James Moss
I am a partner in Bird & Bird's London-based international Privacy & Data Protection practice. My background with the UK Information Commissioner's Office combined with experience as a regulatory law specialist in private practice gives me unrivalled insight into contentious data protection work and enforcement action.
My practice areas focus on all aspects of contentious data protection work including enforcement action by regulators, managing data breaches and advising on the strategic and tactical implications of clients' position from a regulatory perspective. Many of the matters I have dealt with on behalf of the regulator arose from cybersecurity breaches giving me hands on insight into the intersection of data protection law and cybersecurity.
Prior to joining Bird & Bird in March 2023, I was Legal Director of Enforcement for the UK Information Commissioner's Office ("ICO") from 2019 and was appointed by Commissioner Elizabeth Denham CBE as her acting General Counsel. I first joined the ICO in 2018 as the lead lawyer in the office's investigation and enforcement action into the Cambridge Analytica affair. Following my appointment as Director I went on to lead the ICO's enforcement action on all their most high profile matters and managed the contentious legal function covering the DPA, FOIA, NIS, PECR and their criminal prosecutions. In addition I led on a wide variety of strategic matters, including the ongoing project to revise and update the ICO's penalty setting and statutory guidance policies as well as their posture on enforcement during the pandemic, as well as helping to lead the office's input into UK Adequacy negotiations following Brexit.
Before joining the ICO I spent ten years in private practice with a leading international law firm dealing with all aspects of regulatory law, including investigations and prosecutions involving money laundering, carousel and boiler room fraud, export control and sanctions issues, proceeds of crime and confiscation and anti-bribery & corruption with a particular focus on cases involving complex interactions of different regulatory areas across multiple jurisdictions.