Catholic Church records may be inspected over GDPR concerns

Data regulator investigating whether baptismal records fall under EU data privacy law

The Data Protection Commissioner said her office had received different responses from different bishops. Photograph: iStock
The Data Protection Commissioner said her office had received different responses from different bishops. Photograph: iStock

The State's data watchdog may have to inspect Catholic Church records in its investigation into whether the church is legally obliged to delete records of people seeking to leave Catholicism.

Helen Dixon, the Data Protection Commissioner, said her office was investigating whether the church's holding of personal data on baptisms and other Catholic sacraments that individuals may have taken falls under the EU's data protection law, the General Data Protection Regulation.

The inquiry is being carried out after the personal data regulator received complaints from Marty Meany, editor of the tech website goosed.ie, and other former Catholics about the church's refusal to delete baptismal records despite their efforts to renounce their religion.

Ms Dixon said the investigation, which started late last year, will examine whether the church records on baptisms, communions, confirmations and marriages are part of a structured filing system, which could fall under GDPR rules, or a more ad-hoc system that does not require regulation under data protection law.

READ SOME MORE

“Under canon law, there is no way to leave the Catholic Church, and that’s not a matter for this office,” Ms Dixon said.

“So all we can look at is – is this data processing that does fall to be regulated on to the GDPR? Who is the data controller when it comes to the maintenance of registers and how does canon law interface with the GDPR, if at all?”

Annual report

The data protection commissioner was speaking on the publication of the commission’s 2019 annual report, which showed that the regulator received 7,215 GDPR-related complaints and 6,069 data breach notifications during the year.

The office is also investigating complaints received from people about the processing of their personal data in receiverships where creditors have seized control of rental properties they owned.

On the investigation into the church, Ms Dixon said her office had received different responses from different bishops.

Some have said they do not maintain a structured filing system, while others have said that it does fall under GDPR but they are exempted from the rules because of legitimate interests, or because of the historical or archival value of the material.

Others have said they cannot erase records because it would raise an issue for third parties such as parents or siblings whose interests would be affected.

Some bishops have acknowledged the issue and are willing to add a note to the record to indicate individuals are no longer Catholic, but they say they cannot remove their name.

“There is a whole range of complex issues that have to be resolved in those complaints such that we have had to open a full-scale inquiry to try and resolve them,” said Ms Dixon.

Simon Carswell

Simon Carswell

Simon Carswell is News Editor of The Irish Times