Impact of GDPR on WT HQ and EU branches? (page 2)

sillygirlforgotpassword

DOC, you have a point. I have a feeling though that this Data Privacy Policy will definitely need to be rewritten.

Something that GDPR is clear about is:
- Prior to a person's consenting to share information, the organization must be clear about what they will do with their private data. I don't think any JW is informed on the day of his baptism that such a thing takes place. As per new regulations, ideally the JW baptizer will have to get a "yes" to a question like "Are you willing to have your information recorded including hours spent, magazines distributed etc? Further, do you consent to have this information and associated comments shared between congregations when necessary?"
The current Policy saying that "....all Jehovah’s Witnesses have consented by virtue of their free and willing decision to become and identify themselves as Jehovah’s Witnesses." should not stand

- GDPR is also clear that any legacy private information stored by the Organization will now need clear (potentially written) consent. I am hoping this means that if they fail to obtain such consent, they will need to destroy data from those of us who are trying to disappear.

nicolaou

marking

stuckinarut2

Great thread! Thanks for sharing.

A few days ago, myself and another forum member were discussing the desire to obtain any information about us that the congregation has on file.

Of course, although we may have the LEGAL right to do so, we all know the ramifications from a cong standpoint if we contact them and ask for such. - especially as we are not DF or DA, but simply stopped attending for reasons of honesty and conscience. We KNOW that such a request will put us front-and-centre in their spotlight once again...and that is the thing to weigh up. Do we want such attention again?

As a side point, check out how Paul from JW.FACTS went through such a process of requesting his confidential data some years back! It is on his website.

AverageJoe1

Point 2 is their escape clause. They’ll spin it to being necessary to maintain your data even though you’ve requested that they delete it.

Personal data will be collected, processed, and used only to the extent necessary to fulfill Jehovah’s Witnesses’ religious and charitable purposes.

sillygirlforgotpassword

You have a point average joe. I’m hearing though that the data privacy policies cannot be wishy washy to an organization’s benefit versus that of an individua. Hopefully GDPR isn’t only chasing a commercial angle while overlooking less lucrative religious privacy policies

I did ask a consultant this morning how the audits will be managed and what certifying bodies exist for the purpose but with this regulation being so new we’re being told to have a “wait and see” attitude (while prioritizing compliance of course ;)

previous poster mentioned getting a journalist to cover this - that’s a great idea. U have my vote :)

sillygirlforgotpassword

Stuckinarut I’m with you - I’d rather let sleeping dogs lie and not kick up my status in the cong. The focus in the new EU regulation for me is getting them to acknowledge they do not make clear requests for consent to collect info. And they cannot share that information without consent.

Undercover elders here - would you let us know what systems are currently used to save publisher info online? Probably a tailor made wt portal? In this case Org must classify data identifying sensitivity levels, label them as such and implement controls to ensure policies are complied with. Curious to see how they do that - although it wouldn’t be much with the current namesake of a privacy policy. 😒

respectful_observer

GDPR definition of consent:
(11) 'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
=> Article: 6, 7, 8
=> Recital: 32, 33, 38, 42, 43
=> Dossier: Consent

In a recent GDPR session I attended (having nothing to do with impact to religious institutions) one of the facilitators made the comment that when it came to "special" or "sensitive categories" of data, GDPR's bar for what qualified as "consent" was much higher. She said (paraphrasing) that when it came to religion, race, etc. data, "consent" would require more than simply implied consent. Even a "check the box"/"I agree" would not be sufficient to serve as "consent". Additionally, it was mentioned that the consent given had a shelf life-- that GDPR would expect the controller of the data to seek renewal of that consent at least every 5 years.

If what I heard was correct, the WT's current privacy policy's definition of consent comes nowhere near meeting the bar set by GDPR.

respectful_observer

The first two points under article 17 says that the data should be erased unless,
1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

That casts a pretty wide net for the WT to use. I agree with other posters that this is what the WT will likely use to justify maintaining historical data on current and former members forever and I suspect the courts will be hesitant to challenge them on that.

To me, the most impactful element of GDPR will be the obligation to disclose, and obtain written consent initially and then periodically thereafter.

Drearyweather

Prior to a person's consenting to share information, the organization must be clear about what they will do with their private data. I don't think any JW is informed on the day of his baptism that such a thing takes place.

During baptism, a JW is well aware the the elders have collected his personal data on the Publisher Record Card. He even gets to see it if he wants too. In fact it is the publisher who gives the data to them. What elders and the CO's do with the card is explained in the OD book which the publisher has access to. Now, it would be a valid point if the publisher can prove that his data is being used for purposes other than what it was intended for.

After that, whether it be Auxiliary Pioneering, Regular Pio, or Bethel Service, the individual himself fills up all the forms and submits it to the elders or to the society. In most of these forms the WT has mentioned a line whereby the applicant promises to cooperate with all the legal corporations of the WT and thus gives a consent that he allows the WT to use his personal data.

If the law demands, the WT will revise its policies in this, but I am not sure if WT has been doing or collecting data illegally.

For e.g. In India, in some places where anti-conversion law exists, before getting baptized, publishers prepare a legal affidavit stating that they are leaving their former religion and becoming JW;s at their own will and submit the document to the local authorities and the congregation.

So I presume WT would do the same in the EU, to save themselves from legal worries.

However, I feel it would be naive to say that a JW doesn't know that the Org maintains personal data about him.

LongHairGal

RESPECTFUL OBSERVER:

Anybody trying to “fade” should just ignore what, if any, information the religion has on them. You’d never know for certain if anything is deleted anyway. Are they going to let you stand over them and watch them do it?

SIR82:

Very funny but true! My hours were so low because I worked full time, and I certainly was panned in the JW religion because of it. There were people there who judged my worth as nothing. That’s okay though because they’d get nothing at all from me! Let them go ask their “spiritual” friends for money. Glad to be done with this stupid charade of a religion.

Impact of GDPR on WT HQ and EU branches?

Share this