Data Protection Act, Part IV
The Data Protection Act, Part IV, provides exemptions, under certain circumstances from the act. For example, Section 28 of the DPA provides exemptions for reasons of “national security” this means that data is no longer guarded under the data protection principles, Parts II, III and V of the act, or section 55 of the data protection act. The exemption to Section 55 is the most interesting exemption as this section makes it an offence to “knowingly or recklessly” obtain or disclose data.
Data Protection Act Section 27 Preliminary
(1) References in any of the data protection principles or any provision of Parts II and III to personal data or to the processing of personal data do not include references to data or processing which by virtue of this Part are exempt from that principle or other provision.
(2) In this Part “the subject information provisions” means—
(a) the first data protection principle to the extent to which it requires compliance with paragraph 2 of Part II of Schedule 1, and
(b) section 7.
(3) In this Part “the non-disclosure provisions” means the provisions specified in subsection (4) to the extent to which they are inconsistent with the disclosure in question.
(4) The provisions referred to in subsection (3) are—
(a) the first data protection principle, except to the extent to which it requires compliance with the conditions in Schedules 2 and 3,
(b) the second, third, fourth and fifth data protection principles, and
(c) sections 10 and 14(1) to (3).
(5) Except as provided by this Part, the subject information provisions shall have effect notwithstanding any enactment or rule of law prohibiting or restricting the disclosure, or authorising the withholding, of information
Data Protection Act Section 28 National security
(1) Personal data are exempt from any of the provisions of—
(a) the data protection principles,
(b) Parts II, III and V, and
(c) section 55,
if the exemption from that provision is required for the purpose of safeguarding national security.
(2) Subject to subsection (4), a certificate signed by a Minister of the Crown certifying that exemption from all or any of the provisions mentioned in subsection (1) is or at any time was required for the purpose there mentioned in respect of any personal data shall be conclusive evidence of that fact.
(3) A certificate under subsection (2) may identify the personal data to which it applies by means of a general description and may be expressed to have prospective effect.
(4) Any person directly affected by the issuing of a certificate under subsection (2) may appeal to the Tribunal against the certificate.
(5) If on an appeal under subsection (4), the Tribunal finds that, applying the principles applied by the court on an application for judicial review, the Minister did not have reasonable grounds for issuing the certificate, the Tribunal may allow the appeal and quash the certificate.
(6) Where in any proceedings under or by virtue of this Act it is claimed by a data controller that a certificate under subsection (2) which identifies the personal data to which it applies by means of a general description applies to any personal data, any other party to the proceedings may appeal to the Tribunal on the ground that the certificate does not apply to the personal data in question and, subject to any determination under subsection (7), the certificate shall be conclusively presumed so to apply.
(7) On any appeal under subsection (6), the Tribunal may determine that the certificate does not so apply.
(8) A document purporting to be a certificate under subsection (2) shall be received in evidence and deemed to be such a certificate unless the contrary is proved.
(9) A document which purports to be certified by or on behalf of a Minister of the Crown as a true copy of a certificate issued by that Minister under subsection (2) shall in any legal proceedings be evidence (or, in Scotland, sufficient evidence) of that certificate.
(10) The power conferred by subsection (2) on a Minister of the Crown shall not be exercisable except by a Minister who is a member of the Cabinet or by the Attorney General or the Lord Advocate.
(11) No power conferred by any provision of Part V may be exercised in relation to personal data which by virtue of this section are exempt from that provision.
(12) Schedule 6 shall have effect in relation to appeals under subsection (4) or (6) and the proceedings of the Tribunal in respect of any such appeal.