Belgians have been baptised during their childhood, yet every year around a
thousand Belgian citizens decide to annul
their membership to the catholic church. Many have thus found their
way to the annulment of their religious membership. However, can you also
demand to be completely erased from God’s memory and parish registers relying
on Article 17 GDPR? This is the question to which this blogpost aims to
formulate an answer.
Model withdrawal form
To leave the catholic church is easy. All
you need to do is fill in a model
withdrawal form and send it to the diocese of the place where you were
baptised. As effortless as this seems though, God does not forget about us easily.
Those who were baptised in the catholic church received a so-called ‘indelible
spiritual mark’ on their soul. Strictly speaking, you cannot really leave the
church because baptism is a sacrament that cannot be undone. But then what does
it mean to leave the church if you cannot undo your baptism?
Annotation next to your name
If you expressed the wish to cancel your
membership, the diocese will make an annotation next to your name in the parish
register. Religious disaffiliation is thus nothing more than a personal and
symbolic act as you will not get erased from parish registers. However, didn’t
Article 17 GDPR introduce the right to erasure?
The catholic church, subject to the worldly powers of the GDPR
It should be observed from the outset that
religious organisations do not benefit from a specific exclusion of EU data
protection law. Although the GDPR exempts ‘purely or household activities’, the
Court of Justice of the European Union (‘CJEU’) made very clear in Jehovan
Todistajat, as well as in Lindqvist,
that this exemption will not apply to the processing activities conducted
by religious organisations. Thus, the catholic church is bound by the GDPR and
can be held accountable for how it handles personal information.
General prohibition of processing special categories of personal data
The personal data processed for the
accomplishment of the baptism sacrament, and later enclosed in parish
registers, concern sensitive personal data. Being qualified as such, the
processing of personal data revealing religious beliefs is prohibited in
general unless one of the exceptions applies.
In this vein, Article 9 GDPR allows
churches and other bodies with a ‘religious aim’ to process sensitive
data provided it meets a few criteria. The processing of the data needs to
be (i) in the course of its legitimate activities, (ii) with appropriate
safeguards, (iii) on condition that the processing relates solely to the
members or to former members of the body or to persons who have regular contact
with it in connection with its purposes and (iv) on condition that the data are
not disclosed outside that body without the consent of the data subject.
Consent as the legal basis for processing
As the sacrament of baptism constitutes the
act of admitting a person into the Christian church, it is often performed on
young children and, because of their young age, they will not be able to give
any informed consent. Therefore, parents need to complete a consent
form for the processing of these data.
Nevertheless, one must conclude from this
that the legal ground on which the processing relies, is consent as described
by Article 6(1)(a) GDPR.
The right to erasure from parish registers
Because the processing of the personal data
at hand relies on consent as a legal basis, one should be able to rely on
Article 17 GDPR to ask for the erasure of the data concerning him or her. The
consent form to be signed by the parents indicates as its purpose that it is
necessary to be able to perform the sacrament of baptism, first communion, and
confirmation. Because people leaving church revoke their consent and
undoubtedly have no interest in undergoing other sacraments, they should in
principle have the right to obtain from the catholic church the erasure of all
their personal data.
The reaction of the church
Before the entry into force of the GDPR,
the catholic church in Belgium stated in a FAQ
that it could not be said what the right to erasure would mean in practice for
the catholic church. However, when specifically asked for a reaction, the Belgian
Catholic church responds by first stressing out their constitutionally
protected freedom of religion.
Indeed, the right to data protection is not
absolute. Most interestingly in this regard, is that the church indicates that
the erasure of information enclosed in the parish register can be criminally
prosecuted according to canon law. As opposed to the situation in the case of Jehovan
Todistajat, in which the door-to-door proselytizing was in no way prevented
by making it subject to the GDPR, to grant of a right to erasure
concerning parish registers could hamper the catholic church from organising
To force the catholic church to grant a
right to erasure could bring to the surface the interesting question whether,
in this specific situation, the exercise of data protection rights amounts to
an intolerable interference with the freedom of religion. One could call into
question the necessity of applying the strict requirements under the GDPR and
the consequences of doing so for the freedom of religion.
On the other hand, one may wonder if it is
fair to not grant persons the right to erasure because of a religious law to
which they cannot be bound and does not fulfill the requirement of
foreseeability. Especially considering the sensitive character of the data at
hand and the fact that they often did not consent themselves to the processing,
but their parents.
It thus boils down to a balancing exercise
between two fundamental rights, and we will have to wait for an action by an
individual brought to a DPA to truly know what outcome this balancing exercise
The post Does God ever really forget us? An investigation into the right to be erased and freedom of religion appeared first on CITIP blog.