The Information Commissioner is required to publish information about the existence of national security certificates, and the information we are required to publish can be found via the text and links on this page.
A National Security Certificate is a certificate, signed by a Minister of State, which certifies that exemption from the provisions of the Data Protection Act 2018 (DPA) is required for the purposes of safeguarding national security. The exemption is provided for at sections 26 and 110 of the DPA, and in various provisions under Part 3 of the DPA (Law Enforcement Processing). The certificates may be issued under the provisions of sections 27, 79 or 111 of the DPA.
The Commissioner is required to publish information about these certificates, including the name of the Minister who issued the certificate, the date of issue and, where possible, the text of the certificate. Some or all of the text may be withheld if its publication would be against the interests of national security, would be contrary to the public interest, or might jeopardise the safety of any person. In all other circumstances, the Commissioner will publish the full text of the certificate.
The respective exemptions on the basis of national security can still apply even if a national security certificate has not been issued, but the existence of a certificate is conclusive proof that, in respect of the data or the processing described in the certificate, the exemption applies.
How to apply for a certificate
You may use the exemption for national security without holding a certificate, but if you think you may require a national security certificate, the Home Office has issued guidance on how to obtain one. You can find that guidance at the link below:
Once issued, the certificate must be provided to the Commissioner for publication. Certificates can be sent to us by email, using the contact mailbox we have set up for this specific purpose: firstname.lastname@example.org.
The mailbox can be used provided the information contained does not exceed a security classification of OFFICIAL SENSITIVE. Do not use this mailbox for any other messages to the ICO as this could delay their delivery to the correct recipient.
For all other certificates and any supporting information about permissible restrictions on publication of the text, contact the ICO to discuss arrangements for receipt of the materials. You may use the mailbox to make contact in the first instance.
Please note that, unless instructed otherwise, the ICO will presume that the text of any certificates will be published in full.
List of certificates
MI5 - GDPR
Certificate issued by: Rt Hon Sajid Javid MP
Date of Certificate: 24 July 2019
Brief description of Certificate: General exemption from specified GDPR articles for processors and parties working with, or in relation to the functions of, the Security Service under Section 26 of the Data Protection Act 2018.