| Data Protection Act 1998 |
| 1998 Chapter 29 - continued |
|
| back to
previous text |
 |
|
| |
PART IV |
| |
EXEMPTIONS |
| Preliminary. |
27. - (1)
References in any of the data protection principles or any provision of
Parts II and III to personal data or to the processing of personal data do
not include references to data or processing which by virtue of this Part
are exempt from that principle or other provision.
|
| |
(2) In this Part "the subject
information provisions" means-
|
| |
(a) the first data protection principle to the extent to which it
requires compliance with paragraph 2 of Part II of Schedule 1,
and |
| |
|
| |
(3) In this Part "the
non-disclosure provisions" means the provisions specified in subsection
(4) to the extent to which they are inconsistent with the disclosure in
question.
|
| |
(4) The provisions referred to in
subsection (3) are-
|
| |
(a) the first data protection principle, except to the extent to
which it requires compliance with the conditions in Schedules 2 and
3, |
| |
(b) the second, third, fourth and fifth data protection principles,
and |
| |
(c) sections 10 and 14(1) to (3). |
| |
(5) Except as provided by this
Part, the subject information provisions shall have effect notwithstanding
any enactment or rule of law prohibiting or restricting the disclosure, or
authorising the withholding, of information.
|
| National security. |
28. - (1)
Personal data are exempt from any of the provisions of-
|
| |
(a) the data protection principles, |
| |
(b) Parts II, III and V, and |
| |
|
| |
if the exemption from that provision is required for the
purpose of safeguarding national security.
|
| |
(2) Subject to subsection (4), a
certificate signed by a Minister of the Crown certifying that exemption
from all or any of the provisions mentioned in subsection (1) is or at any
time was required for the purpose there mentioned in respect of any
personal data shall be conclusive evidence of that fact.
|
| |
(3) A certificate under subsection
(2) may identify the personal data to which it applies by means of a
general description and may be expressed to have prospective
effect.
|
| |
(4) Any person directly affected by
the issuing of a certificate under subsection (2) may appeal to the
Tribunal against the certificate.
|
| |
(5) If on an appeal under
subsection (4), the Tribunal finds that, applying the principles applied
by the court on an application for judicial review, the Minister did not
have reasonable grounds for issuing the certificate, the Tribunal may
allow the appeal and quash the certificate.
|
| |
(6) Where in any proceedings under
or by virtue of this Act it is claimed by a data controller that a
certificate under subsection (2) which identifies the personal data to
which it applies by means of a general description applies to any personal
data, any other party to the proceedings may appeal to the Tribunal on the
ground that the certificate does not apply to the personal data in
question and, subject to any determination under subsection (7), the
certificate shall be conclusively presumed so to apply.
|
| |
(7) On any appeal under subsection
(6), the Tribunal may determine that the certificate does not so
apply.
|
| |
(8) A document purporting to be a
certificate under subsection (2) shall be received in evidence and deemed
to be such a certificate unless the contrary is proved.
|
| |
(9) A document which purports to be
certified by or on behalf of a Minister of the Crown as a true copy of a
certificate issued by that Minister under subsection (2) shall in any
legal proceedings be evidence (or, in Scotland, sufficient evidence) of
that certificate.
|
| |
(10) The power conferred by
subsection (2) on a Minister of the Crown shall not be exercisable except
by a Minister who is a member of the Cabinet or by the Attorney General or
the Lord Advocate.
|
| |
(11) No power conferred by any
provision of Part V may be exercised in relation to personal data which by
virtue of this section are exempt from that provision.
|
| |
(12) Schedule 6 shall have effect
in relation to appeals under subsection (4) or (6) and the proceedings of
the Tribunal in respect of any such appeal.
