The Belgian Data Protection Authority (GBA) has ordered the Diocese of Ghent to act on a baptised individual's request to be removed from their parish baptism register.
The individual in question had asked the Diocese to be removed from all records of the Catholic Church, including the baptism register. However, in response to such a request, the Church does not typically remove all record of the person; it merely records their request to leave the Church. The Church contends that it has a legitimate interest in retaining the data, citing its "archival value". The individual, unsatisfied with this response, decided to lodge a complaint with the GBA.
The GBA agrees that the Church has good reason to retain the data to prevent potential identity fraud, as a baptism can only occur once. However, the 'legitimate interest' argument can only be invoked if processing the data is essential for achieving this purpose. The individual's interest must be equally appreciated.
In this instance, the GBA concluded that these two conditions have not been met. "From a data protection point of view, the lifelong retention of data of a person who has asked to leave the Church cannot be justified if it is neither proportional nor strictly necessary, especially if the data is of a sensitive nature," stated Hielke Hijmans, chairperson of the Litigation Chamber at the Belgian Data Protection Authority. "In this case, these conditions were not met."
The GBA has therefore deemed the retention of data as unlawful and has ordered the Diocese to erase the complainant's data from the baptism register. Both parties have 30 days to file an appeal.
