(b)a Scottish public authority as defined by the Freedom of Information (Scotland) Act 2002 (asp 13), and

(c)an authority or body specified or described by the Secretary of State in regulations,

subject to subsections (2), (3) and (4).

(2)An authority or body that falls within subsection (1) is only a “public authority” or “public body” for the purposes of the GDPR when performing a task carried out in the public interest or in the exercise of official authority vested in it.

(3)The references in subsection (1)(a) and (b) to public authorities and Scottish public authorities as defined by the Freedom of Information Act 2000 and the Freedom of Information (Scotland) Act 2002 (asp 13) do not include any of the following that fall within those definitions—

(a)a parish council in England;

(b)a community council in Wales;

(c)a community council in Scotland;

(d)a parish meeting constituted under section 13 of the Local Government Act 1972;

(e)a community meeting constituted under section 27 of that Act;

(f)charter trustees constituted—

(i)under section 246 of that Act,

(ii)under Part 1 of the Local Government and Public Involvement in Health Act 2007, or

(iii)by the Charter Trustees Regulations 1996 (S.I. 1996/263).

(4)The Secretary of State may by regulations provide that a person specified or described in the regulations that is a public authority described in subsection (1)(a) or (b) is not a “public authority” or “public body” for the purposes of the GDPR.

(5)Regulations under this section are subject to the affirmative resolution procedure.