has never been experienced in the world. These are nation-state sized commercial enterprises,” he told MPs. Last week, he praised the ICO’s recent Children’s Code as an example of countries pushing back. It has led the likes of Google and Instagram to introduce new protections for under 18s.

“I think we are starting to see assertions of national sovereignty against these organisations.”

Edwards added that tech companies placed too many burdens on users to look after their own privacy and is also expected to demand that tech firms better explain how algorithms such as the Facebook news feed works.

Britain’s new privacy boss is at least partially willing to compromise – he has reactivated his social media accounts for one thing. Betkier also recalls a conference hosted by New Zealand’s privacy commission a few years ago. Drinks after the event were sponsored by Facebook.