|
| Crime and taxation. |
29. - (1)
Personal data processed for any of the following purposes-
|
| |
(a) the prevention or detection of crime, |
| |
(b) the apprehension or prosecution of offenders, or |
| |
(c) the assessment or collection of any tax or duty or of any
imposition of a similar nature, |
| |
are exempt from the first data protection principle (except
to the extent to which it requires compliance with the conditions in
Schedules 2 and 3) and section 7 in any case to the extent to which the
application of those provisions to the data would be likely to prejudice
any of the matters mentioned in this subsection.
|
| |
(2) Personal data which-
|
| |
(a) are processed for the purpose of discharging statutory
functions, and |
| |
(b) consist of information obtained for such a purpose from a person
who had it in his possession for any of the purposes mentioned in
subsection (1), |
| |
are exempt from the subject information provisions to the
same extent as personal data processed for any of the purposes mentioned
in that subsection.
|
| |
(3) Personal data are exempt from
the non-disclosure provisions in any case in which-
|
| |
(a) the disclosure is for any of the purposes mentioned in
subsection (1), and |
| |
(b) the application of those provisions in relation to the
disclosure would be likely to prejudice any of the matters mentioned in
that subsection. |
| |
(4) Personal data in respect of
which the data controller is a relevant authority and which-
|
| |
(a) consist of a classification applied to the data subject as part
of a system of risk assessment which is operated by that authority for
either of the following purposes- |
| |
(i) the assessment or collection of any tax or duty or any
imposition of a similar nature, or |
| |
(ii) the prevention or detection of crime, or apprehension or
prosecution of offenders, where the offence concerned involves any
unlawful claim for any payment out of, or any unlawful application of,
public funds, and |
| |
(b) are processed for either of those purposes, |
| |
are exempt from section 7 to the extent to which the
exemption is required in the interests of the operation of the
system.
|
| |
(5) In subsection (4)-
|
| |
"public funds" includes funds provided by any Community
institution; |
| |
"relevant authority" means- |
| |
(a) a government department, |
| |
(b) a local authority, or |
| |
(c) any other authority administering housing benefit or council
tax benefit. |
| Health, education and social work. |
30. - (1) The
Secretary of State may by order exempt from the subject information
provisions, or modify those provisions in relation to, personal data
consisting of information as to the physical or mental health or condition
of the data subject.
|
| |
(2) The Secretary of State may by
order exempt from the subject information provisions, or modify those
provisions in relation to-
|
| |
(a) personal data in respect of which the data controller is the
proprietor of, or a teacher at, a school, and which consist of
information relating to persons who are or have been pupils at the
school, or |
| |
(b) personal data in respect of which the data controller is an
education authority in Scotland, and which consist of information
relating to persons who are receiving, or have received, further
education provided by the authority. |
| |
(3) The Secretary of State may by
order exempt from the subject information provisions, or modify those
provisions in relation to, personal data of such other descriptions as may
be specified in the order, being information-
|
| |
(a) processed by government departments or local authorities or by
voluntary organisations or other bodies designated by or under the
order, and |
| |
(b) appearing to him to be processed in the course of, or for the
purposes of, carrying out social work in relation to the data subject or
other individuals; |
| |
but the Secretary of State shall not under this subsection
confer any exemption or make any modification except so far as he
considers that the application to the data of those provisions (or of
those provisions without modification) would be likely to prejudice the
carrying out of social work.
|
| |
(4) An order under this section may
make different provision in relation to data consisting of information of
different descriptions.
|
| |
(5) In this section-
|
| |
"education authority" and "further education" have the same meaning
as in the Education (Scotland) Act 1980 ("the 1980 Act"), and |
| |
|
| |
(a) in relation to a school in England or Wales, has the same
meaning as in the Education Act 1996, |
| |
(b) in relation to a school in Scotland, means- |
| |
(i) in the case of a self-governing school, the board of
management within the meaning of the Self-Governing Schools etc.
