John Edwards began as U.K. Information Commissioner 4 January, 2022.
Edwards, who joins on a five year term, spent the past eight years as New Zealand Privacy Commissioner, and before that worked as a barrister. He succeeds Elizabeth Denham, CBE, whose term as U.K. Information Commissioner ended last year.
Edwards’ appointment comes at the start of a busy time for information rights in the UK. The ICO will be actively engaging with the government over the proposed reforms to the Data Protection Act and introduction of the Online Safety Bill, as well as strengthening links with other digital regulators. The ICO will also continue to prioritise its work to protect children online, through the Age Appropriate Design Code, which has already prompted international tech companies to make changes to better respect children’s rights online.
Edwards was educated in New Plymouth, New Zealand and achieved a bachelor of laws and masters in public policy at the University of Wellington.
He worked as a solicitor and barrister for more than 14 years, including time as a policy adviser to the New Zealand Prime Minister and Cabinet around Freedom of Information.
From February 2014 to December 2021, he was New Zealand Privacy Commissioner. During that time, he chaired the International Conference of Data Protection and Privacy Commissioners (now known as the Global Privacy Assembly), and was a member of the OECD’s Informal Group of Experts on Children in the Digital Environment.
Joe Jones serves as the director of research and insights for the International Association of Privacy Professionals (IAPP). Leading the research and insights team, he provides strategic direction and contributes to the development of practical content for privacy professionals on privacy law and policy, data protection management, and privacy technology and engineering. This work includes engaging with privacy leaders from industry, government, academia and civil society as he keeps IAPP members informed on data protection developments around the world.
Previously, Jones served as the deputy director for international data transfers with the U.K. government, where he led the team responsible for policies relating to the free and secure flow of data internationally. This included work on data ‘adequacy,’ alternative transfer mechanisms, and multilateral initiatives that promote the trusted exchange of data across borders. Other prior roles include serving as the U.K. government’s deputy head of digital trade policy and working in the private sector as a lawyer on data privacy issues with Covington & Burling LLP .
Jones has been globally recognized as a leader in privacy law and policy. In 2022, Politico named him as the fourth most influential ‘rulemaker’ in Europe as well as the digital policy ‘Wonk of the week’ in September of 2021.
He has led dozens of U.K. government diplomatic delegations or missions, holds over 200 public and private speaking credits on data protection and transfers, and has contributed frequently to academic and professional publications, including the National Law Review. Jones holds a law degree from the University of Oxford. he can be found on Twitter at @JoeGTJones
Schrems is the honorary chairman and founder of noyb, a privacy enforcement platform that brings data protection cases to the courts under the EU General Data Protection Regulation. Schrems first came to notoriety as an Austrian law student who filed a complaint to the Irish Data Commissioner that Facebook Ireland was illegally sharing his personal data with the U.S. government, following the revelations of Edward Snowden. The case, known as "The Schrems case" or "Schrems I," eventually led to the invalidation of the Safe Harbor data-transfer agreement between the EU and U.S. Schrems later amended his complaint against Facebook Ireland with the Irish Data Protection Commission after Facebook switched its transfer mechanism from Safe Harbor to standard contractual clauses, leading to a new referral to the CJEU implicating both standard contractual clauses and the EU-U.S. Privacy Shield Framework. On July 16, 2020, the Court of Justice of the European Union invalidated Privacy Shield and placed additional requirements for companies using standard contractual clauses to third countries outside the EU.