Pre-appointment hearing for Information Commissioner Contents

Appendix: CV and accompanying papers

CURRICULUM VITAE

Professional history

February 2014–Present New Zealand Privacy Commissioner

Chief Executive of Office of the Privacy Commissioner, Corporation Sole, Independent Crown Entity. Discharging all statutory functions of Privacy Commissioner.

1999–December 2013 Barrister and solicitor on own account

Selected clients and engagements

October 1997–June 1999 Senior Solicitor Ministry of Health

October 1997–December 1997 Relieving Solicitor, State Services Commission (secondment)

October 1993–October 1997 Barrister and solicitor on own account

Appointments / key clients include

March–October 1993 Manager, Office of the Privacy Commissioner

Assisting with the establishment the Office of the Privacy Commissioner.

March 1990–March 1993 Investigating Officer, Office of the Ombudsman

Investigating decisions under the Official Information Act.

January 1989–March 1990 Staff Solicitor Nicholson Kirkby Sheat & Co

General legal practice, family, company & criminal law.

October 1986–April 1987 Mountaineer, Search and Rescue Team, Mount Cook National Park

Education

Oxford Advanced Management and Leadership Programme, Said Business School, Oxford University (2019)

Master of Public Policy with Merit Victoria University of Wellington (2008)

Bachelor of Laws Victoria University of Wellington (1989)

Institute of Professional Legal Studies, Professionals (1989)

New Plymouth Boys High School 1979–1983

Selected Publications

Contributor - reporting on New Zealand’s compliance with Article 19 of the UN Convention on Civil and Political Rights (freedom of expression).

Specialist Editor and regular contributor of articles

Selected Conferences and Seminars

Dozens of appearances at conferences as keynote, speaker, panellist, moderator, chair, domestically and internationally. List available if required.

QUESTIONNAIRE: JOHN EDWARDS

Motivation

1. What motivated you to apply for this role, and what specific experiences would you bring to it?

I bring three decades of experience working in both data protection and freedom of information lawand public policy, seven years as a chief executive, providing organisational, and system wide leadership, and change management, and a rich network of international contacts from my three years as Chair of the Global Privacy Assembly (a position currently occupied b yElizabeth Denham).

I have been Privacy Commissioner in New Zealand since 2014 and have successfully managed atransformation of both our operating model and our culture. We have implemented new legislation,the Privacy Act 2020, and created a new structure to better reflect our regulatory role in the systemfor 2021. Having achieved these changes and establishing a team who can confidently navigate anincreasingly sophisticated privacy ecosystem, I was not actively looking but felt open to consider anew challenge. When I saw that Elizabeth Denham had been asked to stay in the role until a replacement could be recruited, I began to look into it more seriously, excited by the possibilities forthe role over the next few years as the United Kingdom leaves the EU and forges its own regulatory path.

I am proud of what I have achieved in New Zealand in changing the way privacy and data protectionis seen in the public discourse. The ICO position offers an opportunity to extend this approach to the UK.

One issue that needs urgent attention is harmonising systems for international data transfers. The ICO will be in a position to lead innovative solutions to achieving what Japanese Prime Minister Shinzo Abe first described in 2019 as “Data free flow with trust”, and which the UK has progressed during its G7 presidency year into a tangible programme of action for governments and regulators, which will in turn unlock economic benefits internationally.

2. If appointed, are there specific areas within your new responsibilities where you will need to acquire new skills or knowledge?

The most significant area for me to acquire knowledge is on the political and public administration environment in the United Kingdom. I need to acquire a deeper understanding of the different rolesof different regulators such as Ofcom and the CMA, and how we can leverage our respective jurisdictions to achieve the vision of the National Data Strategy, for example.

I rely on technical expertise and advice in areas of advanced and emergent technologies such asblockchain, encryption and artificial intelligence, and I expect that capacity to exist within the ICO,andthroughnetworkssuchasitslinkswith theAlanTuringInstitute.

3. How were you recruited? Were you encouraged to apply, and if so, by whom?

I am aware that several colleagues in different jurisdictions identified me as a possible candidatewhen approached by the Government’s recruitment adviser, but I had no direct approach eitherfromtheGovernment,or any recruiter. I appliedonmy own initiative.

Personal Background

4. Do you currently or potentially have any business, financial or other non-pecuniary interests or commitments, that might give rise to the perception of a conflict of interest if you are appointed? How do you intend to resolve any potential conflicts of interests if you are appointed?

No. I have a portfolio of investments that is managed on my behalf by a broker, but I do not believe any single holding would meet the threshold for materiality.

My approach to managing potential conflicts is to declare them and be open about them at firstinstance, and then to discuss with colleagues whether any specific steps need to be taken to manage them, and if they are not a manageable conflict to recuse myself from involvement with the matter.

