From Elizabeth Denham to John Edwards as the UK’s Information Commissioner

After Elizabeth Denham took on her position as Information Commissioner in 2016, it soon became clear that the role required more challenges than she might have reasonably expected.

She came to the post well prepared having been responsible for regulating both privacy and access to information in British Columbia, Canada, with a personal warmth, and accustomed to not only the issues but also explaining them to legislators, the media and the public.

She was silent on the great Brexit debate and then had to respond to the UK leaving the EU. This meant that close links developed over decades with the UK’s nearest neighbours had to be formally broken, although she ensured that good will remained on a personal level. The UK could no longer be the largest single contributor to the European Data Protection Board’s policy work, and she had to shift gears to accommodate the government’s new international data aspirations.

In 2018 she was elected Chair of the International Conference of Data Protection and Privacy Commissioners, soon renamed the Global Privacy Assembly. It has its Annual Congress in Mexico next month so she agreed at the government’s request to stay in post for a few more months than her 5-year Information Commissioner term required. This month, symbolising the UK’s shift in attention away from the EU, Denham has represented the UK on data issues at the G7 and in June 2019 spoke at the G20 in Japan to help develop the data trust concept (PL&B UK Report July 2019 p.9). In practice, relationships with other European DPAs continue in fora such as the OECD and the Council of Europe. As she is also Chair of the parallel international group of Freedom of Information Commissioners, she has held a uniquely influential position.

In the UK, she has brought the Information Commissioner’s Office to greater public attention as a result of the high-profile raid in the Facebook/Cambridge Analytica investigation which for the first time increased awareness of “nudge” techniques commonly used for marketing being deployed in the political sphere for elections and the Brexit referendum. This high-profile public role has increased greatly during the Covid 19 pandemic with the ICO contributing to widespread media discussion of privacy aspects of the NHS Track and Trace Covid app and related issues.

Elizabeth Denham has an exemplary public persona in interviews and other appearances where she is calm and authoritative in a reasonable, logical and persuasive way. She has often been a speaker at PL&B’s Annual International Conferences in Cambridge and we will miss her. She does not take all the credit and frequently ensures her colleagues speak on specialist issues in the media and at events.

Denham has been skillful in balancing her policy and sanctions strategies. She has taken significant internationally influential initiatives such as the Children’s Code (PL&B UK Report May 2021) and has ensured steady development of certification as an accountability tool learning from models elsewhere, such as the EU and Singapore (PL&B International Report June 2019 pp.13 and 23). Where necessary, she has imposed fines across many sectors, although some of the recent high fines have been reduced on appeal.

She won a substantial increase in the funding of her office by forcefully persuading the government of the importance of the Information Commissioner’s work across all areas of society. The rapid increase in ICO staffing means that the UK now has the largest and perhaps best resourced DPA in the world. This platform has enabled the government to assert confidently that the UK’s ICO is a forceful regulator strengthened by its formal agreements with other UK regulators, such as the Financial Conduct Authority grouped together as the Regulation Cooperation Forum (p.10). Interestingly, the ICO has recently advertised a new role of Chief Economist, part of the shift toward the government’s policy to regard the ICO as an economic regulator.

John Edwards

John Edwards served for three years as Chair of the Executive Committee of the International Conference of Data Protection and Privacy Commissioners now renamed as the Global Privacy Assembly for which the Chair for the last three years has been Elizabeth Denham.

It is clear from the Parliamentary hearing on 9 September that Edwards is well informed about the UK government’s international data aspirations and well equipped to pursue them. His experience includes his main role since 2014 as New Zealand’s Privacy Commissioner and has represented New Zealand as a member of the Asia Pacific Privacy Authorities (APPA). There he has regularly met the DPAs of the countries you might expect, such as Australia, Hong Kong, Japan, Korea, Macao, the Philippines and Singapore and also several DPA from countries in North and Latin America, such as Canada, Colombia, Mexico, Peru and the United States.

By good fortune or coincidence, some of these countries are on the UK’s priority list for adequacy assessments. Although he will not be the primary actor in this process, which is the role of the DCMS, he will be well equipped to be an intermediary when necessary. No doubt, he will settle into his new role, for example, learning more about the Freedom of Information Act.

PL&B will continue to report on and analyse the ICO’s work as we have done for nearly 35 years. We regard Elizabeth Denham as a friend of PL&B and wish her well in her next role, and welcome John Edwards as the new Information Commissioner.

Best regards,

Stewart Dresner

Publisher, Privacy Laws & Business