GDPR AND DEFECTING THE CATHOLIC CHURCH

Religious freedom presupposes that nobody can impose a religious identity on you.  Thus as the UN says, you have a right to drop out of religion or change religion or stay in your religion.

What happens if one no longer consider's oneself Catholic?

Quotes from, https://goosed.ie/leaving-catholic-church-using-gdpr/

"GDPR and Leaving the Catholic Church~ When you think GDPR, you probably think about emails about those damned privacy policy updates and how every site in the world now asks you about cookies. However, GDPR reaches far beyond the modern and the technical. GDPR is about all data which can be related to an individual. Does GDPR apply to churches? Absolutely, they handle and process data just the same as big brands and companies around the world do. It recently emerged that Facebook actually has more followers than the Catholic church, so why wouldn’t they be bound by the exact same regulations?  Back in 2009, I wasn’t really worried about religion. I knew I wasn’t religious but I also wasn’t too bothered about it in general. I was a student in college and to be quite frank, I wasn’t bothered about a whole lot at all. My reason for defecting from the church comes much more recently.

How Can GDPR Help You Leave the Church?

Because I’m a nerd with some free time, I found myself perusing the EU’s GDPR documentation. Seriously, leave it beside the toilet, you’ll get through it in no time. Anyway, when reading through it I couldn’t find any reason the church should be allowed to hold my records without my consent. I actually found reasons I considered to be more compelling towards these records being destroyed altogether.

Why Was the Data Collected?

The second principle of GDPR states data should be,

collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes

Considering I no longer want anything to be Catholic or have anything to do with the Catholic church, what reason would they have for holding my data? Now, without giving anything away, there is more to this principle regarding holding data for archival and historical reasons; more on that later.

Minimise Data Storage Where Possible

If a company or organisation holds your data, they should only hold the absolute minimum they require in order to achieve the reason the data was collected in the first place. That might be confusing, but generally speaking, if I don’t want to be in the Catholic church, there’s no reason for them to have my data.

Minimisation means they shouldn’t keep it.

Data Should Be Kept Accurate and Up To Date

This one is a doozy in my eyes. GDPR states quite clearly that any stored data should be kept up to date and accurate. Efforts to highlight inaccuracies should be taken seriously and be acted upon without delay. Honestly, here’s the actual wording from GDPR. Data should be kept, accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay

Sounds like a slam dunk right? I no longer consider myself to be Catholic but church records say otherwise. That’s inaccurate and should be updated.

Right, let’s keep moving.

When is Processing Allowed?

Processing can mean a whole range of things. Modern-day processing means handling email addresses and the likes, but it can also relate to storage of information. The Catholic church is processing my personal data without my permission. Actually, they are processing my data in opposition to my expressed wishes that I have nothing to do with them. Oops, I’m getting ahead of myself. More on that in a bit.

The Right to Be Forgotten

This one is really simple. First of all, there are two terms to need to know:

Data Controller

Data Subject

When it comes to me and the Catholic church, they are the Data Controller and I’m the Data Subject.

GDPR states the Data Subject has to right to have all personal data the held by a Data Controller deleted and the Data Controller should delete immediately when one of several conditions apply. Here are the ones I found most interesting:  personal data is no longer required to achieve the original reason the data was collected for in the first place the Data Subject withdraws their consent and there is no other legal grounds for processing

With everything I had learned about GDPR, I felt I had a pretty decent case which could have me removed from the Catholic church. They held baptismal records which stated I was Catholic. I could no longer defect from the church as the canon laws were changed, but maybe GDPR could help me out.