DPC (Ireland) - IN-19-7-6
DPC - IN-19-7-6 | |
---|---|
Authority: | DPC (Ireland) |
Jurisdiction: | Ireland |
Relevant Law: | Article 17 GDPR |
Type: | Investigation |
Outcome: | Other Outcome |
Started: | 07.06.2019 |
Decided: | 27.02.2023 |
Published: | |
Fine: | n/a |
Parties: | Archbishop of Dublin |
National Case Number/Name: | IN-19-7-6 |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | English |
Original Source: | DPC (in EN) |
Initial Contributor: | Ireland |
The Archbishop should now make clear that all personal data collected and recorded and otherwise processed for the purposes of the administration of sacraments is permanently retained.
English Summary
Facts
The DPC commenced the Inquiry following receipt of a number of complaints from individuals who wished to obtain erasure in relation to their personal data processed in church registers. All of the individuals had written to either their parish or to the Archdiocese asking for the erasure of their data pursuant to Article 17 GDPR.
Holding
• The Archbishop may lawfully rely on legitimate interests under Article 6(1)(f) GDPR as a legal basis for the processing of personal data of individuals which are recorded in the Baptism Register, even in such instances where an individual no longer wishes to be associated with the Catholic Church; • Subject to safeguards, the Archbishop’s interests in retaining the personal data contained in the Baptism Registers are not overridden by the interests or fundamental rights and freedoms of the individuals; • The Archbishop may rely on the legal basis under Article 9(2)(d) of the GDPR for the processing of individuals’ special category data during the course of their lifetime; The Archbishop, in processing the special category personal data in the Baptism Registers, has in place appropriate safeguards for such processing as required under Article 9(2)(d) GDPR; • Individuals may exercise the right to request rectification of the personal data contained in the Baptism Registers, in accordance with Article 16 GDPR; • The Archbishop must comply with his obligations under Article 12(3) and Article 12(4) of the GDPR in order to facilitate requests in relation to individual’s rights under Articles 15 to 22 of the GDPR; • Individuals who no longer consider themselves to be members of the Catholic Church do not have the right to obtain erasure of their personal data in the Baptism Registers under the grounds set out at Article 17(1)(a)-(f) of the GDPR; • In circumstances where an individual no longer wishes to be a member of the Catholic Church, a supplementary statement could be added by the Archbishop to the Baptism Register entry stating “No longer wishes to be identified as a Roman Catholic”.
The Archbishop should now make clear that all personal data collected and recorded and otherwise processed for the purposes of the administration of sacraments is permanently retained. The Archbishop is to: i. update the Privacy Policy of the Archdiocese to identify that the Archbishop is the data controller for the processing of personal data and special category data held in all Baptism Registers within his Archdiocese; ii. set out in the Privacy Policy the lawful basis of such processing together with the retention periods for such personal data; iii. set out in the Privacy Policy that the subsequent administration of certain sacraments to an individual such as confirmation, marriage/annulment and ordination/laicisation (or adoption) are marked on the record in the Baptism Register, explaining why this is so; iv. ensure that the parishes within the Archdiocese make the relevant Privacy Policy accessible and available to those undertaking sacraments.
Comment
This case took many years to come to a judgement, I believe the DPC has not upheld GDPR in this instance and has ruled in favour of an organization that is in breach of GDPR.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the English original. Please refer to the English original for more details.
Contents A. Introduction ....................................................................................................................................3 B. Legal Framework for the Inquiry and the Decision.........................................................................3 i) Legal Basis for the Inquiry ...........................................................................................................3 ii) Data Controller............................................................................................................................4 iii) Legal Basis for the Decision.........................................................................................................4 C. Factual Background.........................................................................................................................5 D. Scope of the Inquiry and the Application of the GDPR...................................................................6 E. Issues for Determination.................................................................................................................7 F. Analysis of the Issues for Determination ......................................................................................12 a) MATERIAL SCOPE ......................................................................................................................12 b) CONTROLLERSHIP......................................................................................................................44 c) LEGAL BASIS ............................................................................................................................102 d) RIGHT OF RECTIFICATION .......................................................................................................141 e) RIGHT OF ERASURE .................................................................................................................154 f) STORAGE LIMITATION.............................................................................................................171 g) SUMMARY OF FINDINGS .........................................................................................................176 G. Finding Regarding Article 5(2).....................................................................................................179 H. Decision on Corrective Powers ...................................................................................................179 I. Order to amend the Privacy Policy .............................................................................................180 J. Right of appeal ............................................................................................................................180 Appendix 1: LIST OF ABBREVIATIONS/ RELEVANT TERMS..................................................................181 A. Introduction 1. This document (‘the Decision’) is a decision made by the Data Protection Commission (‘the DPC’) in accordance with section 111 of the Data Protection Act 2018 (‘the 2018 Act’). I make this Decision having considered the information obtained in the own volition inquiry IN-19-7-6 (‘the Inquiry’) pursuant to section 110 of the 2018 Act. 2. The Archbishop of Dublin (‘the Archbishop’) was provided with a Draft Decision (‘the Draft Decision’) on this inquiry on 4 November 2022 to give him a final opportunity to make any submissions. The Decision is being provided to the Archbishop pursuant to section 116(1)(a) of the 2018 Act in order to give the Archbishop notice of the Decision, the reasons for it, and the corrective powers that I have decided to exercise. 3. This Decision contains corrective powers under section 115 of the 2018 Act and Article 58(2) of the General Data Protection Regulation (‘the GDPR’) arising from the infringements which have been identified herein. The Archbishop will be required to complywith these corrective powers, and it is open to this office to serve an enforcement notice on the Archbishop in accordance with section 133 of the 2018 Act. B. Legal Framework for the Inquiry and the Decision i) Legal Basis for the Inquiry 4. The GDPR is the legal regime covering the processing of personal data in the European Union. As a regulation, the GDPR is directly applicable in EU member states. The GDPR is given further effect in Irish law by the 2018 Act. As stated above, the Inquiry was commenced pursuant to section 110 of the 2018 Act. By way of background in this regard, under Part 6 of the 2018 Act, the DPC has the power to commence an inquiry on foot of a complaint, or of its own volition. 5. Section 110(1) of the 2018 Act provides that the DPC may, for the purpose of section 109(5)(e) or section 113(2) of the 2018 Act, or of its own volition, cause such inquiry as it thinks fit to be conducted, in order to ascertain whether an infringement has occurred or is occurring of the GDPR or a provision of the 2018 Act, or regulation under the Act that gives further effect to the GDPR. Section 110(2) of the 2018 Act provides that the DPC may, for the purposes of section 110(1), where it considers it appropriate to do so, cause any of its powers under Chapter 4 of Part 6 of the 2018 Act (excluding section 135 of the 2018 Act) to be exercised and / or cause an investigation under Chapter 5 of Part 6 of the 2018 Act to be carried out. ii) Data Controller 6. The Archbishop of Dublin administers to and is responsible for the Archdiocese of Dublin. The current Archbishop of Dublin is the Most Reverend Dr. Dermot Farrell D.D., appointed on 29 December 2020, who succeeded the Most Reverend Dr. Diarmuid Martin D.D., the Archbishop of Dublin at the time of the commencement of this Inquiry. The Archbishop of Dublin also serves as pastor of StMary's Pro-Cathedral. The DPC acknowledges that theMost Reverend Dr. Dermot Farrell D.D.’s predecessor, the Most Reverend Dr. Diarmuid Martin D.D., made a number of submissions in the context of this Inquiry. All references to the Archbishop throughout this Decision refer to the role or office of the Archbishop rather than specifically to the Most Reverend Dr. Dermot Farrell D.D.’s or the Most Reverend Dr. Diarmuid Martin D.D.. 7. The Archdiocese comprises of 197 parishes and spans county Dublin, parts of countiesWicklow, Kildare, Carlow, Laois and Wexford and is governed by the Archbishop. The Diocesan Curia, comprising of officials appointed by the Archbishop including the Moderator of the Curia and the Chancellor, assists the Archbishop in the governance of the Archdiocese1. 8. In commencing the Inquiry, the DPC expressed the preliminary view that the Archbishop may be the controller, within the meaning of Article 4(7) of the GDPR, in respect of personal data within church records contained in Church Registers, pursuant to Article 4(6) of the GDPR. iii) Legal Basis for the Decision 9. The decision-making process for the Inquiry which applies to this case is provided for under section 111 of the 2018 Act, and requires that the DPCmust consider the information obtained during the Inquiry to decide whether an infringement is occurring or has occurred and, if so, to decide on the corrective powers, if any, to be exercised. As the sole member of the DPC as defined in section 15 of the 2018 Act, I perform this function in my role as the decision-maker in the DPC. In so doing, I am required to assess all of the materials and submissions gathered during the Inquiry and any other materials that I consider to be relevant, in the course of the decision-making process. 10. A full schedule of all documentation considered by me for the purpose of the preparation of this Decision is appended hereto. 11. Having considered the information obtained in the Inquiry, I am satisfied that the Inquiry has been correctly conducted and that fair procedures have been followed throughout. I will have regard to any submissions that the Archbishop may decide to make in respect of this Decision before proceeding to make a final Decision under section 111 of the 2018 Act. 1 Canon 469-470. C. Factual Background 12. The DPC received a number of complaints, from data subjects who wished to exercise the right to obtain erasure in relation to their personal data processed in church registers (including baptism, confirmation and marriage registers) held within the Archdiocese Church registers. All data subjects had written to either their parish or the Archdiocese asking for the erasure of their personal data pursuant to Article 17 GDPR. The Archdiocese refused the requests on the basis that the personal data were still necessary for the purpose for which they were collected and/or the Church Registers were a record of historical fact and not membership of the Church; and in any event, such records fell outside the scope of the GDPR. 13. Prior to the commencement of the Inquiry, the DPC put the Archbishop on notice of the complaints received relating to the retention of personal data by the Catholic Church by way of certain records relating to individuals contained in Church Registers. The complainants’ ability to exercise their data protection rights in respect of church records relating to them, such as the right to access the personal data and the right to obtain erasure of the personal data was outlined in this correspondence. Further, the DPC raised the issue of identifying the controller of these church records. The DPC confirmed its intention to commence an own volition inquiry under section 110 of the 2018 Act, noting that this inquiry would not be focused specifically on any individual complaint but would seek to address, in a collective manner, the general issues arising from all complaints received on this particular issue. 14. By correspondence to the DPC dated 18 June 2019, Monsignor Callan, for and on behalf of the Archdiocese of Dublin, expressed inter alia the opinion that baptism registers did not come within the material scope of the GDPR, as set out in Article 2(1) of the GDPR. Monsignor Callan stated that baptism registers are maintained in hard copy, are not organised in alphabetical order, are not processed by automated means and he submitted that they do not consist of a filing system within themeaning of Article 4(6) of the GDPR.Monsignor Callan further provided a reasoned opinion as to why the parish priest and not the Archbishop was the controller of all personal data held in the Church Registers. 