5. If appointed, what professional or voluntary work commitments will you continue to undertake, or do you intend to take on, alongside your new role? How will you reconcile these with your new role?

As taking on this role will require rapidly increasing my contextual and environmental knowledge ofthe UK’s regulatory and parliamentary environment, I will not be taking on any other professional orvoluntaryworkcommitmentsintheimmediate term.

6. Have you ever held any post or undertaken any activity that might cast doubt on your political impartiality? If so, how will you demonstrate your political impartiality in the role if appointed?

No.

7. Do you intend to serve your full term of office?

Yes.

The ICO

8. If appointed, what will be your main priorities on taking up the role?

I intend to work with stakeholders to demonstrate that the Data Protection Act and UK GDPR are notimpediments to innovation, growth and the use of data to add value; that on the contrary, they are enabling statutes.

It will be a priority for me and my team to identify ways in which we can reduce compliance costs, particularly for small to medium enterprises, by providing them with tools to understand and apply the law without the need to incur large professional fees. To this end I will be promoting a “service” culture.

Another aspect of cost that we can work on is reducing the uncertainty that is always attendant on a principle-based regulatory framework. We can do this by declaring our position on areas which might otherwise be ambiguous, with that ambiguity driving a risk-averse, or high cost approach.

It will be important, while doing these, to give the people of the United Kingdom certainty that thereis a stable and fair regulator ensuring they can have confidence that their personal data will be processed appropriately, and kept safe; that they can trust the digital economy enough to actively participate in it. This is a fundamental precondition to gaining the benefits of a digital economy.

Part of providing that trust and confidence will be taking effective regulatory action, based oncriteria of public interest and risk, when organisations egregiously breach their obligations in ways that puts individuals at risk.

9. What criteria should the Committee use to judge the ICO’s performance over your term of office?

I will be working with the team at the ICO to identify measurable criteria for the outcomes we areable to achieve. It is always more difficult to measure outcomes than outputs, but it may be possibleto undertake some benchmarking work early on to understand the industry perception of matterssuch as “ease of compliance with data protection rules” on the side of the regulated sector, andcontinue with the existing ICO surveys gauging consumer awareness or “confidence in the system’sability to safely and fairly process personal data” on the consumer side. We could then retake those surveys at regular intervals and report to the Committee on any movement.

One area I would like to work on is reducing the processing times for complaints and investigations.In an online economy, consumers expect near instant gratification. While that is incompatible withthe observation of due process and the need to comply with natural justice obligations, I am surethat improvements can be made, and the experience of both complainants and respondentsenhanced. The slow processing of complaints is one of the main criticisms of the administration ofthe GDPR, and I would like to see the ICO differentiate from European data protection agencies in this area of our work.

I would welcome a discussion with the Committee about which aspects of our performance it would like to measure, and how we might identify meaningful indicators of performance to report on.

10. How will you protect and enhance your personal independence and the regulatory independence of the ICO from the Government/ministers?

I have always found that open communication with Government stakeholders and Ministers isessential to understanding and respecting each other’s different roles. I will certainly consult withkey stakeholders when considering any significant changes to our priorities or operating model, andwill operate on the basis of “no surprises”. However, I will ensure that Ministers understand andrespect the importance of a regulator discharging quasi-judicial regulatory functions free from actual or apparent political influence or interference.

11. How do you assess the public profile and reputation of the ICO?

It is difficult for me to assess the public profile and reputation of the ICO domestically from my current vantage point, however the ICO has emerged in recent years as a key regulator internationally. Much of that is a consequence of Elizabeth Denham’s leadership. The ICO enjoys avery high reputation in the privacy regulatory community, and with international organisations suchas the Council of Europe, the OECD, and others. Its scholarship and work programme contribute sgreatly to the international discourse and assists other regulators and governments with emerging issues such as artificial intelligence and facial recognition technologies.

12. What risks do you think ICO will face over your term of office? How do you intend to manage them?

There will be risks to the system as data protection regimes continue to evolve in the UK andoverseas, and I will work with UK organisations and international partners to manage the associated risks, including those consequents to any change in the UK’s adequacy status.

The organisation itself faces risks of staff retention in a field where there are skills shortages. I intendto work with the leadership team to ensure we have a culture and conditions that nurture and retain talent.

There is a risk that the organisation, when working across such a broad range of human andeconomic activity, could lose focus. It will be my role as leader to maintain a vision and focus, and to ensure we are at all times working in the best interests of the people of the United Kingdom.

FURTHER INFORMATION

Box 1. Providing information to select committees

Information about the preferred candidate

  • Name of the preferred candidate

    John Edwards

  • Their current CV (redacted for publication)

    attached

  • Declaration of relevant interests made by the candidate:

    Mr Edwards declared no conflicts of interest on his returned ‘Declaration of conflict of interest form’.

