The Luxembourg-based court has urged religious groups, Jehovah’s Witnesses among them, to ask for permission to collect personal data on the door step, citing data protection laws, The Telegraph reported.
The ruling arrived shortly after the Church of England told members not to give away personal data in written prayer requests, keeping it in line with the new GDPR policies in the EU’s new data privacy law, which was adopted earlier this year.
The European Court’s ruling thereby addressed an appeal by the Finnish arm of Jehovah’s Witnesses, amid controversy over whether the Jehovah’s Witnesses’ activity falls under the new privacy regulations: the religious group pointed to the fact that the data was not collected centrally, but while preaching at households.
The judgment essentially specified that the group keeps the so-called “refusal register,” of those who have turned down their invitation to be contacted later on, as well as a comprehensive list of persons they got in touch with, including their names, addresses and religious beliefs. This “memory aid” was acknowledged to be potentially used for subsequent visits “without the knowledge or consent” of their target audience.
Religious groups may be exempt from data protection requirements if engaged in internal communication with believers within their own circle. The court, nevertheless, ruled that door-to-door preaching involves “outward” efforts, “from the private setting of the members who engage in preaching,” and therefore has to abide by the freshly updated GDPR regulations.
Following the move, a spokesman for the British arm of the Jehovah's Witnesses, an organization estimated to have over 8 million members worldwide, remarked that the group has to look into the judgment carefully and examine how governments within the EU would interpret it.
Earlier, the Church of England made headlines as the clergy had issued guidelines warning churches to request formal permission from someone who was to be prayed for in the event of their personal data ending up on a website, leaflet or social networks. The requirement is in line with the EU’s data protection (GDPR) regulation, formally effective since May 25 and which stipulates mammoth fines in the case of non-compliance — up to 4 percent of a company's annual global turnover.