15. The DPC issued an Inquiry Commencement Letter (‘the Commencement Letter’) to the Archbishop on 20 December 2019 notifying that the DPC had commenced an Inquiry under and in accordance with section 110(1) of the 2018 Act. 16. The decision to commence the Inquiry was taken as the DPC had formed the preliminary view that the Church Registers were within the material scope of the GDPR and that the Archbishop was a controller and/or joint controller of the personal data contained in these Church Registers. 17. The Inquiry is an own volition inquiry conducted by the DPC relating to the refusal by the Archdiocese of Dublin (‘the Archdiocese’) of certain data subjects’ requests to obtain the erasure of their personal data. The Archdiocese refused the requests on the basis that the personal data were still necessary for the purpose for which they were collected and/or the Church Registers were a record of historical fact and not membership of the Church; and in any event, such records fell outside the scope of the GDPR. Having considered the issues arising, the DPC decided to commence an own volition inquiry pursuant to Section 110 of the 2018 Act for the purpose of assessing the extent to which the Archbishop of Dublin complied with its legal obligations pursuant to data protection law. 18. The Commencement Letter set out that the Inquiry would formally document the facts as they relate to the subject of the Inquiry. The relevant facts ascertained prior to the commencement were set out in the Commencement Letter. The facts, as established during the course of the Inquiry, are set out below in this Decision. 19. Having received the Archbishop’s submissions, the DPC prepared an Inquiry Issues Paper to document the relevant facts established and the issues that fell for consideration by me as Decision-Maker for the purpose making a decision under section 111 of the 2018 Act in respect of this Inquiry. The DPC furnished the Archbishop with the Inquiry Issues Paper on 9 February 2022 and invited the Archbishop’s submissions on any inaccuracies and/or incompleteness in the facts. 20. The Archbishop provided comments on the Inquiry Issues Paper on 31 March 2022. The comments provided additional information relating to the facts as set out in the Inquiry Issues Paper. The comments on the Inquiry Issues Paper were analysed and I considered them as part of the Draft Decision. 21. On 4 November 2022, I provided the Draft Decision to the Archbishop. The Archbishop was afforded the opportunity to make submissions on the proposed infringement that was identified in the Draft Decision and the corrective power that I proposed to exercise. On 1 February 2023, the Archbishop made submissions on the Draft Decision. I have had full regard to those submissions and I have reached conclusions that an infringement of data protection legislation has occurred and that it is necessary to exercise certain corrective powers. This infringement and corrective powers are set out in this Decision. D. Scope of the Inquiry and the Application of the GDPR 22. The scope of the Inquiry, which was set out in the Commencement Letter, was to examine the following aspects of GDPR and the 2018 Act, in connection with the processing of personal data of data subjectswho no longer wish to have their personal data recorded in all Church Registers: i. Article 5(1)(e) – the principle of storage limitation; ii. Article 6 – lawful basis for processing personal data; iii. Article 9 – lawful basis for processing special category personal data; iv. Article 16 – the right of a data subject to the rectification of inaccurate personal data concerning him or her; v. Article 17 – the right of a data subject to obtain erasure of personal data concerning him or her; vi. Article 89 – safeguards and derogations relating to processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; and vii. the relevant provisions in the 2018 Act - which gives further effect to those provisions, specifically sections 36, 42, 54, and 61; 23. The Commencement Letter stated that the Inquiry might also take into account the Archbishop’s compliance with Article 5(2) of the GDPR (the principle of accountability), in addition to his compliance with Article 31 of the GDPR, (co-operation with the supervisory authority). 24. Following a consideration of the Archbishop’s submissions, the DPC narrowed the focus of the Inquiry from all Church Registers, to all Baptism Registers held in the Archdiocese only, including the ‘Parish Registers’ and those held in the Chancellery i.e. the register of baptisms of persons who are adopted (the ‘Adopted Persons Baptism Register’) and the register of baptisms for baptisms that took place in Holy Cross College, Clonliffe (the ‘Clonliffe College Registers’). E. Issues for Determination 25. Having reviewed the Inquiry Issues Paper and the other relevant materials, I consider that the following issues arose for determination: Material Scope - The DPC expressed a preliminary view in the Commencement Letter that the personal data and special category personal data contained in the church records (now in respect of all Baptism Registers in the Archdiocese only) form part of a filing system within the meaning of Article 4(6) of the GDPR. It is acknowledged, that the Archbishop disagrees with this view and has made a number of submissions asserting that the Baptism Registers are outside of thematerial scope of the GDPR. As such, the following issues arise for determination with respect to whether the personal data contained in the Baptism Registers fall within the material scope of the GDPR: i. whether the processing of the personal data contained in the Baptism Registers is undertaken wholly or partly by automated means; ii. in circumstanceswhere the processing is other than by automatedmeans,whether the Baptism Registers form part of a filing system or are intended to form part of a filing system, having regard to the definition of filing system under Article 4(6) of the GDPR; and iii. whether any of the exemptions to the scope of the GDPR as set out in Article 2(2) apply to the processing of the Baptism Resisters. Controllership - The DPC expressed a preliminary view in the Commencement Letter that the Archbishop was the (sole) controller in respect of the personal data contained in Church Registers (now in respect of the Baptism Registers only). Subsequently, the DPC confirmed to the Archbishop that it was also considering the proposition that both the Archbishop and the parish priest, having recourse inter-alia to Canon Law, may determine to different extents the purposes and means of processing in relation to the Baptism Registers, leading to a position of joint controllership. The Archbishop disagrees with this position and has made a number of submissions in the course of the Inquiry refuting sole or joint controllership of the Baptism Registers emphasising both the role of the parish priests and the Chancellor in this regard. As such, the following issue arises for determination based on a consideration of the submissions of the Archbishop to date: i. the extent to which the Archbishop alone and / or jointly with the parish priest or others determines the purpose and means of the processing of the personal data and special category personal data contained in the Baptism Register which are now the subject of this Inquiry; Legal Bases for processing - In circumstances where I form a preliminary view that (i) the personal data contained in the Baptism Registers falls within the material scope of the GDPR; and (ii) the Archbishop is the relevant controller or joint controller of the personal data contained in Baptism Registers, I must then, based on the submissions received from the Archbishop to date, form a view as to the Archbishop’s compliance with Articles 6 and 9 of the GDPR, in particular on the following issues: i. In relation to the processing of personal data and special category personal data of data subjects who no longer wish to have their personal data recorded in any Baptism Registers: a) whether the Archbishopmay rely on legitimate interests for the processing of Baptism Registers, in accordance with on Article 6(1)(f) of the GDPR, in circumstances where the processing is necessary for the purposes of the legitimate interests pursued by the Archbishop; b) whether, and to what extent the Archbishop’s interests (or those of a third party) in retaining the personal data and special category personal data are overridden by the interest or fundamental rights and freedoms of the data subjects and accordingly whether the Archbishop is entitled to rely on Article 6(1)(f) for the processing of the personal data and special category personal data; c) whether the Archbishop is entitled to rely on Article 9(2)(d) of the GDPR for the processing of the special category personal data contained in the Baptism Registers, which permits processing carried out in the course of the Archbishop’s legitimate activities as a foundation, association or non- profit body with a religious aim where the processing relates solely to members or former members of the body or to persons who have regular contact with it in connection with its purposes and where the special category personal data are not disclosed outside the body without the consent of the data subjects; if so, whether the Archbishop put in place the required appropriate safeguards for such processing under Article 9(2)(d); and d) in assessing the legal bases relied on by the Archbishop, whether the Archbishop is compliant with the principle of purpose limitation under Article 5(1)(b) of the GDPR and the principle of lawfulness fairness and transparency under Article 5(1)(a) of the GDPR. ii. In relation to any further processing (processing beyond the original purpose of collection) of personal data and special category personal data of data subjects who no longer wish to have their personal data recorded in the Baptism Registers: a) whether the Archbishop may rely on legitimate interests for the processing, in accordance with on Article 6(1)(f) of the GDPR, in circumstances where the processing is necessary for the purposes of the legitimate interests pursued by the Archbishop; b) whether, and to what extent the Archbishop’s interests (or those of a third party) in further processing the personal data and special category personal data are overridden by the interest or fundamental rights and freedoms of the data subjects and accordingly whether the Archbishop is entitled to rely on Article 6(1)(f) for the further processing of personal data and special category personal data; c) whether the Archbishop is entitled to rely on Article 9(2)(j) of the GDPR for the further processing of special category personal data contained in the Baptism Registers, which permits processing which is necessary for archiving purposes in the public interest, scientific or historical research purposes in accordance with Article 89(1) of the GDPR; if so, whether the Archbishop put in place the required appropriate safeguards for such processing in accordance with Article 89(1) of the GDPR, which ensure that technical and organisational measures are in place in particular in order ensure respect for the principle of data minimisation; d) whether the processing of special category personal data is necessary and proportionate for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Section 54 of the 2018 Act; e) whether, in circumstances where processing is established to be necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, (i) suitable and specific measures have been taken by the Archbishop to safeguard the fundamental rights and freedoms of data subjects; (ii) the processing respects the principle of data minimisation (Article 5(1)(c) of the GDPR); and (iii) where the purposes can be fulfilled by processing which does not permit or no longer permits identification the processing is fulfilled in that manner, in accordance with Section 42 of the 2018 Act; f) whether, in circumstances where processing is established to be necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, data subject rights have lawfully been restricted in accordance with Section 61(1) and 61(2) of the 2018 Act to the extent that the exercise of any of those rights would be likely to render impossible, or seriously impair, the achievement of those purposes, and such restriction is necessary for the fulfilment of those purposes; and g) in assessing the legal bases relied on by the Archbishop, whether the Archbishop is compliant with the principle of purpose limitation under Article 5(1)(b) of the GDPR and the principle of lawfulness fairness and transparency under Article 5(1)(a) of the GDPR. The right to obtain rectification – Article 16 - In circumstances where I form a view that (i) the personal data and special category personal data contained in the Baptism Registers falls within the material scope of the GDPR; and (ii) the Archbishop is the relevant controller or joint controller of the personal data contained in the Baptism Registers, I must then, based on the submissions received from the Archbishop to date, form a preliminary view as to the Archbishop’s compliance with Article 16 of the GDPR, in particular on the following issues: i. whether a data subject has the right to obtain from the Archbishop the rectification of inaccurate personal data concerning him or her; ii. whether the recording of a data subject’s sacrament of baptism in the Baptism Registers, in circumstances where the data subject no longer consider themselves to be a member of the Catholic Church, constitutes inaccurate or incomplete personal data within the meaning of Article 16 of the GDPR, with reference to the Archbishop’s compliance with the principle of accuracy under Article 5(1)(d) of the GDPR in this regard; iii. whether data subjects who no longer consider themselves to be members of the Catholic Church have the right to obtain rectification of their sacramental status or their status as members of the Catholic Church in the church records contained in the Baptism Registers or where the personal