Data Protection Act 1998

28 National security.U.K.

(1)Personal data are exempt from any of the provisions of—

(a)the data protection principles,

(b)Parts II, III and V, and

(c)[F1sections 54A and] 55,

if the exemption from that provision is required for the purpose of safeguarding national security.

(2)Subject to subsection (4), a certificate signed by a Minister of the Crown certifying that exemption from all or any of the provisions mentioned in subsection (1) is or at any time was required for the purpose there mentioned in respect of any personal data shall be conclusive evidence of that fact.

(3)A certificate under subsection (2) may identify the personal data to which it applies by means of a general description and may be expressed to have prospective effect.

(4)Any person directly affected by the issuing of a certificate under subsection (2) may appeal to the Tribunal against the certificate.

(5)If on an appeal under subsection (4), the Tribunal finds that, applying the principles applied by the court on an application for judicial review, the Minister did not have reasonable grounds for issuing the certificate, the Tribunal may allow the appeal and quash the certificate.

(6)Where in any proceedings under or by virtue of this Act it is claimed by a data controller that a certificate under subsection (2) which identifies the personal data to which it applies by means of a general description applies to any personal data, any other party to the proceedings may appeal to the Tribunal on the ground that the certificate does not apply to the personal data in question and, subject to any determination under subsection (7), the certificate shall be conclusively presumed so to apply.

(7)On any appeal under subsection (6), the Tribunal may determine that the certificate does not so apply.

(8)A document purporting to be a certificate under subsection (2) shall be received in evidence and deemed to be such a certificate unless the contrary is proved.

(9)A document which purports to be certified by or on behalf of a Minister of the Crown as a true copy of a certificate issued by that Minister under subsection (2) shall in any legal proceedings be evidence (or, in Scotland, sufficient evidence) of that certificate.

(10)The power conferred by subsection (2) on a Minister of the Crown shall not be exercisable except by a Minister who is a member of the Cabinet or by the Attorney General or the Lord Advocate.

(11)No power conferred by any provision of Part V may be exercised in relation to personal data which by virtue of this section are exempt from that provision.

(12)Schedule 6 shall have effect in relation to appeals under subsection (4) or (6) and the proceedings of the Tribunal in respect of any such appeal.

Textual Amendments

Modifications etc. (not altering text)

C1S. 28(8)(9)(10)(12) applied (with modifications) (1.3.2000) by S.I. 1999/2093, reg. 32(8)(a)

S. 28(8)(9)(10)(12) applied (11.12.2003) by The Privacy and Electronic Communications (EC Directive) Regulations 2003 (2003/2426), {reg. 28(8)(b)} (with regs. 4, 15(3), 28, 29)

C2S. 28(10): functions of the Lord Advocate transferred to the Advocate General for Scotland, and all property, rights and liabilities to which the Lord Advocate is entitled or subject in connection with any such function transferred to the Advocate General for Scotland (20.5.1999) by S.I. 1999/679, arts. 2, 3, Sch; S.I. 1998/3178, art. 2(2), Sch. 4