Even the Jehovah's Witnesses Have to Abide by GDPR Rules

By Tom Pritchard on at

There's nothing more annoying that having to get up and answer your front door because someone is trying to peddle something. Especially in the middle of the day, when you're only home because you ave more important things to deal with like sick kids, incoming deliveries, or trying to get some work done away from the office. Jehovah's Witnesses are some of the most infamous, especially the ones near me that try and trick you into not immediately realise they're not there to talk about Jesus and the Apocalypse. But an EU court has said that even they need to abide by GDPR rules.

This situation arose thanks to Finland banning the Jehovahs from collecting personal information door to door, which the religious group promptly challenged. They claimed that preaching is a personal religious activity, and notes taken should also be considered personal.

Firstly I'm not sure going door to door annoying people with talk about Jesus counts as preaching, in the same way I wouldn't classify those nutters shouting about Jesus, God, and how everyone is going to hell in the streets as preachers. Secondly, that's kind of a fucked logic using religion as an excuse to collect personal data without asking for permission first.

Finland them referred to the Court of the Justice of the European Union (ECJ) in Luxembourg for advice, and earlier today they ruled that exemptions to personal privacy do not include religious activities.

“A religious community, such as the Jehovah’s Witnesses, is a controller, jointly with its members who engage in preaching, for the processing of personal data carried out by the latter in the context of door-to-door preaching.

“The processing of personal data carried out in the context of such activity must respect the rules of EU law on the protection of personal data.”
Obviously the EU has just passed pretty strict data protection rules in the form of the GDPR, which grants users more rights over how their data is collected and handled. Specifically it means users have to give informed consent before controllers are able to process personal data. And now we know that includes any taken by annoying door-to-door missionaries that include your personal details. [Reuters]