data is found to be incomplete, have the right to have this personal data completed, including by means of providing a supplementary statement; and iv. whether, in circumstances where a right to rectification exists, the data subjects’ rights may be restricted by the Archbishop pursuant to Section 61(2) of the 2018 Act, where the processing is for historical research purposes and the exercise of the right would be likely to render impossible or seriously impair, the achievement of these purposes and the restriction is necessary for the fulfilment of those purposes. The right to obtain erasure – Article 17 - In circumstances where I form a preliminary view that (i) the personal data and special category personal data contained in the Baptism Registers falls within the material scope of the GDPR; and (ii) the Archbishop is the relevant controller or joint controller of the personal data contained in the Baptism Registers, I must then, based on the submissions received from the Archbishop, form a view as to the Archbishop’s compliance with Article 17 of the GDPR, in particular on the following issues: i. whether a data subject has the right to obtain from the Archbishop the erasure of personal data concerning him or her, in circumstances where one of the grounds listed under Article 17(1)(a)-(f) of the GDPR applies; ii. whether data subjects who no longer consider themselves to be members of the Catholic Church have the right to obtain erasure of their personal data in the Baptism Registers under the grounds set out at Article 17(1)(a)-(f) of the GDPR; and iii. whether, a data subject’s right to erasure may be lawfully dis-applied by the Archbishop to the extent that processing is necessary: a) for exercising the right to freedom of expression and information, pursuant to Article 17(3)(a) of the GDPR; b) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), pursuant to Article 17(3)(d) of the GDPR; or c) for exercising the right to freedom of religion. Storage Limitation - In circumstances where I form a view that (i) the personal data and special category personal data contained in the Baptism Registers falls within the material scope of the GDPR; and (ii) the Archbishop is the relevant controller or joint controller of the personal data contained in the Baptism Registers, I must then, based on the submissions received from the Archbishop, form a view as to the Archbishop’s compliance with the principle of storage limitation contained in Article 5(1)(e) of the GDPR, in particular on the following issues: i. whether the personal data and special category personal data contained in the Baptism Registers are kept in a form which permits identification for no longer than is necessary; ii. whether the personal data and special category personal data contained in the Baptism Registers are processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, and are subject to the implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject; and iii. whether, in circumstances where the personal data and special category personal data is processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, it may be stored for longer periods. F. Analysis of the Issues for Determination a) MATERIAL SCOPE Issue 1 for determination: whether processing of personal data contained in the Baptism Registers is undertaken wholly or partly by automated means Relevant Provisions 26. Article 2(1) of the GDPR states that the GDPR applies “to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system”. 27. Article 4(1) of the GDPR defines “personal data” as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. 28. Article 4(2) of the GDPR defines “processing” as “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”. 29. Article 4(6) of the GDPR defines a “filing system” as “any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis”. 30. Recital 15 of the GDPR is also of assistance in interpreting the meaning of a filing system: “in order to prevent creating a serious risk of circumvention, the protection of natural persons should be technologically neutral and should not depend on the techniques used. The protection of natural persons should apply to the processing of personal data by automated means, as well as to manual processing, if the personal data are contained or are intended to be contained in a filing system. Files or sets of files, as well as their cover pages, which are not structured according to specific criteria should not fall within the scope of this Regulation” 31. The DPC expressed a preliminary view in the Commencement Letter that the personal data contained in church records (now in respect of the Baptism Registers only) forms part of a filing system within the meaning of Article 4(6) of the GDPR. Relevant Background 32. The focus of this Decision is on the Baptism Registers held within the Archdiocese of Dublin only, and not on any other church registers or church records held in this Archdiocese, whether in parishes or otherwise. This is on the basis that the sacrament of baptism is considered the gateway to the other sacraments (in accordance with canon 849). 33. The Catholic Church is governed by its own internal body of law, the Code of Canon Law (‘Canon Law’). The most recent version of the Code of Canon Law was codified and promulgated in 1983.2 While the position in Canon Law is not determinative of the position under Irish or EU law, it is a relevant consideration to which I will have regard in considering all issues, which arise for determination within this Decision. The relevance of Canon Law to the inquiry is set out at paragraphs 254 and 255. 34. I note that canon 535 §1 requires that each parish keep certain parochial registers for “baptisms, marriages, deaths, and others as prescribed by the conference of bishops or the diocesan bishop. The pastor is to ensure that these registers are accurately inscribed and carefully preserved”.3 Certain other church registers are held by the Archdiocese in the Chancellery office of the Diocesan Office, including the Adopted Persons Baptism Registers and the Clonliffe College Baptism Registers. 2 The DPC has referred throughout this Decision to Canon Law as set out by the Vatican, https://www.vatican.va/archive/cod- iuris-canonici/cic_index_en.html: https://wipolex.wipo.int/en/legislation/details/9033. 3 Further to Canon 895 and Decree No. 6 of the Irish Episcopal Conference as promulgated in Intercom December 1987/January 1988. 35. The Church Registers held in the parishes and in the Chancellery office indicate the sacramental status of a person in the Roman Catholic Church. Baptism is the first and most basic sacrament of Christian initiation and as confirmed by the Archbishop, it can only be received once.4 A person must be baptised before they can receive any other sacrament, such as the sacraments of confirmation, marriage or Holy Orders. As such, the Roman Catholic Church maintains a record of all those persons who have been baptised so that in the event an individual wishes to receive another sacrament, their baptismal status can be ascertained in advance. Therefore, the Baptism Register is the reference point from which any other parish can ascertain whether a person has been baptised. When an individual subsequently receives another sacrament, the Baptism Registermust be noted accordingly as those other sacraments can also only be received once also. The maintenance and retention of such records is essential to the administration of the Roman Catholic Church.5 36. Any changes regarding the sacramental status of a person must be annotated in the Baptism Register wherein their baptism is recorded, in accordance with canon 535 §2 (even where also recorded in a separate register, e.g. confirmation register or marriage register).6 37. Baptism Registers are maintained in hard copy. According to the Archbishop, referring to parochial registers, “the hard copy, bound volume is the only authentic, authoritative register”.7 Individual baptism registers may contain entries spanning a number of years. The Baptism Register is replaced only when it is full. A full Baptism Register is stored in the Parish. Baptism Registers are only transferred from a Parish into the Diocesan archive when a Parish is suppressed. 38. The entries in a Baptism Register are made when individuals are presented for baptism, in chronological order, based on the date of presentation. There is no prescribed form for baptism registers, though they will include the following fields: • Christian name of person for baptism • Surname • Born/Day/Month/ • Name of Parent(s)/guardian(s) • Residing at Domicile • Duly Baptised – Day/Month • Celebrant of Baptism • Name(s) of Godparent(s). 4 Submissions dated 15 October 2020, page 24. 5 Submissions dated 15 October 2020, page 24. 6 This is set out in canon 535 §2, which states that: “In the baptismal register are also to be noted confirmation and those things which pertain to the canonical status of the Christian faithful by reason of marriage, without prejudice to the prescript of _can. 1133, of adoption, of the reception of sacred orders, of perpetual profession made in a religious institute, and of change of rite. These notations are always to be noted on a baptismal certificate“. 7 Submissions dated 16 March 2020, page 31. 39. The sample Baptism Register pages provided by the Archbishop to the DPC also typically include a field at the top of each page to fill in the year in which those baptisms took place.8 Pro-forma register books for baptism, confirmation, marriage or death are commercially available from religious goods shops with these specific fields designated. 40. Baptism Registers are annotated with any further matters pertaining to the canonical status of a person, for example if a person receives further sacraments, such as confirmation, marriage or the reception of holy orders. Annulments of marriages will also be annotated in the baptism register. In order to annotate a baptism register entry following a confirmation, a confirmation card is completed, which allows the parish in which the confirmation took place record the confirmation in its confirmation register. The information on the card is then used to annotate the baptism register (if this occurred in a different parish, the confirmation card is sent to that parish), after which the confirmation card is destroyed. Similarly, where a marriage occurs, a pre-defined form used by all parishes is completed. This form is forwarded to the parish inwhich the baptism of the individuals took place. That parish then annotates the baptism register to reflect the fact of marriage. 41. Generally, a manual search of the baptism register will be carried out by the various parishes when required to do so for the purposes of retrieving or annotating these records.Where there is no index for the register, a search through hard copy records is required.9 42. In 2018, the Archdiocese entered 13,234 baptisms into baptism registers, 16,929 confirmations into confirmation registers and 1,334 marriages into marriage registers. I note that each marriage and confirmation registered was annotated into the relevant baptism registers (though not necessarily baptism registers located within the Archdiocese).10 43. The Baptism Register is consulted by the parish priest when a request for a baptism certificate is made by an individual (or their parents/guardian if under 16 years of age). Requests for certificates normally arise when a person is preparing to receive another sacrament, such as confirmation ormarriage. If a person contacts a parish looking for baptism records, they receive a form, which enables them to apply for a copy of their baptism certificate. 44. In specific circumstances, alteration may also be made to a baptism register entry, for example where a person changed their name by deed poll. The Directives and Guidelines for Sacramental and Pastoral Practice (2011) (the “Guidelines”) state that any alteration to the baptism register must be authorised through the Chancellery,11 in particular that “the express permission of the Chancellery is required before any alteration or emendationmay bemade in an entry in any such parochial register”.12 Documentary evidence is generally required to ground such a request for an alteration. 8 Submissions dated 15 October 2020, Schedule of Documents, (pages 212-213 of the PDF submission). 9 Submissions dated 15 October 2020, page 5. 10 Submissions dated 16 March 2020, page 7. 11 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, Appendix 3, (page 27 of PDF submission). 12 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, section 4.5 (page 23 of the PDF submission). 45. Although deletions of entries contained within the baptism registers are not permitted, there is no canonical prohibition on the recording of additional details in a baptism register. The prohibition on the alteration of the Baptism Registers is not expressly set out in Canon Law. 46. In these cases, the parish priest either will apply to the Chancellery for authorisation to make that change, or will direct the applicant to contact the Chancellery themselves. In certain limited circumstances, the parish priest may then make a change. The Archbishop provided the DPC with examples of letters from the Chancellery to a parish priest requesting that certain amendments bemade to an entry in a baptism register. These letters indicated that information which is to be altered is not deleted or erased, but, in the case of an error in a date of birth or a change of name, a line is drawn through the out of date information, the new information is inserted and a note is made of the corrected information. A direction is placed in the baptism register, e.g. “Future certificates to reflect changes made”.13 47. The Archbishop informed the DPC that he is aware of “informal” methods of indexing these registers though he is unaware of the extent of this practice within the parishes of the Archdiocese. In respect of the Archbishop’s own parish, St Mary’s Pro-Cathedral, a hardcopy indexing system is in place. Based on the extract provided by the Archbishop, this index appears to consist of an alphabetical list of individuals who have been baptised, within a particular time frame (in this case, between 1915 and 1918). Also, each entry in the index is accompanied by a number indicating the location of the entry in the baptism registers.14 48. The Archbishop is also aware of practices such as scanning copies of the baptism registers and the use of electronic database systems or “pastoral management systems” to record such information.15 Microfilmed copies of baptism registers have been created and shared with the National Library of Ireland. In the instance of the Adopted Persons Baptism Register held in the Chancellery, an electronic version of this is maintained, “for easy searching”.16 49. With respect to storage of the Baptism Registers held in parishes, each parish is required to have an archive, in which parochial books are to be kept, together with any and other documents which itmay be necessary or useful to preserve. In general, parish baptism registers are kept in safe rooms which are fireproofed and which are only accessible by the parish priest and certain other authorised personnel.17 50. With respect to storage of the registers, Baptism Registers held in the Chancellery Office were previously stored at Clonliffe College. Following the sale of the Clonliffe College buildings, the Chancellery Office is now located in the Archbishop’s House, Drumcondra Road, Dublin 9 and the Diocesan Offices have appropriate security measures in place, with entry to the Chancellery being only permitted by the staff members. 