(Scotland) Act 1989, |
| |
(ii) in the case of an independent school, the proprietor within
the meaning of the 1980 Act, |
| |
(iii) in the case of a grant-aided school, the managers within the
meaning of the 1980 Act, and |
| |
(iv) in the case of a public school, the education authority
within the meaning of the 1980 Act, and |
| |
(c) in relation to a school in Northern Ireland, has the same
meaning as in the Education and Libraries (Northern Ireland) Order
1986 and includes, in the case of a controlled school, the Board of
Governors of the school. |
| Regulatory activity. |
31. - (1)
Personal data processed for the purposes of discharging functions to which
this subsection applies are exempt from the subject information provisions
in any case to the extent to which the application of those provisions to
the data would be likely to prejudice the proper discharge of those
functions.
|
| |
(2) Subsection (1) applies to any
relevant function which is designed-
|
| |
(a) for protecting members of the public against- |
| |
(i) financial loss due to dishonesty, malpractice or other
seriously improper conduct by, or the unfitness or incompetence of,
persons concerned in the provision of banking, insurance, investment
or other financial services or in the management of bodies
corporate, |
| |
(ii) financial loss due to the conduct of discharged or
undischarged bankrupts, or |
| |
(iii) dishonesty, malpractice or other seriously improper conduct
by, or the unfitness or incompetence of, persons authorised to carry
on any profession or other activity, |
| |
(b) for protecting charities against misconduct or mismanagement
(whether by trustees or other persons) in their administration, |
| |
(c) for protecting the property of charities from loss or
misapplication, |
| |
(d) for the recovery of the property of charities, |
| |
(e) for securing the health, safety and welfare of persons at work,
or |
| |
(f) for protecting persons other than persons at work against risk
to health or safety arising out of or in connection with the actions of
persons at work. |
| |
(3) In subsection (2) "relevant
function" means-
|
| |
(a) any function conferred on any person by or under any
enactment, |
| |
(b) any function of the Crown, a Minister of the Crown or a
government department, or |
| |
(c) any other function which is of a public nature and is exercised
in the public interest. |
| |
(4) Personal data processed for the
purpose of discharging any function which-
|
| |
(a) is conferred by or under any enactment on- |
| |
(i) the Parliamentary Commissioner for Administration, |
| |
(ii) the Commission for Local Administration in England, the
Commission for Local Administration in Wales or the Commissioner for
Local Administration in Scotland, |
| |
(iii) the Health Service Commissioner for England, the Health
Service Commissioner for Wales or the Health Service Commissioner for
Scotland, |
| |
(iv) the Welsh Administration Ombudsman, |
| |
(v) the Assembly Ombudsman for Northern Ireland, or |
| |
(vi) the Northern Ireland Commissioner for Complaints,
and |
| |
(b) is designed for protecting members of the public against-
|
| |
(i) maladministration by public bodies, |
| |
(ii) failures in services provided by public bodies,
or |
| |
(iii) a failure of a public body to provide a service which it was
a function of the body to provide, |
| |
are exempt from the subject information provisions in any case to
the extent to which the application of those provisions to the data
would be likely to prejudice the proper discharge of that
function. |
| |
(5) Personal data processed for the
purpose of discharging any function which-
|
| |
(a) is conferred by or under any enactment on the Director General
of Fair Trading, and |
| |
|
| |
(i) for protecting members of the public against conduct which may
adversely affect their interests by persons carrying on a
business, |
| |
(ii) for regulating agreements or conduct which have as their
object or effect the prevention, restriction or distortion of
competition in connection with any commercial activity, or |
| |
(iii) for regulating conduct on the part of one or more
undertakings which amounts to the abuse of a dominant position in a
market, |
| |
are exempt from the subject information provisions in any case to
the extent to which the application of those provisions to the data
would be likely to prejudice the proper discharge of that
function. |
| |
|
|
| |
  
|
| |
Other UK
Acts | Home | Scotland
Legislation | Wales
Legislation | Northern
Ireland Legislation | Her
Majesty's Stationery Office |
|