2The data protection principles
(1)Subject to subsection (3) below, references in this Act to the data protection principles are to the principles set out in Part I of Schedule 1 to this Act; and those principles shall be interpreted in accordance with Part II of that Schedule.
(2)The first seven principles apply to personal data held by data users and the eighth applies both to such data and to personal data in respect of which services are provided by persons carrying on computer bureaux.
(3)The Secretary of State may by order modify or supplement those principles for the purpose of providing additional safeguards in relation to personal data consisting of information as to—
(a)the racial origin of the data subject;
(b)his political opinions or religious or other beliefs;
(c)his physical or mental health or his sexual life; or
(d)his criminal convictions;
and references in this Act to the data protection principles include, except where the context otherwise requires, references to any modified or additional principle having effect by virtue of an order under this subsection.
(4)An order under subsection (3) above may modify a principle either by modifying the principle itself or by modifying its interpretation; and where an order under that subsection modifies a principle or provides for an additional principle it may contain provisions for the interpretation of the modified or additional principle.
(5)An order under subsection (3) above modifying the third data protection principle may, to such extent as the Secretary of State thinks appropriate, exclude or modify in relation to that principle any exemption from the non-disclosure provisions which is contained in Part IV of this Act; and the exemptions from those provisions contained in that Part shall accordingly have effect subject to any order made by virtue of this subsection.
(6)An order under subsection (3) above may make different provision in relation to data consisting of information of different descriptions.