13 Submissions dated 15 October 2020, Schedule of Documents, page 193. 14 Submissions dated 15 October 2020, Schedule of Documents, page 234. 15 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, Appendix 3, (page 27 of PDF submission); Appendix 3 of the Guidelines provide guidance on the “Requirements for the Secure Maintaining of Duplicate Electronic Sacramental Records in Parishes” which appears to envisage parishes employing electronic records of Church Registers. 16 Submissions dated 15 October 2020, page 1. 17 Submissions dated 16 March 2020, page 29. See also storage requirements set out at Canon 535 §4. 51. With respect to retention periods, the Baptism Registers are retained in perpetuity.18 52. The Baptism Registers are private records and are not generally accessible by the public. The “Archbishop dictates policy with regard to access” to the Baptism Registers.19 Relevant Case Law 53. In the judgment of the Court of Justice of the European Union (“CJEU”) in C-25/17 Jehovan Todistajat the CJEU considered the meaning of a filing system.When considering the definition of “filing system” contained in Article 2(c) of Directive 95/46/EC the CJEU stated that: “a ‘filing system’, referred to by that provision, covers a set of personal data collected in the course of door-to-door preaching, consisting of the names and addresses and other information concerning the persons contacted, if those data are structured according to specific criteria which, in practice, enable them to be easily retrieved for subsequent use. In order for such a set of data to fall within that concept, it is not necessary that they include data sheets, specific lists or other search methods”.20 54. The CJEU also stated that in relation to the specific criteria used, “the specific criterion and the specific form in which the set of personal data collected by each of the members who engage in preaching is actually structured is irrelevant, so long as that set of data makes it possible for the data relating to a specific person who has been contacted to be easily retrieved”.21 55. Also considered is the recent judgment of the Court of Appeal of England and Wales, Dawson- Damer v Taylor Wessing,22 in which the Court set out four criteria for determining whether a relevant filing system,within themeaning of the UK Data Protection Act 1998 (which gave direct effect to Directive 95/46/EC), was in place: “First, are the files a “structured set of personal data”? Secondly, are the data accessible according to specific criteria? Thirdly, are those criteria “related to individuals”? Fourthly, do the specific criteria enable the data to be easily (or “readily” as the 1998 Act puts it) retrieved?”23 56. Although these cases were decided before the GDPR came into force (and bearing in mind that Damer v Wessing is only of persuasive authority), the consideration in these cases of the meaning of a filing system remains somewhat relevant, in circumstances where the definition of filing system remains the same under Article 2(c) of Directive 95/46/EC and Article 4(6) of the GDPR. 18 Submissions dated 16 March 2020, page 31. 19 Submissions dated 15 October 2020, Schedule of Documents, Administrative Regulations and Guidelines for Parishes (October 2017), (page 32 of the Guidelines document and/or page 167 of the PDF submissions). 20 Case C-25/17, Jehovan Todistajat, EU:C:2018:551, paragraph 62. 21 Case C-25/17, Jehovan todistajat, EU:C:2018:551, paragraph 61. 22 Dawson-Damer v Taylor Wessing [2020] EWCA Civ 352. 23 Dawson-Damer v Taylor Wessing [2020] EWCA Civ 352, paragraph 90. 57. Although Recitals 15 and 27 of Directive 95/46/EC note that a filing system is to be “structured according to specific criteria relating to individuals, so as to permit easy access to the personal data in question”, the current and updated position under Recital 15 of the GDPR does not contain any reference to a requirement for a filing system to be structured so as to permit “easy access”. Archbishop’s Submissions 58. The Archbishop accepts that the information recorded in the Baptism Registers constitutes personal data in accordance with Article 4(1) of the GDPR; however, he disagrees with the view of the DPC that Baptism Registers fall under the material scope of the GDPR. The Archbishop has made numerous submissions on this point. 59. The Archbishop submitted that the Baptism Registers are not subject to the GDPR, as the entries in the Baptism Registers that contain personal data and special category personal data are not processed by automated means and do not form part of a filing system within the meaning of the GDPR.24 60. The Archbishop submitted that the hardcopy baptism registers, which contain personal data, do not form part of a filing system, as they do not provide “easy access” as “it is not possible to search same using specific criteria”.25 The Archbishop referred to the CJEU judgment of C-25/17 Jehovan Todistajat in this regard, and the finding of the CJEU that a filing system must be “structured in order to allow easy access to personal data”. In particular, the Archbishop noted three elements that were set out in that judgment as the requirements of a filing system: “(i) The data must be structured by reference to specific criteria; (ii) The criteria must be “related to individuals”; (iii) The specific criteria must enable the data to be easily retrieved. It is submitted that the baptism registers do not fulfil either (i) or (iii) of these criteria”. 24 Submissions dated 16 March 2020, pages 12-13. 25 Submissions dated 16 March 2020, page 13. 61. The Archbishop also submitted that the date of baptism is “entirely random” and “does not correspond to age or date of birth”26 and as such does not qualify as a “specific criteria” within the meaning of the GDPR or the elements set out by the CJEU in C-25/17 Jehovan Todistajat. In C-25/17 Jehovan Todistajat, the CJEU stated that it was clear from Recitals 15 and 27 of Directive 95/46/EC the content of a filing system must be structured in order to allow easy access to personal data and that it was clear from these recitals that the specific criteria “must be ‘relat[ed] to individuals”.27 The Archbishop asserted that the DPC has not demonstrated how the criteria in question with respect to the Baptism Registers relate to individuals and in that regard, the Archbishop referred to the following passage in C-25/17 Jehovan Todistajat also: “Thus, it appears that the personal data collected in the course of the door-to-door preaching at issue in the main proceedings are structured according to criteria chosen in accordance with the objective pursued by that collection, which is to prepare for subsequent visits and to keep lists of persons who no longer wish to be contacted. Thus, as it is apparent from the order for reference, those criteria, among which are the name and address of persons contacted, their beliefs or their wish not to receive further visits, are chosen so that they enable data relating to specific persons to be easily retrieved” (emphasis added by Archbishop).28 62. Further, the Archbishop submitted that the personal data contained in the Baptism Registers are not easily retrieved as: “information about a person’s baptism can only be retrieved from a baptism register through a manual, line-by-line, page-by-page, search of likely dates as to when the baptism occurred. This can be complicated by the fact that, in some cases, a person will not know the Parish of his or her baptism… There is no central database which allows identification of the place of a person’s baptism and it would be for the person concerned to provide information as to the likely place of baptism, so that the registers in that Parish can be searched”.29 63. The Archbishop also noted the following points: “a person’s current address may not be sufficient in determining a Parish of baptism. A person may now reside in Glasnevin Parish, but at the time of baptism resided in Iona Road Parish; date of birth does not give any indication of date of baptism. In the past, children were generally baptised within a few days of birth. However, more recently, there can be a period of six months or more between the date of birth and date of baptism, making the identification of the date of baptism much more difficult. a search of baptism registers for a particular entry requires a trawl through large books of handwritten records, sometimes resulting in the unsuccessful search of books of the baptism registers in several parishes. In some cases, information in the baptism register is irretrievable as it simply cannot be found”. 26 Submissions dated 16 March 2020, page 14. 27 C-25/17 Jehovan todistajat, paragraph 57. 28 C-25/17 Jehovan todistajat, paragraph 60; Submissions dated 16 March 2020, page 15. 29 Submissions dated 16 March 2020, page 15. 64. It is on this basis that the Archbishop contends that the Baptism Registers do not meet the requirements to be a filing system as set out in C-25/17 Jehovan todisajat, with these not being structured according to a specific criteria and not being easily retrievable as a manual page-by- page search is required to locate the entries containing a data subject’s personal data in the Baptism Registers. 65. The Archbishop also referred to the Advocate General’s Opinion for case C-73/07 Tietosuojavaltuutettu v SatakunnanMarkkinaporssi Oy30 of the CJEU, in which the issue of filing systems was considered in the context of the publication of alphabetical lists in regional newspapers of data obtained from Finnish tax authorities. These comprised of the names of data subjects and their income bracket organised by municipality, and a text messaging service provided relating to that publication.31 In that Opinion, the Advocate General’s view was that the publication of the tax data in question in this case constituted a filing system. The Archbishop distinguished the Baptism Registers from the alphabetical lists of tax data, arguing that unlike the lists in this case, the Baptism Registers are “not structured so as to be accessible according to particular criteria, but rather contains entries in chronological order only. The dates themselves do not correspond to any identifiable date relating to the person baptised, ie entries are not listed by date of birth”32. 66. The Archbishop also referred to a judgment of the Supreme Court of Spain, case STS 4646/2008,33 which related to whether baptism registers (referred to as ‘Baptism Books’ in the translation) constituted a filing system. The Court stated that: “…it cannot be accepted that such personal data referred to by the Instance Court is contained in the Baptism Books as an organised collection as required by Art. 3(b) of OL 15/99, but rather a pure accumulation of information that would be difficult to search, access and identify as they are not ordered alphabetically, nor by date of birth, but only by baptism dates, with the Parish having to know where it took place, and with it not being accessible to third parties other than the baptised individual […] we must conclude that the Baptism Books are not files in the clear and specific terms as they are considered as per OL 15/99 (Art. 3(b), as well as in the definition thereof in Art. 2 of EC Directive 95/46” (emphasis added by Archbishop). 67. The Archbishop contends that the view of the Spanish Court in that case, whereby “a mere chronological ordering – there by a baptism date – is insufficient to give rise to the presence of a relevant filing system, resonates with the approach which has been taken in other Member States in other contexts”.34 30 ECLI:EU:C:2008:727. 31 Submissions dated 16 March 2020, page 16. 32 Submissions dated 16 March 2020, page 16-17. 33 Translation provided by the Archbishop with submissions dated 16 March 2020. No official translation available. 34 Submissions dated 16 March 2020, page 17. 68. The Archbishop also noted that the judgment in case STS 4646/2008 has been re-applied more recently in a lower court in Spain in SAN4404/2018.35 In that judgment, the court described baptism registers as follows: “…a pure accumulation of information that would be difficult to search, access and identify as they are not ordered alphabetically, nor by date of birth, but only by the baptism dates, with the Parish having to know where it took place, and with it not being accessible to third parties other than the baptized individual, as baptism certificates for other parties cannot be requested.” 