GDPR AND DEFECTING THE CATHOLIC CHURCH
Religious freedom presupposes that nobody can impose a religious identity on you. Thus as the UN says, you have a right to drop out of religion or change religion or stay in your religion.
What happens if one no longer consider's oneself Catholic?
Quotes from, https://goosed.ie/leaving-catholic-church-using-gdpr/
"GDPR and Leaving the Catholic Church~ When you think GDPR, you probably think about emails about those damned privacy policy updates and how every site in the world now asks you about cookies. However, GDPR reaches far beyond the modern and the technical. GDPR is about all data which can be related to an individual. Does GDPR apply to churches? Absolutely, they handle and process data just the same as big brands and companies around the world do. It recently emerged that Facebook actually has more followers than the Catholic church, so why wouldn’t they be bound by the exact same regulations? Back in 2009, I wasn’t really worried about religion. I knew I wasn’t religious but I also wasn’t too bothered about it in general. I was a student in college and to be quite frank, I wasn’t bothered about a whole lot at all. My reason for defecting from the church comes much more recently.
How Can GDPR Help You Leave the Church?
Because I’m a nerd with some free time, I found myself perusing the EU’s GDPR
documentation. Seriously, leave it beside the toilet, you’ll get through it in
no time. Anyway, when reading through it I couldn’t find any reason the church
should be allowed to hold my records without my consent. I actually found
reasons I considered to be more compelling towards these records being destroyed
altogether.
Why Was the Data Collected?
The second principle of GDPR states data should be,
collected for specified, explicit and legitimate purposes and not further
processed in a manner that is incompatible with those purposes
Considering I no longer want anything to be Catholic or have anything to do with
the Catholic church, what reason would they have for holding my data? Now,
without giving anything away, there is more to this principle regarding holding
data for archival and historical reasons; more on that later.
Minimise Data Storage Where Possible
If a company or organisation holds your data, they should only hold the absolute
minimum they require in order to achieve the reason the data was collected in
the first place. That might be confusing, but generally speaking, if I don’t
want to be in the Catholic church, there’s no reason for them to have my data.
Minimisation means they shouldn’t keep it.
Data Should Be Kept Accurate and Up To Date
This one is a doozy in my eyes. GDPR states quite clearly that any stored data
should be kept up to date and accurate. Efforts to highlight inaccuracies should
be taken seriously and be acted upon without delay. Honestly, here’s the actual
wording from GDPR. Data should be kept, accurate and, where necessary, kept up
to date; every reasonable step must be taken to ensure that personal data that
are inaccurate, having regard to the purposes for which they are processed, are
erased or rectified without delay
Sounds like a slam dunk right? I no longer consider myself to be Catholic but
church records say otherwise. That’s inaccurate and should be updated.
Right, let’s keep moving.
When is Processing Allowed?
Processing can mean a whole range of things. Modern-day processing means
handling email addresses and the likes, but it can also relate to storage of
information. The Catholic church is processing my personal data without my
permission. Actually, they are processing my data in opposition to my expressed
wishes that I have nothing to do with them. Oops, I’m getting ahead of myself.
More on that in a bit.
The Right to Be Forgotten
This one is really simple. First of all, there are two terms to need to know:
Data Controller
Data Subject
When it comes to me and the Catholic church, they are the Data Controller and
I’m the Data Subject.
GDPR states the Data Subject has to right to have all personal data the held by
a Data Controller deleted and the Data Controller should delete immediately when
one of several conditions apply. Here are the ones I found most interesting:
personal data is no longer required to achieve the original reason the data was
collected for in the first place the Data Subject withdraws their consent and
there is no other legal grounds for processing
With everything I had learned about GDPR, I felt I had a pretty decent case
which could have me removed from the Catholic church. They held baptismal
records which stated I was Catholic. I could no longer defect from the church as
the canon laws were changed, but maybe GDPR could help me out.