Sunday, October 01, 2023

Sexual abuse: Catholic Church under fire for keeping data of 'de-baptised' people

APD/GBA (Belgium) - 85/2022 - GDPRhub

The Belgian Catholic Church will have to answer before a litigation chamber of the Data Protection Authority for its retention of names and details of people who chose to remove themselves from the baptismal register – known in Dutch as being de-baptised.

A recent documentary about sexual abuse in the Catholic Church (called 'Godvergeten'), as well as extensive media coverage of a well-known Flemish radio presenter embroiled in a paedophilia scandal, have seen a large number of baptised people taking steps to officially break ties with the Church.

However, even after people are de-baptised, the Catholic Church still keeps track of the names of the people who have removed themselves from the register – leading to questions about whether the Church is breaching the European GDPR legislation protecting private data.

Therefore, Belgium's Data Protection Authority (GBA) is looking into that question in a litigation chamber in the coming weeks after some complaints from de-baptised people came in, VRT reports.

'A sacrament cannot be undone'

According to the doctrine of faith, however, de-baptising is not possible, the diocese said: "A sacrament administered cannot be undone." The Church does put a note in the baptismal register following a request to be removed. In practice, a priest reportedly notes "stepped out of the Church community" after the name of a baptised person.

But for many, that is not enough. Artist and former European Parliament spokesperson Jan De Zutter denounced the diocese's practice of merely adding a note in an opinion piece in De Standaard. 

De Zutter argued that the Church violates the European GDPR, which states that organisations cannot simply keep data and records of people who explicitly wish to be forgotten.

"This would allow the Church to actively conduct re-entry campaigns among people who have left the community," said MEP Kathleen Van Brempt, who submitted a demand for more clarity to the European Commission. "Everyone has the right to be forgotten."

The diocese itself said that it does not want to elaborate on the case until the full documentary series of 'Godvergeten' has aired (the final episode is scheduled on Tuesday).

Still, the practice has been checked with GDPR specialists, said diocese spokesperson Geert De Kerpel, adding that the diocese also employs its own data protection officer and that data are also not kept digitally or centrally.

"The baptismal register is a book kept per parish in which names and dates are entered manually. When someone is baptised, we notify the relevant parish and a caption is provided," De Kerpel said. 

The Church reasons that names cannot be deleted or erased, as that would amount to "destroying" a "historical" document.

Bart Van Buitenen, GDPR specialist and lecturer in privacy and security at Thomas More University of Applied Sciences called this "quite a creative solution." 

He argued that the GDPR legislation also applies to physical documents, "and as far as I know, the Church has to comply with that as well."

For Van Brempt too, the Church's reasoning is "nonsense." 

It is "perfectly possible to erase names with a black marker or Tipp-Ex without damaging the rest of the document," she said. "The diocese is looking for excuses."

Like De Zutter, she referred to the Jehovan Todistajat case, in which the European Court of Justice restricted door-to-door data collection by Jehovah's Witnesses following a complaint from Finland.

Meanwhile, Belgium's Data Protection Authority does not wish to comment further on the case legally or technically until the dispute is dealt with by its litigation chamber. 

After that, the agency could impose data deletion or monetary fines on the diocese.