69. The Archbishop also pointed to guidance of the UK Information Commissioner’s Office (“ICO”) from 2011 regarding filing systems: “Although the information in your files is held purely in chronological order, is your filing system sufficiently well structured to allow you ready access to specific information about a particular individual without extensive manual searching through the set of records? Yes – you have a relevant filing system. Where information is held in a set of manual records which is sufficiently well structured to allow ready access to specific information about particular individuals the set will form a relevant filing system for the purposes of the DPA. No– you do not have a relevant filing system. Given that you cannot readily [access] specific information about particular individuals you should consider whether the set is sufficiently well structured for your business purposes or whether it simply constitutes an unstructured manual record archive. Consider whether it is sensible/useful to retain these records in this form” (Emphasis added by Archbishop).36 70. The Archbishop also noted separate ICO guidance which stated that “[w]here a set of information contains only a single category of information held in chronological order the set will not usually comprise a relevant filing system unless the set is structured by reference to individuals or criteria relating to individuals” (Emphasis added by the Archbishop)37. 71. Further, the Archbishop pointed to the case of Shatter v Data Protection Commissioner38 indicating that this case “underscore[s] an apparent requirement for “evidence” if a determination is to be made that a relevant filing system exists”.39 72. The Archbishop also referred to the case of Dawson-Damer v TaylorWessing40, stating that this judgment “supports and confirms the position that mere chronological order – or, as with the baptism registers, the fact that entries aremade sequentially, namely in the next space following – is insufficient for a ‘filing system’ to arise”.41 35 Translation provided by the Archbishop with submissions dated 16 March 2020 Submission. 36 Frequently asked questions and answers about relevant filing systems, https://ico.org.uk/media/for- organisations/documents/1592/relevant_filing_systems_faqs.pdf 37 Determining what information is ‘data’ for the purposes of the DPA, https://ico.org.uk/media/for- organisations/documents/1609/what_is_data_for_the_purposes_of_the_dpa.pdf; Submissions dated 16 March 2020, page 18. 38 Shatter v Data Protection Commissioner [2017] IEHC 670. 39 Submissions dated 16 March 2020, page 19. 40 Dawson-Damer v Taylor Wessing [2020] EWCA Civ 352. 41 Submissions dated 16 March 2020, page 20. 73. In reference to electronic filing systems and indexes which may be in place in certain parishes for the Baptism Registers, the Archbishop stated in his submissions that “he does not know the indicative number of such Parishes using any such system”.42 However, the Archbishop submitted “[f]rom a canon law perspective, there is no difficulty with the permanent erasure of any electronically-held records of baptism or other sacraments, as any electronically held version is not authoritative”.43 Legal Analysis Issue 1 for Determination: Whether processing of personal data contained in the Baptism Registers is undertaken wholly or partly by automated means Personal Data and Special Category Data 74. As a preliminary point, I wish to acknowledge that the Archbishop has not contested, during the course of the Inquiry, that the information recorded and then retained in the Baptism Registers is personal data and special category personal datawithin themeaning of Article 4(1) and Article 9(1) of the GDPR. 75. The Archbishop stated that the following categories of data are typically recorded and retained in the Baptism Registers: • Christian name of person for baptism • Surname • Born/Day/Month • Name of Parent(s)/guardian(s) • Residing at Domicile • Duly Baptised – Day/Month • Celebrant of Baptism • Name(s) of Godparent(s). 76. In addition, Baptism Registers are annotated with certain further matters pertaining to the canonical status of a person, such as whether they received the sacraments of confirmation, marriage or holy orders. 77. I am satisfied that the above categories of data constitute personal data within the meaning of Article 4(1) of the GDPR, being “information relating to an identified or identifiable natural person”. Further, I am satisfied that the data listed above, which reveals “religious or philosophical beliefs” of a natural person, constitutes special category personal data within the meaning of Article 9 of the GDPR. 42 Submissions dated 15 October 2020, page 9. 43 Submissions dated 16 March 2020, page 32. Processing of personal data undertaken wholly or partly by automated means 78. Article 2(1) of the GDPR states: “This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automatedmeans of personal datawhich form part of a filing system or are intended to form part of a filing system”. 79. The Archbishop submitted that he is aware of practices such as scanning copies of the baptism registers and the use of electronic database systems or “pastoral management systems” to record such information.44 Further, microfilmed copies of baptism registers were created and shared with the National Library of Ireland. 80. The Archbishop submitted that the extent to which all separate parishes hold information in electronic form is not known to him. In respect of the Adopted Persons Baptism Register held by the Archbishop, this register, which is held in hard copy, is ordered by date of receipt of notifications from the Adoption Board and “consists of the original pages sent to the Archdiocese by the Adoption Board upon an Adoption Order being granted”.45 The Chancellery filed the entries in the Adopted Persons Baptism Register in the order the notifications were received. There is an electronic version of the Adopted Persons Baptism Register in the Chancellery and information from each notification received was entered to make the search easier when requested to issue a baptismal certificate. 81. Appendix 3 of the Guidelines, as previously stated, also sets out for parish priests the “Requirements for the Secure Maintaining of Duplicate Electronic Sacramental Records in Parishes”. As such, it is clearly envisaged that certain electronic or automated processing of the personal data collected in the Baptism Registers may take place. Appendix 3 sets out that: • The handwritten registers are considered the only authentic copy of sacramental records. The manual register must always be consulted when issuing a certificate; • The handwritten registers must be maintained and the registers themselves are never to be destroyed or discarded; • Sacramental records nonetheless may be duplicated on secure computers with no public access; • These electronic files should be made secure through the use of password protection and encryption to ensure that only those who should have access can do so, ie the Parish Priest and those whom he has authorised to assist him in the work of maintaining and updating sacramental records such as, Parish secretary or sacristan; • The inputtingof data into the computer should only be carried out by those authorised by the Parish Priest;46 44 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, Appendix 3, (page 27 of PDF submission) which provide guidance on the “Requirements for the Secure Maintaining of Duplicate Electronic Sacramental Records in Parishes”; this appears to envisage parishes employing electronic records of Church Registers. 45 Submissions dated the 15 October 2020, page 1. 46 This was intended to read “inputting” not “imputing” in the Guidelines per submissions dated 16 March 2020, page 32. • Amendments and alterations to the electronic files should simply reflect alterations which have already been made in the handwritten registers. Any amendment to a register needs the prior written permission and authorisation from the Chancellery; • No copying of electronic files should be made beyond the back-up copy which should always be kept in a very secure place; • The same confidentiality applies to both the handwritten registers and to the electronic records. 82. The Archbishop has also submitted that the “the hard copy, bound volume is the only authentic, authoritative register” 47 and with respect to any electronically-held records that “there is no difficulty with the permanent erasure of any electronically held records of baptism or other sacraments, as any electronically held version is not authoritative”.48 The Archbishop also stated that, when “[i]nformation about a person’s baptism can only be retrieved from a baptism register through a manual, line-by-line, page-by-page, search of likely dates as to when the baptism occurred”.49 83. It is my view that, while separate electronic duplicate records of the personal data and special category personal data contained in the Baptism Registers may be processed wholly or partly by automated means, I accept that the hard copy Baptism Registers themselves are not processed by automated means. The hard copy Baptism Registers require manual processing in order to insert new entries and locate previous entries (even where electronic records may assist in locating certain records) when checking sacramental status or issuing a certificate. I also accept that the hardcopy Baptism Registers are the authoritative, official version of the records and as such, must in practice be consulted (processed) manually, in order to issue a baptismal certificate, check the sacramental status of a person prior to them receiving another sacrament, such as confirmation, and to annotate an individual’s entry in the Baptism Register with any such further sacraments received. 84. Although the hard copy Baptism Registers are the authoritative, official version of the records, it is my view that any electronic duplicate records of the Baptism Registers and any personal data and special category personal data contained in the electronic pastoral management systems constitutes processing by automated means and as such also falls within the material scope of the GDPR. This has also been accepted by the Archbishop in his submissions.50 47 Submissions dated 16 March 2020, page 31. 48 Submissions dated 16 March 2020, page 32. 49 Submissions dated 16 March 2020, page 15. 50 Submissions dated 16 March 2020, page 12. Issue 2 for Determination: In circumstances where the processing is other than by automated means, whether the Baptism Registers form part of a filing system or are intended to form part of a filing system, having regard to the definition of filing system under Article 4(6) of the GDPR. 85. I must now consider whether, in circumstances where the hardcopy Baptism Registers are processed other than by automated means, the Baptism Registers form part of a filing system or are intended to form part of a filing system, having regard to the definition of a filing system under Article 4(6) of the GDPR. 86. The relevant provisions, which have been set out above, are Article 2(1), 4(1), 4(6) and Recital 15 of the GDPR. 87. The component elements of a filing system as set out under Article 4(6) of the GDPR are as follows: • any structured set of personal data; • which are accessible according to specific criteria; • whether centralised, decentralised or dispersed on a functional or geographic basis. 88. The definition of a filing system for the purposes of data protection law has been considered in case law, although these interpretations are primarily in relation to the now repealed Directive 95/46 as opposed to the GDPR. In case C-25/17 Jehovan todistajat, the CJEU indicated that: “as is made clear from recitals 15 and 27 of Directive 95/46, the content of a filing system must be structured in order to allow easy access to the personal data. Furthermore, although Article 2(c) of that directive does not set out the criteria according to which that filing system must be structured, it is clear from those recitals that those criteria must be ‘relat[ed] to individuals’. Therefore, it appears that the requirement that the set of personal data must be ‘structured according to specific criteria’ is simply intended to enable personal data to be easily retrieved”51 (emphasis added) 89. As such, Jehovan todistajat indicates that a filing system must be structured to allow “easy access” to the personal data contained within it. Further, the criteria according to which a filing system is structured must be related to the individual data subjects in question. The CJEU went on to state that, in respect of the specific criterion and the specific form in which a filing system is structured, it is “irrelevant” so long as the set of data makes it possible for the data relating to a specific person to be easily retrieved.52 90. In Dawson-Damer v TaylorWessing53, the English Court of Appeal also considered the meaning of a filing system under UK Data Protection Act 1998, which transposed Directive 95/46 into UK law. This case is only of persuasive authority. The Court set out four criteria for determining whether a relevant filing system, within the meaning of the UK Data Protection Act 1998, was in place: 51 C-25/17 Jehovan todistajat, paragraph 57. 52 C-25/17 Jehovan todistajat, paragraph 61. 53 Dawson-Damer v Taylor Wessing [2020] EWCA Civ 352 “First, are the files a “structured set of personal data”? Secondly, are the data accessible according to specific criteria? Thirdly, are those criteria “related to individuals”? Fourthly, do the specific criteria enable the data to be easily (or “readily” as the 1998 Act puts it) retrieved?”54 91. The Court of Appeal stated that the CJEU in Jehovan todistajat “did not consider the Directive to be prescriptive as to the form of a relevant filing system. Instead the test is the functional one of whether specific criteria enable the data to be easily retrieved”.55 92. Of note however, is Recital 15 of Directive 95/46/EC which provides that a filing system is to be “structured according to specific criteria relating to individuals, so as to permit easy access to the personal data in question” and Recital 27 of Directive 95/46/EC which states that a filing system “must be structured according to specific criteria relating to individuals allowing easy access to the personal data” are not repeated under the GDPR. 93. The wording of Recital 15 GDPR, set out above at paragraph 30, clearly differs from Recitals 15 and 27 of Directive 95/46 in that it does not refer to “easy access” or indeed to access at all, nor does it specify that the specific criteria must be “relating to individuals”. Instead, the first sentence of Recital 15 of the GDPR commences with preventing a risk of circumvention of the application of the Regulation by data controllers: “in order to prevent creating a serious risk of circumvention, the protection of natural persons should be technologically neutral and should not depend on the techniques used”. It further states that: [t]he protection of natural persons should apply to the processing of personal data by automated means, as well as to manual processing, if the personal data are contained or are intended to be contained in a filing system”. 