  • Declaration of relevant political activity made by the candidate required under paragraph 9.2 of the Governance Code on Public Appointments:

    As per the paragraph 9.2 of the Governance Code, political activity should not affect any judgement of merit nor be a bar to appointment. John has not made any political donations.

  • Proposed terms of appointment and remuneration (if any)

    This is a five year appointment. The remuneration is £200,000 per annum for 5 days per week.

    Further information on the ICO, the role, the process and the candidate can be found below. Also attached at Annex B is the CO’s proforma.

Background: the ICO and the role of the Information Commissioner

About the ICO

In 2019/20 the ICO received 39,000 data protection enquiries; handled over 102,000 enquiries about nuisance calls and texts;and responded to 6,421 freedom of information requests. The ICO employs approximately 770 staff with its Head Office in Wilmslow and offices in Edinburgh, Cardiff, Belfast and London. The ICO receives Grant-in-Aid of £4.62M (2019/20) for its work on Freedom of Information, Network and Information Systems Regulations, Electronic Identification and Trust Services, Investigatory Powers Act; and fee income of (approximately) £46.6M (2019/20) for data protection work. The ICO’s 2019–2022 Strategic Plan can be found here, and its annual reports can be found here.

The Information Commissioner’s Office is a Non Departmental Public Body sponsored by the Department for Digital, Culture, Media and Sport. Although the Information Commissioner operates independently in the exercise of his/her statutory functions, some issues require the approval of the Secretary of State such as funding and the level of fees charged to data controllers. The Framework Agreement (due for review in 2022) sets out the respective responsibilities of the sponsor department and the Information Commissioner to support the work of both organisations, and to ensure the Commissioner’s independence, propriety and value for money.

As a corporation sole7 the Information Commissioner is responsible for:

Further detail on the specific legislation and the ICO’s powers and functions can be found here.

Role specification

As per the Data Protection Act 2018, the Information Commissioner is to be appointed by Her Majesty by Letters Patent on the basis of fair and open competition. Candidates should be aware that the preferred candidate will be required to appear before a Parliamentary Select Committee prior to appointment.

The Information Commissioner is responsible for:

Key selection criteria

This is a demanding and high-profile role. We are looking for an exceptional candidate with a demonstrable desire to deliver a new approach to data in the UK that strikes the right balance between high data protection standards and responsible use of data to benefit our economy and society. This candidate must be willing and able to steer the ICO through a dynamic period of change, refining processes and decision-making.

Prospective candidates need to be able to demonstrate that they meet a majority of the following criteria to a high degree:

Experience and personal qualities

About the candidate

John Edwards was first appointed to the position of Privacy Commissioner of New Zealand in February 2014 and was re-appointed for a further 5 year term in February 2019. Prior to this he practiced law for over 20 years.

John has degrees in law (LLB) and public policy (MPP) from Victoria University of Wellington, NZ and has advised and represented a wide range of clients from the public and private sector. He provides independent comment on significant personal information policies and issues.

John chaired the New Zealand Law Society Privacy and Human Rights Committee and was Contributing Editor of Brookers Human Rights Law and Practice and has published widely on human rights and privacy matters.

In addition to a practice specialty in the field of information and privacy law, he held warrants as a district inspector for mental health, and as district inspector for intellectual disability services and has provided legal services to the Kingdom of Tonga.

In October 2014 John was elected Chair of the Executive Committee of the International Conference of Data Protection and Privacy Commissioners and completed his 3 year term in October 2017.

Annex B: Proforma for departments to provide campaign information to select committees

Campaign Launch Date

28th February 2021

Campaign Closing Date

5th March 2021

Reason for any changes in timetable to that originally published

There were no changes to the timetable that was originally published

Advertising strategy

The Public Appointments team advertised the role on the Cabinet Office Centre for Public Appointments website and on DCMS Social Media. The Secretary of State also announced the launch in the media. GatenbySanderson were contracted to be headhunters for the role.

Advisory Assessment Panel

Panel Chair: Susannah Storey, DCMS Director General for Digital and Media Policy

Senior Independent Panel Member: Sir Philip Augar is a British author, and was an equities broker in the City of London, England for twenty years from the 1970s, first with NatWest and J. Henry Schroder,

Other Members (including name, position and organisation):

Daniel Korski - independent sector representative.

Nicola Wood - Non-Executive Director at the ICO.

Number of applicants

The campaign closed with a total of 40 individual applicants.

Number of candidates invited to interview

Eight candidates were invited to interview.

Number of candidates found appointable

Four candidates were found appointable.

7 A corporation sole is a legal entity consisting of a single (‘sole’) incorporated office, occupied by a single (sole) man or woman. This allows a corporation to pass vertically in time from one office holder to the next successor-in-office, giving the position legal continuity with each subsequent office holder having identical powers to his/her predecessor’




Published: 10 September 2021 Site information    Accessibility statement