Chapter 2: Ministerial certifications and appeals
7.Clauses 24–26 provide for exemptions from certain provisions of the GDPR scheme if required for the purpose of safeguarding national security or for defence purposes. An extensive range of measures may be disapplied in this way. According to clause 25, a certificate signed by a Minister of the Crown is “conclusive evidence of [the] fact” that exemption is required for the purpose of safeguarding national security. No equivalent certification process is provided for in respect of exemptions on defence-related grounds.6 Analogous provisions on the processing of data by the intelligence services are found in clauses 108–109, albeit that such exemptions apply only on national security (and not defence) grounds.
8.It is possible to appeal to the First-tier Tribunal against a certificate issued under clause 25. The Tribunal may quash the certificate if, applying the principles applicable in judicial review cases, the Tribunal finds that the Minister did not have reasonable grounds for issuing the certificate. It is not clear from this formulation whether the courts are excluded from considering other grounds such as procedural fairness. We recommend that the Government clarifies the grounds of appeal for proceedings relating to ministerial certifications made under clause 25 or 109.
6 It is noteworthy that “defence purposes”, which is used in relation to exemptions in clauses 24-26, is not defined in the Bill. Defence is a ground upon which EU Member States are permitted to restrict obligations under the GDPR (article 23). It is however unclear what exemptions will be created by the Bill for “defence purposes”.