94. Therefore, it is my view that the definition of a filing system under the GDPR is intended to be interpreted in a wider manner than the definition of a filing system under Directive 95/46 (guided by Recitals 15 and 27), in that the definition of a filing system is now by reference to a “any structured set of personal data” which is “accessible” according to specific criteria. 95. That said, I note the UK Court of Appeal’s comment in paragraph 91 of Dawson-Damer v Taylor Wessing wherein it stated the following: “Mr White challenged the Judge’s conclusion (relevant to the third question) that the specific criteria needed to be “related to individuals”. We consider, however, that that requirement is implicit in Article 2(c). It is difficult to see how personal data could be accessible according to specific criteria unless those criteria are in some way related to individuals.” 54 Dawson-Damer v Taylor Wessing [2020] EWCA Civ 352, paragraph 90. 55 Dawson-Damer v Taylor Wessing [2020] EWCA Civ 352, paragraph 83. 96. The Court of Appeal further stated: “A criterion may be closely related to an individual (for example it might be his or her name or National Insurance number), or it may be remotely related to an individual (for example the street in which he lives). The degree of specificity of the criterion does not preclude a finding that the criterion relates to an individual. One needs to bear in mind, nevertheless, that a very general criterionmay be less likely to enable easy or ready access to the data. The Directive and the Act are clear in requiring a causative link between the criterion and ease of access of the data”56 (emphasis added). 97. In Jehovan todistajat the CJEU stated that: “the specific criterion and the specific form in which the set of personal data collected by each of the members who engage in preaching is actually structured is irrelevant, so long as that set of data makes it possible for the data relating to a specific person who has been contacted to be easily retrieved”57 98. It is my view that the tests set out under Jehovan todistajat and Dawson-Damer v Taylor Wessing (only of persuasive authority), such as the specific criteria “relating to individuals” which structures the filing system must enable “easy access” to the personal data or allow it to be “easily retrieved” are not the determinative factors in the interpretation of the definition of a filing system under the GDPR. 99. Notwithstanding this, I continue to have regard to the case law as set out above. This case law considers the definition of a filing system with reference to Directive 95/46, and the extent to which the personal data in a filing system is easily retrievable or readily available based on the specific criteria relating to individuals which structures the filing system. Although it is certainly less decisive in this present context as these principles have no legislative basis under the GDPR. That said, I am of the view that the specific criteria must have some link to accessing the personal data but does not need to be closely related to that individual. In addition, it is my view that the personal data and special category personal data in the Baptism Registers need not necessarily be easily accessible or easily retrieved by way of a specific criteria which relates to individuals, in order for the Baptism Registers to fall under the definition of a filing system within the meaning of Article 4(6) of the GDPR. 100. I will now consider whether the Baptism Registers fall within the definition of a filing system as specifically set out under Article 4(6) of GDPR with reference to whether they are: • any structured set of personal data; • accessible according to specific criteria; and • centralised, decentralised or dispersed on a functional or geographic basis. 56 Dawson-Damer v Taylor Wessing [2020] EWCA Civ 352, paragraph 96. 57 C-25/17 Jehovan todistajat, paragraph 61. Structured Set of Personal Data 101. First, to be included as part of a filing system, the personal data must be a “structured set of personal data”. 102. As part of his submissions, the Archbishop provided sample pages of a Baptism Register. These pages identify the personal data and special category personal datawhich is recorded in respect of an individual when they are baptised; the pages also set out clear fields for the input of this information in relation to that individual, including: • christian name; • surname; • date of birth; • name of parents; • address; • date of baptism; • name of parish priest/curate or minister; • name of god-parents; and • canonical circumstances to be indicated (e.g. adult, convert, conditional or Private baptism, foundling etc).58 103. The Baptism Register samples also indicate fields for the recording of details relating to other sacraments received by an individual. These fields include the following: • confirmed (by whom, church where, day, month, year); • contracted marriage, (with whom, diocesan church, where; day, month, year; and • indicate reception of diaconate or solemn religious profession. 104. There is also a column to indicate whether a baptism certificate was issued. The sample Baptism Register pages provided by the Archbishop to the DPC also typically include a field at the top of each page to fill in the year in which the baptisms on that page took place.59 105. While the Archbishop has indicated (and I accept) that the sample Baptism Register is not indicative of every template of Baptism Register used by every parish in the Archdiocese, I note that canon 877 §1 is also explicit as to the information which is to be recorded when a baptism is registered.60 106. With respect to whether the Baptism Registers are structured according to a specific criteria, the Archbishop submitted that they are not. 58 Submissions dated 15 October 2020, Schedule of Documents, page 212, 213 59 Submissions dated 15 October 2020, Schedule of Documents, page 212, 213. 60 Canon 877 §1 states that “The pastor of the place where the baptism is celebrated must carefully and without any delay record in the baptismal register the names of the baptized, with mention made of the minister, parents, sponsors, witnesses, if any, the place and date of the conferral of the baptism, and the date and place of birth”. 107. The entries for each individual, which must include the personal data as described above, are entered chronologically into the Baptism Register, in order of when the baptism occurs. Once a Baptism Register is full, a new Baptism Register is commenced. In respect of the Adopted Persons Baptism Register, the entries were inputted chronologically by date of receipt of notifications from the Adoption Board. 108. Each parish is required to maintain its own parochial registers, including a baptism register. As such, the Baptism Registers are structured according to the parish in which they are recorded. The Adopted Persons Baptism Register is recorded by the Chancellery on behalf of the Archbishop and is not structured on the basis of the parish in which the baptism took place, but chronologically according to the date of notification by the Adoption Board to the Chancellery only. 109. In my view, the Baptism Registers can be considered a “structured set of personal data”, which is structured according to (a) the parish in which the baptism took place (save for the Adopted Persons Baptism Register); and (b) the date on which each baptism took place, or in the case of the Adopted Persons Baptism Register, the date upon which notifications were received from the Adoption Board. Accessible According to Specific Criteria 110. I will now consider whether the Baptism Registers, as a structured set of personal data and special category personal data, are accessible according to specific criteria. Baptism Registers are kept in each parish of the Archdiocese and are structured by entries which include certain fields of personal data. These entries are therefore ordered by place of baptism and in turn included in that parish Baptism Register chronologically by the date upon which the baptism took place (or the date a notification was received from the Adoption Board in the case of the Adopted Persons Baptism Register). Specific Criteria: place and date of baptism 111. The Archbishop has submitted that it is not possible to search the Baptism Registers using specific criteria.61 In particular, the Archbishop has submitted that the criteria by which the Baptism Registers are structured - date of baptism/date of receipt of notification “is entirely random. It does not correspond to age or date of birth, and people can be, and are, baptised as all manner of ages”.62 112. The Archbishop also submitted that the Baptism Registers are “not structured so as to be accessible according to particular criteria, but rather contains entries in chronological order only. The dates themselves do not correspond to any identifiable date relating to the person baptised, i.e. entries are not listed by date of birth”.63 113. The Archbishop also submitted that the Baptism Registers do not conform with the requirements as set out in C-25/17 Jehovan todistajat to be a filing system, not being structured according to a specific criteria and not being easily retrievable. 61 Submissions dated 16 March 2020, page 13. 62 Submissions dated 16 March 2020, page 14. 63 Submissions dated 16 March 2020, page 16-17. 114. With respect to Jehovan todistajat, the Archbishop also submitted that the DPC had not demonstrated how the criteria in question with respect to the Baptism Registers relates to individuals and referred to the following passage from Jehovan todistajat: “Thus, it appears that the personal data collected in the course of the door-to-door preaching at issue in the main proceedings are structured according to criteria chosen in accordance with the objective pursued by that collection which is to prepare for subsequent visits and to keep lists of persons who no longer wish to be contacted. Thus, as it is apparent from the order for reference, those criteria, among which are the name and address of persons contacted, their beliefs or their wish not to receive further visits, are chosen so that they enable data relating to specific persons to be easily retrieved”64. 115. The judgment in Jehovan todistajat set out that the specific criteria must be “related to individuals“.65 Having regard to the facts in that case as to whether the notes taken by door-to- door Jehovah’s Witness preachers constituted a filing system within the meaning of Directive 95/46/EC, the CJEU stated that: “the specific criterion and the specific form in which the set of personal data collected by each of the members who engage in preaching is actually structured is irrelevant, so long as that set of data makes it possible for the data relating to a specific person who has been contacted to be easily retrieved”.66 116. The CJEU in Jehovan todistajat concluded that data collected by individual members of the Jehovah’sWitnesses Community, in the course of door-to-door preaching as a memory aid and on the basis of geographical area to facilitate the organisation of subsequent visits, including the name and address,were structured in such away that data relating to specific persons could be easily retrieved and thus formed part of a filing system for the purposes of Directive 95/46/EC. 117. The Archbishop also referred to a judgment of the Supreme Court of Spain, Case STS 4646/2008,67 which related to whether baptism registers (referred to as ‘Baptism Books’ in the translation) constituted a filing system. The Spanish Court stated that baptism registers in that context were “a pure accumulation of information that would be difficult to search, access and identify as they are not ordered alphabetically, nor by date of birth, but only by baptism dates, with the Parish having to know where it took place, and with it not being accessible to third parties other than the baptised individual […]”.68 The Archbishop also noted that the judgment in Case STS 4646/2008 has been re-applied more recently in a lower court in Spain in SAN4404/2018.69 64 C-25/17 Jehovan Todistajat, paragraph 60. 65 C-25/17 Jehovan Todistajat, paragraph 57. 66 C-25/17 Jehovan Todistajat, paragraph 61. 67 Translation provided by the Archbishop with 16 March 2020 Submission. No official translation available. 68 Translation provided by the Archbishop with 16 March 2020 Submission, page 17; No official translation available. 69 Translation provided by the Archbishop with 16 March 2020 Submission. No official translation available. 118. The Archbishop argued that the view of the Spanish Court in that case, that “a mere chronological ordering – there by a baptism date – is insufficient to give rise to the presence of a relevant filing system, resonates with the approach which has been taken in other Member States in other contexts”.70 119. Firstly, I note that Baptism Registers are compiled and thus structured by two specific criteria, namely, location of parish/place of baptism and date of baptism. Therefore, in circumstances where the Baptism Registers form a dispersed set of data, and each parish maintains its own Baptism Register, once an individual knows their place and date of baptism, they would be able to locate their relevant personal data contained within the Baptism Register. 