Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Belgium: DPA recognizes right to erasure from baptismal registers

On December 19, 2023, the Belgian Data Protection Authority (Belgian DPA) published its decision No. 169/2023, in which it ordered the Diocese of Ghent to comply with the request of a baptized person to be deleted from the baptismal register, following a complaint from an individual.

Background to the decision

An individual, who wished to withdraw from the Catholic Church, lodged a complaint with the Belgian DPA after their request to be deleted from all Catholic Church files, including the baptismal register, was denied by the Diocese of Ghent. The Diocese of Ghent alleged that the Church does not delete data from the baptismal registers, but rather adds an annotation reflecting the person's wish to leave the Church in the margin of the register. The Diocese of Ghent also argued the historical value of baptismal registers.

Findings of the Belgian DPA

After hearing arguments from both sides, the Belgian DPA found that the processing of the complainant's personal data violated Articles 5(1)(a), 6(1)(f), and 9 of the General Data Protection Regulation (GDPR).

In particular, the Belgian DPA noted that, even though the Diocese of Ghent relied on legitimate interests for processing personal data, it failed both the necessity and the weighing of interests tests when confronted with the interests, fundamental rights, and freedoms of the data subject. As such, the Belgian DPA concluded that the data processing was not suitable for achieving the intended interest and did not meet the requirements of purpose limitation and data minimization required by Articles 5(1)(b) and 5(1)(c) of the GDPR.

The Belgian DPA further decided that processing data based on canon law is not grounds for evading the obligations set under the GDPR.

Moreover, the Belgian DPA found that the Diocese of Ghent failed to comply with the right to erasure, in violation of Articles 12(2), 12(4), and 17(1)(c) of the GDPR. In the view of the Belgian DPA, the Diocese of Ghent also failed to comply with Articles 12(1), 12(3), and 13 of the GDPR by not providing the complainant with clear information.

Outcomes

In light of the above, the Belgian DPA issued a reprimand and ordered the Diocese of Ghent to:

  • properly comply with the complainant's erasure request; and
  • stop processing the personal data of individuals who choose to leave the Church.

The Diocese of Ghent has 30 days from the notification of the decision to comply with the corrective measures.

You can read the press release here, the European Data Protection Board summary here, and the decision, only available in Dutch, here