The Jehovah’s Witnesses religious community and European Data Protection Law – Part II

The Jehovah’s Witnesses religious community and European Data Protection Law – Part II

The second part of a blog on the possible tension between the right to data protection and the freedom of religion in the specific case of the Jehovah’s Witnesses religious community under the Data Protection Directive and the GDPR.

The previous blog addressed the material scope of the Data Protection Directive 95/46 in determining that the processing activities carried out by the Jehovah’s Witnesses fall within its scope, even when taking account of the possible tension between the right to data protection and the freedom of religion. The present blog will discuss the meaning of the concepts of “filing system” and “controller” in that same context.

Firstly, the question what exactly must be understood under the concept of “filing system” laid down in Article 2(c) of the Data Protection Directive (see Article 4(6) GDPR). Also, recital 27 (see Article 2(1) GDPR) must be considered, in which it is stated that “files or sets of files as well as their cover pages, which are not structured according to specific criteria, shall under no circumstances fall within the scope of this Directive”. The restrictive formulation of this criterion can be explained by placing it into the historical context of the legislative process that took place prior to the adoption of the Data Protection Directive in 1995. Big data related issues, like they occur nowadays, i.e. the 50 million Facebook profiles that were harvested for Cambridge Analytica, were unimaginable. As we are dealing with the Jehovah’s, that still rely on manually assembled data, organized via paper files, the dated concept of “filing system” remains relevant.

Back to the Opinion of A-G Mengozzi, who first makes it very clear that the scope of data protection law may not depend on the techniques used, as that would create a serious risk of circumvention. Yet, the Directive only covers manual filing systems to the extent that they are structured according to i) specific criteria, ii) that relate to individuals and iii) which allow easy access to the personal data. The various criteria for determining the constituents of a structured set of personal data may be laid down by each Member State.

The A-G then continues in finding that the notes taken by the Jehovah’s when proselytizing may constitute a “filing system”, as areas are allocated geographically, thereby structuring the data of individuals, i.e. the name, address, and summary of the conversation, relating in particular to the religious beliefs and family circumstances. Indeed, such a system may support the planning of subsequent visits and thereby offer easy access to the data concerned. Consequently, all three criteria as mentioned above are met. However, A-G Mengozzi notes that under Finnish law, a higher degree of sophistication is required. A “filing system” must consist of lists, data sheets or any other comparable search system, which may impose an extra restriction. It will be interesting to see the finding of the Court of Justice and subsequently, the reasoning of the national court. In previous national cases, i.e. in Belgium and Sweden, on the Jehovah’s Witnesses, as well as on the Church of Scientology, it was found that paper files held by those organizations fall outside the scope of European data protection law.

Secondly, the A-G was required to give his opinion on the question whether the religious community, alone or together with its members, can be regarded as a “controller” within the meaning of Article 2(d) of the Directive (see Article 4(7) GDPR). Prior to the substantive analysis the irritation expressed by the Jehovah’s, based on a wrong understanding of the concept of “controller”, was addressed. The community pointed out the fact that its members neither act under its instructions, nor in response to divine command. After addressing this point, A-G Mengozzi primarily stated that the concept of “controller”, described as the one(s) determining the purposes and means of the processing of personal data, should be defined broadly under the Directive. A factual, rather than a formal analysis determines “why” and “how” processing takes place. In the present case, it must therefore be ascertained whether the Jehovah’s community decides the purposes and means of processing the data collected by its members. This seems to be the case, as areas are allocated among the various preachers, their activity is monitored and a record is kept of people who do not wish to be visited. Via this system “the community seeks to increase its number of the faithful through greater efficiency in evangelical activity by optimal preparation for visits”. The Jehovah’s are, for this purpose, provided with forms and instructions on note taking. The A-G mentions that the data controller must not have actual access to the data. Moreover, the fact that members of the religious community can have a practical effect on the means of processing does not exclude the possibility that, not only they, but also the community should be considered a controller. This so-called joint control may take various forms making the equal sharing of control unnecessary. It is for the Supreme administrative court of Finland to determine to what extent the community is in a position to exert influence de facto over the activity of collecting and processing the personal data, such as collected by the Jehovah’s, which would eventually make them a controller.