120. I disagree with the Archbishop on the point that a baptism date (a chronological ordering) is not a sufficient criteria upon which a filing system may be structured. Indeed, the CJEU in Jehovan todistajat stressed that “the specific criterion and the specific form in which the set of personal data […] is actually structured is irrelevant, so long as that set of data makes it possible for the data relating to a specific person who has been contacted to be easily retrieved”71 (emphasis added). This would indicate that a criteria which structures a set of data in a chronological fashion is as valid as any other structure. 121. Further, with respect to the Spanish cases of Case STS 4646/2008 and SAN4404/2018, I note that these decisions are of persuasive value only and are not binding on the DPC. I respectfully disagree with the Spanish Court’s finding that the data collected in the Baptism Books was a “pure accumulation” of information. In my view, the personal data is collected with the clear intention of future access and disclosure. The collection of the data serves a purpose other than recording for recording’s sake, and it has a direct relationship to the data subjects referenced. 122. The Baptism Registers serve a particular purpose, mainly to ensure the proper administration of sacraments by recording the sacrament of baptism and annotating further sacraments. Therefore, the Baptism Register is more than merely an accumulation of data; the Baptism Register is an essential record for the Church in the administration of sacraments, which is accessed regularly by this specific criteria of location and date of baptism by the parishes themselves for the purposes of the performance of its administrative function regarding the sacraments. I am of the view that, even in circumstances where the Baptism Registers were only ordered chronologically by baptism date, this provides a clear criteria by which they were ordered and by which they can be searched. 123. I note also that the Archbishop has pointed in his submissions to ICO guidance from 2011 entitled “Frequently asked questions and answers about relevant filing systems”, in particular: “Although the information in your files is held purely in chronological order, is your filing system sufficiently well structured to allow you ready access to specific information about a particular individual without extensive manual searching through the set of records? 70 Submissions dated 16 March 2020, page 17. 71 C-25/17 Jehovan todistajat, paragraph 61. Yes – you have a relevant filing system. Where information is held in a set of manual records which is sufficiently well structured to allow ready access to specific information about particular individuals the set will form a relevant filing system for the purposes of the DPA. No – you do not have a relevant filing system. Given that you cannot readily [access] specific information about particular individuals you should consider whether the set is sufficiently well structured for your business purposes or whether it simply constitutes an unstructured manual record archive. Consider whether it is sensible/useful to retain these records in this form”.72 124. I note that this is guidance only and relies on the determinative factor of whether there is ready access to the personal data, based on the position under the now repealed Directive 95/46. As I have previously indicated, the GDPR is to be interpreted to take a wider view of filing systems, not specifying that “easy access” is required, nor that the specific criteria must be “relating to individuals”, as with the now repealed Directive 95/46. 125. In addition, and in consideration of the passages of the above ICO guidance referred to by the Archbishop, it must be noted that Baptism Registers, are recorded and maintained in order to fulfil a central role in the administration of certain sacraments in the Church. Indeed, by the logic of the ICO, it seems that the Baptism Registers are “sufficiently well structured” for the analogous “business purposes” of the Church, as they are used frequently for the administration of the Church. They serve a clear purpose and use within the Church, which stems directly from the ability of the parishes to be able to search, locate, annotate and alter personal data relating to specific individuals, based on the parish of baptism and the date of baptism alone (and in the case of the Adopted Persons Baptism Registers the date of notification alone). 126. The Archbishop has also indicated that he is aware of “informal” methods of indexing these registers though he is unaware of the extent of this practice within the parishes of the Archdiocese. In respect of the Archbishop’s own parish, St Mary’s Pro-Cathedral, a hardcopy indexing system has been put in place. Based on the extract provided by the Archbishop, this index appears to consist of an alphabetical list of individuals who have been baptised, within a particular time frame (in this case, between 1915 and 1918). Each entry in the index is also accompanied by a number indicating the location of the entry in the baptism registers. 73 127. There is no doubt that where specific criteria is used to structure a set of personal data through an indexing system for ease of access to the personal data contained within the Baptism Registers no argument can arise as to whether such specific criteria relates to an individual, being indexed by the name of the individuals themselves. 72 Frequently asked questions and answers about relevant filing systems, https://ico.org.uk/media/for- organisations/documents/1592/relevant_filing_systems_faqs.pdf 73 Submissions dated 15 October 2020, Schedule of Documents, page 233-235. 128. The Archbishop also referred to case C-73/07 Tietosuojavaltuutettu v Satakunnan Markkinaporssi Oy74 before the CJEU. In particular, the Archbishop referred to Advocate General Kokott’s Opinion75 and the reference in that Opinion to the fact that the published tax data in this case, which related to the publication of tax data in certain newspapers in Finland, constituted a filing system, being structured in alphabetical order. The Archbishop argued that this stands in contrast to the Baptism Registers, which are not “not structured so as to be accessible according to particular criteria, but rather contains entries in chronological order only”.76 As I have previously stated, chronological ordermay be a sufficiently specific criteria by which to structure a filing system, in particular where the criteria is the date and location of baptism. Again, a filing systemwhichwas hypothetically ordered chronologically by date of birth would clearly be considered to be structured by a specific criteria related to an individual. I am of the view that the same logic applies to a set of data structured chronologically by date and location of baptism. 129. In his submissions, the Archbishop also referred to the High Court case of Shatter v Data Protection Commission77 stating that this case highlights an “apparent requirement for “evidence” if a determination is to be made that a relevant filing system exists”. The DPC respectfully notes that this case is fact specific which concerned an email “internal to An Garda Síochána” shown, but not provided to Mr. Shatter. From my perspective, an assessment as to whether a filing system within the meaning of the GDPR is in place consists of a factual assessment as to whether the elements of a filing system as set out in Article 4(6) are present. Such an assessment must be done on a case-by-case basis. 130. The Archbishop also referred to Dawson-Damer v Taylor Wessing, which applied Jehovan. The Archbishop stated that the Dawson-Damer case “concerned only ‘35 paper files’… which stands in contradistinction to the considerably greater number of records at issue here”.78 The Archbishop also noted that the Court of Appeal stated that “the 35 files were completely unstructured beyond their chronological compilation under the description ‘Yuills Trusts’ ". The Archbishop indicated in his submissions that the above passages supports his view that “mere chronological order – or, as with the baptism registers, the fact that entries are made sequentially, namely in the next space following – is insufficient for a ‘filing system’ to arise”.79 131. I do not accept the view submitted by the Archbishop and consider that the structure of Baptism Registers cannot be compared to the factual scenario set out in Dawson-Damer v Taylor Wessing. A significant difference in fact pattern is that the 35 paper files in TaylorWessing were arranged by reference to the “corporate client, the trustee”,80 not by reference to individuals and contained all relevant material relating to the legal matters ongoing for the trustee. 74 Tietosuojavaltuutettu v Satakunnan Markkinaporssi Oy ECLI:EU:C:2008:727. 75 Opinion AG Kokott Case C-73/07 Tietosuojavaltuutettu v Satakunnan Markkinaporssi Oy ECLI:EU:C:2008:266. 76 Submissions dated 16 March 2020, page 16. 77 Shatter v Data Protection Commissioner [2017] IEHC 670. 78 Submissions dated 16 March 2020, page 19. 79 Submissions dated 16 March 2020, page 20. 80 Dawson-Damer v Taylor Wessing [2020] EWCA Civ 352, paragraph 95. 132. By contrast, the Baptism Registers are firstly organised on a geographical basis, by parish. The Baptism Register is divided into separate ledgers that contain all baptisms for a specific time period for that parish. Each page of entries in the Baptism Register of a parish contains the year of baptism for entries on that page. Each entry then is entered chronologically by date of baptism and contains personal data for each individual, that individual’s Lawfully Married Parents and the minister. 133. This is to be distinguished from the situation in Dawson-Damer v TaylorWessing, wherein it was necessary to examine every page of every file to ascertain whether it contained personal data of the relevant data subjects. The files were not structured by any criteria to the extent that knowing any details relating to the data subjects would assist in locating the relevant personal data, as the files were not structured by reference to the data subjects in any way. The Court of Appeal noted that “[t]he only way that data could be retrieved was by physically examining the files page by page. The criterion “Yuills Trusts” was so unspecific as to be of little or no assistance in the retrieval of personal data relating to the individual beneficiaries”.81 The structure of the filing system in that case did not enable access except with the use of manual search of the entire set of data. 134. In the instance of the Baptism Registers, knowing the parish of baptism of the data subject and the date of baptism of the data subject allows the personal data to be accessible, by narrowing a search to the specific registers held in a particular parish, and to the one Baptism Register book concerned with the relevant time frame. The search will be narrowed even further when with a quick preliminary view of the Baptism Register, the pages dealing with the correct year are located. 135. Pursuant to Article 4(6) GDPR, the criteria is “any” structured set of personal data, that being “centralised, decentralised or dispersed on a functional or geographical basis.” Furthermore, this criteria does not need to be “particularly sophisticated”,82 and the “specific criterion and the specific form” of the data as to how it is structured is “irrelevant”83. I also note Advocate GeneralMengozzi’s Opinion in Jehovan todistajat, where a broad approach was taken as to the criteria that can be used to determine how a filing system is structured. Advocate General Mengozzi found that members of the Jehovah Witness Community can, to an extent, also become a “criterion”. He stated: “To a certain extent, the member himself becomes a criterion structuring the data set in so far as the religious community allocates areas geographically. The community knows, therefore, that data relating to a particular person living in a specific neighbourhood may have been collected by a particular member. Even if the religious community does not indicate to itsmembers the nature of the data collected, the latter can be inferred de facto from the objective pursued, that is to say, preparation for subsequent visits”.84 81 Dawson-Damer v Taylor Wessing [2020] EWCA Civ 352, paragraph 97. 82 Opinion AG Mengozzi, Case C-25/17 Jehovan todistajat, ECLI:EU:C:2018:57, paragraph 57. 83 C-25/17, Jehovan todistajat, paragraph 61. 84 Opinion AG Mengozzi, Case C-25/17 Jehovan todistajat, paragraph 57. 136. I have already given my view that the specific criteria by which data may be structured into a filing system is not required under the GDPR to closely relate to an individual. Furthermore, I have difficulty accepting how, in this instance, the date of a person’s baptism, and/or the parish of their baptism does not relate to the individual, even if those criteria do not provide a one to one match. 137. The Archbishop stressed that the Baptism Registers “are not searchable by commonly available information, such as a name, address, date of birth or such similar information that would generally allow a data controller to retrieve personal data”.85 He submitted that the date of baptism does not relate to the date of birth of the person or their address and are “entirely random”. I do not see how the date of a person’s baptism, or the parish of their baptism is any different functionally , than say the date of a person’s birth or the place of a person’s birth. While most people will know the date and place of their birth, if they were unaware of this, it would not discount it as a criteria relating to them for the purposes for any filing system inwhich such criteria is used. 138. Similarly, the Archbishop contends that many people do not know the date of their baptism or the place in which they are baptised.86 Again, I fail to see how this lack of knowledge on an individual’s part would prohibit such criteria from being firstly related to them as an individual; and secondly used to structure a set of data and make the personal data contained within that set accessible. It stands to reason of course that if a particular individual does not have the relevant information as to their own date of baptism or parish of baptism this would hinder the search within a filing system, but would not discount an entire set of structured data from being a filing system in itself. Specific Criteria: Accessible 139. The Archbishop submitted that “the data in the baptism registers is not easily retrieved. Information about a person’s baptism can only be retrieved from a baptism register through a manual, line-by-line, page-by-page, search of likely dates as to when the baptism occurred. This can be complicated by the fact that, in some cases, a person will not know the Parish of his or her baptism”.87 Elsewhere he stated that in order to find an entry in the formal defection register “ideally some idea of when the date of petition was submitted would be required, to narrow the scope of the manual search”.88 140. The Archbishop submitted that there is no “central database” which details a person’s place of baptism and it would be up to the person themselves to provide information on their place of baptism. The Archbishop has also submitted that certain parishes have indexing systems in place in addition to digital copies of the Baptism Registers and pastoral management systems in place. 