I just loved this case decision in Finland whereby Jehovah’s Witnesses must comply with GDPR, determined by EU court. In 2013 Finland’s Data Protection Supervisor prohibited the Jehovah’s Witnesses religious community from collecting or processing personal data in the course of door-to-door preaching by its members unless Finnish data protection legislation was observed.
Jehovah’s Witnesses created maps from which areas are allocated between the members who engage in preaching and by keeping records about preachers and the number of the Community’s publications distributed by them. In essence they are collecting and processing personal data.
In its judgment, the European Court of Justice considered that the Jehovah’s Witnesses’ door-to-door preaching is not covered by the exceptions laid down by EU Law on the protection of personal data.
- There is the fact that the door-to-door preaching is protected by the fundamental right of freedom of conscience and religion enshrined in Article 10(1) of the Charter of Fundamental Rights of the European Union; but this does not,
- Confer an exclusively personal or household character on that activity because it extends beyond the private sphere of a member of a religious community who is a preacher.
For those newbies here, this is about something called ‘material scope’ in the GDPR. You can liken ‘material scope’ (and there is also ‘territorial scope’) as scoping parameters for the GDPR.
Think about it as a project scope … and it is almost cool to know that even legal documents have a scope just as any project you may have driven or been a part of. What this means is that all the legal text in the GDPR is only relevant if personal data falls within the scope defined in Articles 2 and 3.
Material scope (Article 2)
The GDPR applies to the processing of personal data wholly or partly by automated means and to manual processing if the personal data form part of a filing system or are intended to form part of a filing system.
Now back to the case.
- The Jehovah’s Witnesses used ‘household exception’, hence exempt from GDPR. This was overruled, stating that the JW organisation and those knocking on doors collecting personal data were joint controllers.
- What material scope also states is that data needs to be part of a ‘filing system’ of some kind, and it was stated that even though data was collected manually, just the ordering, e.g. by address during collection, which made retrieval easier, placed it in scope.
So there you have it… lovely example for the classroom IMHO 🙂