The Irish Church is under a data protection investigation for not erasing the personal information of former Catholics who renounce the religion.
– General Data Protection Regulation (GDPR) probe
Irish Data Protection Commissioner Helen Dixon confirmed to the Irish Times February 20 that her office is looking into the way Church authorities handle the personal records they have on individuals who, though they may have been involved in the Church in the past, no longer identify as Catholic.
Specifically, the inquiry relates to the Church’s management of baptismal, confirmation, marriage and other registers, and whether that information falls under the EU’s data protection law, the General Data Protection Regulation (GDPR).
– Former Catholic: “The Church should be treated like any other club. They shouldn’t hold records on you if you’re not a member”
The probe comes after Marty Meany, editor of the tech website goosed.ie, tried to leave the Church and have his baptismal and confirmation record erased in 2018 after the Bishop of Elphin, Kevin Doran, said Catholics who voted for the repeal on the abortion ban should go to confession.
“I thought, if it was a sin to vote yes [to the repeal], I don’t want to be a sinner, so delete the record of me being a Catholic, as it’s not true any more”, Meany told the Sunday Times February 16.
Meany wrote to his bishop – Dermot Farrell, of the diocese of Ossory – to communicate his decision to have his name struck off the baptismal and confirmation registry.
But Farrell told Meany that since “Church registers are documents of historic and archival significance”, it was not possible to comply with his request.
Meany then initiated a complaint with the Data Protection Commission, which has been investigating ever since.
The Commission has since widened its probe, to the archdiocese of Dublin and beyond, to “examine the circumstances of the storage and retention of Church records of data subjects who no longer wish to have their personal data processed in any or all Church registers”.
“I don’t want a gym holding on to my records if my membership lapsed”, Meany explained.
“The Church should be treated like any other club. They shouldn’t hold records on you if you’re not a member”.
– Historical and archival value and “a whole range of complex issues”
Since Meany’s complaint in 2018, the Irish Data Protection Commission has received other complaints from former Catholics in Ireland seeking to leave the religion but meeting with the refusal of the Church hierarchy.
The Sunday Times recalled that under GDPR legislation, which came into effect in Ireland in 2018, individuals can request to have their personal data deleted from an organisation’s records on the basis of that individual withdrawing consent or where there is no legal basis for otherwise holding on to the information, among other grounds.
GDPR breaches, in the most serious of cases, can bring fines of up to ten million euros or up to 2% of the global profits of corporations.
But Commissioner Dixon said that the Church is arguing a whole range of reasons why they can’t delete former Catholics’ personal records.
Not only because of the historical or archival value of the material but also because third parties such as parents or siblings may be affected should the information be deleted.
“Under canon law, there is no way to leave the Catholic Church, and that’s not a matter for this office”, Dixon clarified, adding that the most bishops are prepared to do is add a note to their records saying that a person is no longer Catholic, even if they won’t delete their names.
“So all we can look at is – is this data processing that does fall to be regulated on to the GDPR? Who is the data controller when it comes to the maintenance of registers and how does canon law interface with the GDPR, if at all?”
“There is a whole range of complex issues that have to be resolved in those complaints such that we have had to open a full-scale inquiry to try and resolve them”, the data commissioner explained.