Antoinette Hage

The short version: 

Tech policy, privacy innovation, data protection and data rights, data governance, AI governance, privacy by design, privacy enhancing technologies, innovation in regulation.

The long(ish) version: 

I worked in the UK's data protection authority as well as in privacy, data protection and data governance for a range of global brands. I like what I do. My experience working on emerging tech policy inside a regulator gives me a unique insight into how public bodies make policy decisions and how they pursue enforcement. With that experience, I've been able to lead data protection, governance and privacy programmes in several global companies and bring together both compliance and innovation priorities. My policy and regulatory insights have been key to helping companies bring new products to market.

Beyond my core role in data governance at Marks and Spencer, I became a privacy, data protection and innovation specialist for colleagues who lead emerging technology projects. I gave advice on data protection best practice, privacy risk, interpreting ICO guidance and baking in good governance and responsible design from the start. This included advising on an AI stylist, advising on the use of AI in recruitment processes, advising on the use of personal data for marketing and targeting, and advising on the risks of using special category data drawn from customer research.  

M&S is a £12 billion FTSE100 company with a 150-year heritage in the UK. The retailer, known for its quality goods, employs 65,000 people and serves 22 million customers. 

I worked in the public policy team at Meta. The attention on generative AI throughout 2023 fostered as much excitement in-house as it did across the world. I surveyed relevant engagement opportunities in the UK, ensuring that my team of legal, policy, comms and product experts would be ready to act at the right moment - whether that was responding to the AI white paper, fostering introductions to policymakers or leading policy discussion meetings with government stakeholders.

 I developed partnerships with the government’s Foundation Model Taskforce and with the CDEI (Centre for Data Ethics & Innovation) on AI assurance. My work to coordinate my team and liaise with stakeholders in a timely way allowed Meta to land its key messages to a range of high profile policymakers.

I worked in the ICO technology team where I led on the PETs (privacy enhancing technologies), anonymisation and data sharing policy programmes. This involved strategic development and delivery of the policy programme in line with ICO priorities and with other regulators. Overall we wanted to ensure regulatory cohesion and promote harmonisation in digital markets and we needed to build industry relations quickly.

I launched two projects. First, I convened and chaired the PETs expert forum; and second, I sourced funding and delivered the PETs for Public Good research project. 

The PETs expert forum was a group of 50 C-suite leaders, startups, big tech firms, thinktanks, consultants and international NGOs brought together by me to foster regulatory engagement and develop industry relations. Feedback from forum members showed they hugely valued this collaborative approach and this improved relationships between the regulator and industry. A forum member said: 'it feels like the regulator is finally listening'.

In tandem, I led the PETs for Public Good project which explored the innovation and adoption of PETs through the lens of data sharing in the healthcare sector. I won a grant of £182,000 from central government to deliver this project in partnership with Plexal and AWS. I hired in consultants to engage with over 250 industry reps and technical specialists through interviews and curated workshops. I authored the final report and delivered a range of recommendations for the ICO, which were keenly adopted. My work on PETs was recognised throughout the ICO and the Commissioner himself, John Edwards, presented my work to the G7 data protection authorities’ annual summit in 2022.