Derogation

An exception, exemption, or departure from general rules permitted under specific circumstances. In privacy law, derogations allow flexibility where strict application would create problems. GDPR includes numerous derogations—member states can maintain or introduce national variations, specific processing situations allow deviation from general principles, and certain rights can be restricted for important objectives like national security, defense, or public safety. For example, GDPR Article 89 provides derogations from certain rights when processing for archiving purposes in the public interest, scientific or historical research, or statistical purposes. Understanding available derogations helps organizations navigate competing obligations and balance privacy with other important interests. However, derogations should be interpreted narrowly—they're exceptions to general rules, not loopholes to avoid compliance. Organizations should carefully assess whether derogations apply, document rationale for relying on them, and implement appropriate safeguards even when exceptions are used.