James Moss

I am a Data and Cybersecurity lawyer, focussing on all aspects of contentious data protection work including enforcement action by regulators, managing data breaches and cyber incidents and advising on the strategic and tactical implications of my clients' position from a regulatory perspective.
I was Legal Director of Enforcement for the UK Information Commissioner's Office ("ICO") from 2019 and was appointed by Commissioner Elizabeth Denham CBE as her acting General Counsel. I first joined the ICO in 2018 as lead lawyer for the office's investigation and enforcement action into the Cambridge Analytica affair and went on to lead enforcement action on all their most high profile matters alongside managing their contentious legal function covering the DPA, FOIA, NIS, PECR and criminal prosecutions. In addition I advised on a wide variety of strategic matters, including the project to revise and update the ICO's penalty setting and statutory guidance policies, their posture on enforcement during the Covid pandemic and helping to lead the office's input into UK Adequacy negotiations following Brexit. Many of the matters I dealt with on behalf of the regulator arose from cybersecurity breaches and their intersection with data protection law.
Before joining the ICO I spent ten years in private practice with a leading international law firm dealing with all aspects of regulatory law, including investigations and prosecutions involving money laundering, carousel and boiler room fraud, export control and sanctions issues, proceeds of crime and confiscation and anti-bribery & corruption with a particular focus on cases involving complex interactions of different regulatory regimes across multiple jurisdictions.
Contributions by James Moss
-
I Think I've Seen this Film Before: Breach Response Insights from the Regulator
Speaker at IAPP Data Protection Intensive: UK 2025 -
Revisiting EDPB, ICO approaches to administrative fines
The Privacy Advisor -
UK First-tier Tribunal overturns ICO enforcement action against Clearview AI
Privacy Perspectives -
GDPR fine calculation: A look at the EDPB's new guidelines and the UK's approach
The Privacy Advisor