The analysis of the two concepts, as provided above, will now be addressed briefly in light of the GDPR. Firstly, if indeed the data collected by the Jehovah’s qualifies as a “filing system”, thereby falling within the scope of European data protection law, stringent requirements will apply under Article 8 of the Directive (see Article 9 GDPR). As it concerns sensitive personal data, the starting point will be a prohibition of the processing, unless one of the exceptions applies (Article 8(2) Directive and Article 9(2) GDPR). In the present case, processing could be allowed if the data subject gives explicit consent to the processing (Article 8(2)(a) Directive). Under Article 9(2)(a) GDPR that consent must even be given for one or more specified purposes. Lastly, the concept of “joint controllers” will be discussed, as newly laid down in Article 26 GDPR. The A-G referred to this concept when discussing whether the Jehovah’s religious community can be considered a “controller”. Under the GDPR, joint control means that two or more controllers jointly determine the purposes and means of processing. An arrangement between those controllers must be set up in which the roles and relationship between them and the data subjects is described. The essence of that arrangement shall be made available to the data subject.

Taking into account the actions that must be taken by the Jehovah’s Witnesses community in order to comply with the present, as well as the soon to be European data protection standard, the question arises whether indeed such compliance does not amount to an intolerable or disproportionate interference with the freedom of religion. One could call into question the necessity of applying the strict requirements under the GDPR and particularly the consequence of doing so for the freedom to proselytise. We shall wait and see whether the Court of Justice follows the Opinion of A-G Mengozzi and lets data protection law enter the door of the Jehovah’s Witnesses religious community.



Data found in Case Study 54 of the Australian Royal Commission suggests that a child is up to six times safer in the JW community than in the overall Australian world.

I cannot find this sta in Case Study 54: please post the link to this data.

Tom Harley

Stories about child sexual abuse and JWs are not nothing, and it is easy to see why an attorney would go there. One should always consider certain background information, however, the absence of which leads to a seriously distorted picture.

The real story should never be ‘Jehovah’s Witnesses investigated child sexual abuse in their ranks but did some aspects of it wrong.’ The real story should be: ‘Nobody else even attempted the job.’ All Christian groups should have. In fact, any group professing that their beliefs contribute to better conduct should take measures to see that that is in fact so. The Book of Romans says “You, the one preaching, “Do not steal,” do you steal? You, the one saying, “Do not commit adultery,” do you commit adultery?’ The Witness organization was proactive at a time that no one else was to combat a great moral ill. They were not proactive enough, however, to realize that their vigilance made them de facto enforcers for the greater authorities.

Data found in Case Study 54 of the Australian Royal Commission suggests that a child is up to six times safer in the JW community than in the overall Australian world. Thus, the Witnesses vigilance along with their teachings have paid off. It is fine to handle a case of child sexual abuse properly. But it is far finer if the abuse does not happen in the first place. It is similar to calling in the grief counselors in the wake of a school shooting. Of course, it is a good thing to call them in, but how much better to not need them at all. A case of child sexual abuse ‘properly handled’ does not mean that it did not occur, and the child is only somewhat less damaged than if the case was properly handled.

In 2005, evangelical leader Ronald J. Sider wrote a book called ‘The Scandal of the Evangelical Conscience,’ in which he observed that ‘church discipline’ was once an accepted aspect of many denominations, but in “in the second half of the twentieth century, it has largely disappeared.” Due to this, he laments, the conduct of the evangelical church member today is indistinguishable from that of the overall world, whereas the entire draw of the Christian religion is that it is to be an oasis from illicit conduct having free rein outside.

Important as it is to handle abuse cases properly, it is not so important as preventing them. JW’s vigilance and relative success in this should always be a part of any story about them. Otherwise, a professional does his readers a disservice, painting one of the ‘cleanest’ organizations around as one of the foulest.

Add a comment