Skip links

You can ‘go your own way’ over GDPR, says UK’s new Information Commissioner

The incoming head of the UK’s data watchdog has “gone on the record” to say he will be fair and impartial in his dealings with tech companies despite once describing Facebook as “morally bankrupt pathological liars.”

John Edwards, who is currently New Zealand’s Privacy Commissioner, was responding to a now-deleted tweet he posted in the aftermath of the attack at two mosques in Christchurch in 2019 which left 51 dead and dozens more injured.

The EU… has certain legal traditions which suggest that the GDPR approach best suits that legislative and regulatory environment

The attack – which was livestreamed on Facebook and shared on social media – was described at the time by Prime Minister Jacinda Ardern as “one of New Zealand’s darkest days.”

Speaking on Thursday at a hearing of the Digital, Culture, Media and Sport (DCMS) Committee via video link from New Zealand, he was asked about his criticism of big tech companies.

Asked by Damian Green MP whether he still felt that “tech giants are genuinely a threat to the wider democratic scrutiny and process,” he replied: “That tweet came from a very profound context of national shock and grief,” he told the committee, “[by] a very egregious terrorist act that was facilitated, amplified and propagated through that particular platform.”

Despite his own feelings, he made it clear that when he takes up the role as the UK’s Information Commissioner he will be “fair and impartial.”

“I do want to go on record and say that despite the hyperbole referenced in that tweet, Facebook – and every other organisation which is subject to the ICO’s jurisdiction – can expect a fair and impartial inquiry when I occupy that role – without predetermination or bias.”

The discussion then moved on to the growing influence of big tech and how regulatory policy is being shaped.

“We confront with these platforms, a phenomenon that has never been experienced in the world in regulation. These are nation state-sized commercial enterprises,” he said, adding that it is becoming “increasingly difficult to engage them on the national level.”

But he also said he saw signs that countries are beginning to “see assertions of national sovereignty against these organisations,” citing the example of the ICO’s recent introduction of its age-appropriate design code or “Children’s code” which contains 15 standards that online services need to follow. Aimed in particular at tech companies such as Facebook, YouTube and TikTok that are often used by children, it doesn’t just apply to companies based on their jurisdiction. Instead, it applies to all companies that process the personal data of UK children.

In a line of questioning that might hint at Edwards’ future tenure at the ICO, he was asked whether big tech was starting to recognise that the “world is changing,” that many people believe them to be “the equivalent of the Trusts that had to be busted in America in the late 19th century.” Edwards said he believed that there were signs of change.

“We’ve seen some of the largest platforms actively calling for regulation,” he said. “And when you see that happen, you know, the tide has turned that they see the inevitability of needing to finally respect the authorities and the jurisdictions that they operate [in].”

EU know what….

Quizzed on the thorny issue of the UK’s relationship with the European Union, he was asked how the UK could make progress without “aping” what happens on the Continent.

“It’s a really important question,” said Edwards, “and I think at the core must be mutual respect. Europe is entitled to regulate for its citizens in the way that it deems most appropriate. And it has certain legal traditions which suggest that the GDPR approach best suits that legislative and regulatory environment.”

At the same, the “United Kingdom is entitled to take Fleetwood Mac’s advice and ‘Go your Own Way’,” he said, citing the soft rock supergroup, ensuring the “mutual respect of different legal and cultural traditions… lead to different expressions of the same objective.”

And for those who are simply left numb and befuddled by the whole subject of data protection, Edwards had this to say: “What I really want to do is make privacy easy. And I think I can translate that to the UK. I want to make data protection easy – easy for industry to implement at low cost, easy for consumers to exercise privacy-friendly choices in their marketplace, and easy for people to access remedies when things go wrong.” ®