News site Politico said Edwards’ announcement came after it made inquiries on Friday “regarding Edwards’ work absence”.
Politico offered no further details.
In a statement, the ICO said Edwards voluntarily stepped aside on February 26, in order “to enable an independent workplace investigation which relates to him. This investigation will produce a report with recommendations for DSIT to decide next steps”.
The DSIT or Department for Science, Innovation and Technology is the ICO’s parent agency.
“To protect all parties involved and maintain the integrity of the investigation, we are unable to provide further details at this stage,” the ICO statement said.
Edwards said he had no comment when approached by the Herald.
In his public-facing roles, Edwards has often adopted a front-foot approach, particularly with his criticism of Big Tech firms.
Edwards also lobbied, unsuccessfully, for the ability to fine firms up to $1 million for Privacy Act breaches when the legislation was updated in 2020. While Australia introduced A$50m fines, his office had to settle for a strongly-worded letter.
A story in The Times in the build-up to his ICO appointment was headlined, “Facebook-hating New Zealander John Edwards in line to be Britain’s privacy tsar”.
In a 2019 late night tweet – which he subsequently deleted – Edwards said, “Facebook cannot be trusted. They are morally bankrupt pathological liars who enable genocide (Myanmar), facilitate foreign undermining of democratic institutions”.
His comments were made in the wake of the Christchurch mosque massacres.
Edwards also posted that Facebook’s initial silence about the shootings was “an insult to our grief”.
The Herald understands the Ardern-led Government asked him to dial down his rhetoric.
Others liked that he turned up the volume, and it turned heads in the UK.
“John Edwards is outspoken. This is not a bad thing. We want and need privacy regulators who are not afraid to call out bad privacy practices, take a stand in the name of the consumer, and keep government agencies and corporations operating within privacy and ethical guardrails,” the International Association of Privacy Professionals’ Daimhin Warner wrote at the time.
Edwards hit the ground running in the UK. In April 2023, his office fined TikTok £12.7m for collecting data on children, in contravention of UK privacy rules.
More recently under Edwards, the ICO fined password manager LastPass UK £1.23m after “a significant data breach and DNA firm 23andMe £2.31m for “security failings”. And in February this year, his office fined Reddit £14.47m for infringements of data processing laws for minors.
Chris Keall is an Auckland-based member of the Herald’s business team. He joined the Herald in 2018 and is the technology editor and a senior business writer.
