The Catholic Church in Ireland is facing a data protection inquiry over its failure to delete records under the General Data Protection Regulation (GDPR), as requested by people who have renounced the religion.
Under GDPR, entities can be fined up to €10m or up to 2% of their global turnover for serious data protection breaches.
Marty Meany, editor of the tech website Goosed.ie, decided that he wanted to leave the church and have his baptismal record erased in the aftermath of the May 2018, abortion referendum. He wrote to the bishop of Ossory seeking to have his data deleted. The bishop, Dermot Farrell, responded, saying that while he respected the decision and it was noted on the diocese’s register, it was not possible to delete Meany’s name from baptism and confirmation registers or to annul the fact that he received these sacraments. “Church registers are documents of historic and archival significance,” said Farrell.
Meany initiated a complaint with the DPC on July 4, 2018. It has been assessing the complaint, along with others of a similar nature, and told Meany it had sought external legal advice. Under the Data Protection Act, the right to be forgotten may not apply to some information used for archival or historic research purposes.
