About Me

I scan a wide horizon for threats to privacy and free expression from government and industry, take these threats seriously, and prepare for them even if I lack definitive proof that they will materialize. In this endeavor I need to respect the libidinal pull of culture and culture-makers as powerful shapers of politics and legislation, and remember that ultimately power makes law, law doesn’t make power. And whatever I do, I have to work the rules as written alongside the world as it is: marked by self-interest, power asymmetries, and political corruption — all against the backdrop of an accelerating climate crisis and rising authoritarianism.

-Meredith Whittaker, describing her job, but doing a damn good job of also describing what I do

My name is Heather Burns and I am a tech policy wonk based in Glasgow, Scotland. I work for an open web built around international standards of human rights, privacy, accessibility, and freedom of expression. That means I advocate for policy and technology developments which keep the internet open, globally connected, secure, and trustworthy.

I’ve been Extremely Online since 1994. I built my first web site in 1996 in Lynx on Unix. You can read the rest of the story in the introduction to my book.

This is my personal site, and the content and opinions on it do not reflect the opinions of any current contractor or previous employer.

What I’m working on now

  • 2024’s suite of elections from the digital perspective – and there are 58 of them in 54 countries
  • The UK Online Safety Act
  • The UK Investigatory Powers (Amendment) Bill
  • The UK Data Protection and Digital Information Bill
  • …and how the latter three will impact service providers who are not Big Tech, as well as those who use any service regardless of who makes it

Want me to work with you?

I’m currently freelancing in the policy x human rights space. I will have 1.5 days per week capacity starting around March 2024.

If you’re thinking about bringing me in: I work with smart, proactive, critical thinkers. And so I support teams who bring those people on board, rather than avoiding them. I’m at my best in projects and organisations that are fearless, provocative, and show up to fight the good fights. As for where I do that from, I work hybrid/remote from Glasgow, aka Not London, and so I work with people who don’t have a problem with that.

As always, the usual filters apply. I’m not a lawyer, or an academic, and I don’t have a Ph.D (gasp!). I don’t work with big tech or anti-big tech campaigns, I don’t work in corporate compliance, and I don’t work with government or regulators. Finally, I don’t work for all-white-male golf course boys’ clubs, and yes, this still needs to be said in Scotland, and it shouldn’t.

TFW you unbox your own book. Yes those are William Morris shoes.

Past work

  • 2022: Head of Policy and Governance, MaidSafe
  • 2020 – 2021: Policy Manager, Open Rights Group
  • 2015 – 2020: Freelance tech policy and regulation specialist for clients across the startup, digital rights, privacy, digital agency, and games sectors
  • 2011 – 2020: Open source software contributor and community member
  • 2007 – 2015: Full-time web designer and developer
  • 2000 – 2005: Worked in international relations and community development

In August 2018 I was flattered to be named as Smashing Magazine’s Person of the Week for my work on GDPR and privacy. Photo taken by some Geordie in a Belgrade dive bar run by two refugees from Reading ’94.

Past side projects

Current interests

  • Risks to the internet’s technical integrity caused by bad legislation (hello the UK Online Safety Act)
  • Related: the post-Brexit Conservative drive to make the UK the 51st US state via the erosion of privacy safeguards and the rise of lobbyist-driven private technical filtering intermediaries
  • The evolving field of internet governance
  • Conflicting intermediary liability provisions (e.g. the UK OSB vs the EU DSA)
  • The risks to the integrity of internet architecture and service provision caused by political volatility in the US, specifically the rise of Christian Nationalism and the highly likely second Trump administration
  • Legal endogeneity, e.g. when the interpretation of internet legislation drafted without practitioner involvement is, nevertheless, delegated to them – especially when the practitioners don’t bother to show up (and you know who you are)

Contact information

Locations: Glasgow, Scotland, Europe; also Manchester, England, UK

Email: contact at webdevlaw.uk

Social: LinkedIn // Twitter: @webdevlaw // Zuckervegan (I’m not on FB, IG, WhatsApp, or Threads). Not on Mastodon. Not on Blue Sky.

I’m no longer doing writing gigs or conference speaking.

I am happy to talk to journalists who have serious questions about UK-related policy and legislative matters. I am not happy to talk to journalists looking for vapid personality commentary about American tech celebrities. 

Portrait photography © Julie Broadfoot – www.juliebee.co.uk