Very good, now we have a qualified answer from someone who knows these legal matters.
Drinks on the house for Wasanelder:
I can just imagine how the incompetent men who are often completely oblivious to legal matters and technology that go by the title of 'elder' would mess this up:
At some point they need to share your ADD, so they scan it and mail it to other elders.
Now several elders have your personal identifiable data of the highest class on their PC. A PC that is often also used by their family members. A PC that may or may not have decent virus and hacker protection - it's a private PC, not a corporate one maintained by a proper IT dept. A PC that at one point may be thrown out or given away without being wiped properly by its clueless owner. God knows where your private data is kept or ends up.
At least the sending of email is done through jw so the data isn't also in several people's hotmail accounts (assuming the elders follow orders on this).
Regardless, all this is very much contrary to European law on personal data (GDPR).
For example, organizations should be able to tell you which data they keep of you, why, where, how, of how long. They must delete your data (or most of it) when you request so.
Guess what? Watchtower and your local congregation probably don't know what all those elders did with your files. They can't tell you, and are this in violation of GDPR. They also wouldn't be able to make sure all those elders removed your files when you did such a request. Another violation. And so on and so on.
Watchtower is very much screwed under GDPR. To adhere to it, they must properly arrange their affairs down to the lowest level of their officials. But when they do that, they lose the opportunity of limited liability and plausible deniability that they now often abuse when they argue that COs, congregations and elders are no part of Watchtower.
Please excuse my ignorance in such matters AA ,but why then haven`t the WT/JW/GB had their arse sued off by now ?
Or prosecuted for being in violation of GDPR law ?
What`s the good of sanctions and laws if they are seldom enforced ? If at all ?
This is due to several issues:
GDPR is relatively new. The national and international agencies that are responsible for informing, policing and enforcing the law are often overwhelmed and understaffed. They are also somewhat lenient as not all aspects of the rules are entirely clear yet (there is little jurisprudence and precedents).
Unfamiliarity of the agencies with all the companies and organizations that fail to uphold the law in this regard. How could an agency know JW elders have your ADD on their private PC unless someone complains about it? And of course the good little JW aren't gonna complain. Those who don't report child abuse certainly would not report a simple violation of privacy laws, would they? So the enforcement agencies are often in the dark.
It's interesting though that the more visible issues of Watchtower and GDPR are already being addressed. In Finland, JW were convicted for violating GDPR by taking and keeping records during field service. JW argued those notes are exempt as for strictly personal use. The courts disagreed. JW appealed to EU courts, but they agreed with Finland. So now in all of Europe JW have a problem as their field service notes are considered to be subject to GDPR. I know the Dutch government is already aware of this too, and probably the same is true for other countries too.
But processes like these run slowly....
It"s against the law period. I had asked my family doctor if he could email my scans and operative report over to the Cleveland clinic specialist in Chicago IL and he told me it was against the law here in Canada to do that. Doctors aren't allowed to use email he told me. I had to go to the patients records in the hospital and get a copy of all the scans I had and send it through mail. I couldn't even duplicate the disc from the hospital. I had to go back and get two more copies from the hospital to take with me on day of arrival to my specialist appointment. Even if the patient gave the go ahead for doctors to do so the doctors still can't do it because it is against the law.
Everything in Canada is under the Privacy Act. You can go to a dentist, doctor, EMT, etc and all need to be signed off by you that your information can be shared to an insurance company, etc. Read it carefully. Before you sign.
It is against the law (HIPAA) for a medical provider to send medical records electronically. If you're not a medical provider, HIPAA does not apply.
Likewise, I recently asked a doctor ( in US) to email some medical records and they would not do so. They did send it by fax, though