141. The Archbishop also noted that: • “A person’s current address may not be sufficient in determining a Parish of baptism”; 85 Submissions dated 16 March 2020, pages 15, 16. 86 Submissions dated 16 March 2020, page 15. 87 Submissions dated 16 March 2020, page 15. 88 Submissions dated 15 October 2020, page 2. • “date of birth does not give any indication of date of baptism. In the past, children were generally baptised within a few days of birth. However, more recently, there can be a period of six months or more between the date of birth and date of baptism, making the identification of the date of baptism much more difficult”; • “a search of baptism registers for a particular entry requires a trawl through large books of handwritten records, sometimes resulting in the unsuccessful search of books of the baptism registers in several parishes. In some cases, information in the baptism register is irretrievable as it simply cannot be found”.89 142. The Archbishop submitted that, as a result, the Baptism Registers cannot meet the criteria of being “easily retrieved”. He noted that the records are held in hard copy bound volumes and “are not structured sets but simply list baptisms in the chronological order that they take place in the Parish”. As such, they are not searchable by commonly available information, such as a name or address, in contrast to the data referred to in Jehovan todistajat.90 143. The Archbishop also drew the attention of the DPC to Dawson-Damer v TaylorWessing in which it was stated, in respect of the criteria of what constitutes a filing system: “One needs to bear in mind, nevertheless, that a very general criterion may be less likely to enable easy or ready access to the data. The Directive and the Act are clear in requiring a causative link between the criterion and ease of access of the data”91. 144. I note the two Spanish Supreme Court judgments highlighted by the Archbishop which found that the baptism registers would be difficult to search, access and identify as they are not structured alphabetically or by date of birth but by baptism date, with the parish having to know the church where the baptism took place, and not being accessible to third parties other than the baptised individual.92 145. In addition, I note in Dawson-Damer v Taylor Wessing that the Court of Appeal stated the files in question were “completely unstructured beyond their chronological compilation”.93 The Archbishop finds this statement “supports and confirms the position that mere chronological order” is insufficient for a filing system to arise.94 I note also that the Court of Appeal in Taylor Wessing found that: “the “ready access” required under the Directive and the Act must be enabled by the criteria, that is to say by the structure of the files. If access to the relevant data requires the use of trainees and skilled lawyers, turning the pages of the files and reviewing the material identified, that is a clear indication that the structure itself does not enable ready access to the data”.95 89 Submissions dated 16 March 2020, page 15. 90 Submissions dated 16 March 2020, pages 15, 16. 91 Dawson-Damer v Taylor Wessing [2020] EWCA Civ 352, paragraph 96. 92 SAN4404/2018. 93 Dawson-Damer v Taylor Wessing [2020] EWCA Civ 352, paragraph 99. 94 Submissions dated 16 March 2020, page 20. 95 Dawson-Damer v Taylor Wessing [2020] EWCA Civ 352, paragraph 99. 146. As previously set out, the Baptism Registers are structured according to the place and date of baptism. I have already distinguished Taylor Wessing from the facts of this Inquiry in that a complete manual search of the files was required in that case as they were not structured by any criteria relating to individuals. I do not accept that a limited amount of manual searching means that personal data in a filing system is not accessible for the purposes of the GDPR. This is especially so where it has been demonstrated that the filing system in question in this Inquiry, the Baptism Registers, are relied upon to provide relevant information for the purposes of issuing baptismal certificates or to annotate a further sacrament. On this basis, it must be the case that the personal data contained within the Baptism Registers is accessible. Given the frequency with which the parishes administer sacraments such as confirmation and marriage, itmust also be the case that the personal data contained within the Baptism Register are readily accessible. 147. The ICO guidance on filing systems formulates a rule of thumb “temp test” in order to assist organisations in determining whether a relevant filing system is in place, focussing on the accessibility or otherwise of files. The test was also mentioned in Taylor Wessing96 and was noted by the Archbishop in his submissions. This temp test is set out by the ICO as follows: “If you employed a temporary administrative assistant (a ‘temp’), would they be able to extract specific information about an individual from your manual records without any particular knowledge of your type of work or the documents you hold? The ‘temp test’ assumes that the temp in question is reasonably competent, requiring only a short induction, explanation and/or operating manual on the particular filing system in question for them to be able to use it.” 148. It is noteworthy that this test is based on the legislative regime under the now repealed Directive 95/46. In circumstances where a temporary administrative assistant was required to locate a particular entry within the Baptism Register of a particular parish, would they be able to do so? The answer to that question is yes. Based on the samples provided by the Archbishop, Baptism Register tends to be marked with a range of years and the year of baptism is set out at the top of each page. As such, the correct section of the Register would be located with relative ease by a personwho has no experience with the type of documents the Church holds. Although some limited manual searching would be required, it would not preclude the administrative assistant from locating the correct entry. Searching the register would bemore straightforward if an indexing or pastoral management system exists within the parish. 149. Of crucial importance of course, is the fact that itwas intended that the Baptism Registers would enable the searching and consultation of particular entries. As the Archbishop submits, the purpose for which the personal data in the baptism registers is processed, is that it is essential for the administration of the Church.97 96 Taylor Wessing [2020] EWCA Civ 352, paragraph 79. 97 Submissions dated 15 October 2020, page 23. 150. The Archbishop has submitted that the personal data and special category personal data contained in the Baptism Registers undergo a number of processing activities: i. Collection and recording of data for the purposes of recording the baptism; ii. Storage of the Baptism Register; iii. Alteration of the Baptism Register on request of the baptised person or his/her parents (where the baptised person is a minor), or annotation with details of a person’s confirmation, marriage/annulment and ordination/laicisation (or adoption); iv. Retrieval, consultation and use of the register, at the request of the baptised person (or his/her parents) for the administration of other Sacraments, namely confirmation, marriage and holy orders. The Baptism Register may also be consulted in the context of annulments of marriages or laicisation of priests; and v. Disclosure of extracts (baptismal certificates) from the register by transmission upon request to individual, identified baptised persons, or authorised persons acting on their behalf, or upon inspection by [the Archbishop] on the occasion of a Parish Visitation.98 151. Of particular relevance to a consideration of the accessibility of Baptism Registers as part of a filing system or intended to form part of a filing system is point (iv) and (v) of this list as set out above. Initially certificates can be issued to the person baptised or to the parents of the person baptised, detailing the date and parish of baptism. Furthermore, there is a requirement to subsequently annotate the baptism register if a person receives another sacrament (confirmation, marriage or holy orders). According to the Archbishop, “very often, these sacraments will be administered in other parishes”99 and must then be annotated in the parish in which the baptism took place, necessitating a search for the correct entry in that parish Baptism Register. As this is a regular administrative action carried out by the Church in the furtherance of the administration of the sacraments, this demonstrates the accessibility of the baptism registers as a filing system. 152. The Archbishop also gave a clear indication in his submissions of the scale upon which the Baptism Registers are searched on a yearly basis. In 2018, the Archdiocese entered 13,234 baptisms into baptism registers, 16,929 confirmations into confirmation registers and 1,334 marriages into marriage registers. I note that each marriage and confirmation registered will have been annotated into the relevant baptism registers also (though not necessarily baptism registers located within the Archdiocese). In the instance of each confirmation and marriage as listed above, the Baptism Register would have to have been accessed, searched with the information retrieved and subsequently annotated to reflect this. 153. In effect, the Baptism Registers may require a limited level of manual searching, once the correct parish is identified. A certain amount ofmanual searching cannot exempt personal data from the scope of the GDPR, simply because the manual searching tends to make retrieval of the personal data slower or more cumbersome. 98 Submissions dated 6 September 2021, pages 2-3. 99 Submissions dated 16 March 2020, page 27. 154. Even if a page-by-page search were required, this would be limited to the years of the baptisms in question, which are clearly marked at the top of each page in the Baptism Register.100 The year in question is identified with relative ease and, depending on the number of baptisms which have taken place in a given parish, it is likely that no more than 10 to 20 pages at a maximum on average would need to be manually searched before the correct entry is identified. 155. It is clear that the Baptism Registers were intended to operate to facilitate the searching of entries manually in this manner. It is also clear that the Baptism Registers are sufficiently structured according to the criteria of the parish in question and the date of baptism to allow the Archdiocese function at a sufficient level to uphold a “key tenet” of the Catholic Church101 and to allow the proper recording of the sacramental status of an individual and the checking of that status where necessary. Indeed, the Archbishop submitted in this regard that the Baptism Register is “essential for the administration of the affairs of the Catholic Church”.102 156. I also have regard to the fact that the GDPR allows for a wider interpretation of a filing system than was previously the case with the equivalent definition under Directive 95/46. This more expansive interpretation serves to protect the fundamental rights and freedoms of natural persons. 157. On that basis, I do not support the Archbishop’s argument that the personal data in the Baptism Registers is not easily accessible. I find that the specific criteria of date and parish of baptism (along with the name of the individual) would provide ready access to the personal data in question, in circumstances where this filing system, (and in some instances with the assistance of electronic searching), is used on a regular basis by all the parishes in the Archdiocese. 158. While I acknowledge that the Archbishop has submitted that manual searching must take place to locate entries after a certain point, I am firmly of the view that ready access to personal data is possible, particularly when regular reliance is placed on this system including accessing this personal data by the parishes of the Archdiocese when the need arises. Centralised, Decentralised or Dispersed on a Functional or Geographic basis. 159. Baptism Registers in the Archdiocese are structured, for the most part, on a geographical basis, being decentralised and dispersed among the parishes of the Archdiocese. Each parish records in its respective registers the baptisms that took place there, in accordance with the date of baptism. There are two exceptions to this. 100 Submissions dated 15 October 2020, Schedule of Documents, pages 212. 101 Submissions dated 16 March 2020, page 44. 102 Submissions dated 16 March 2020, page 50. 160. The first exception is that the Chancellery holds the Clonliffe College Registers which should, as outlined by the Archbishop, in fact ”be held in the parish of North William Street Parish, which is the proper place of preservation”. The Archbishop submitted that Clonliffe College was in the territory of NorthWilliam Street Parish and Clonliffe College itself as a seminary had no right to confer sacraments of initiation (baptism and confirmation) or to maintain registers to record those sacraments. The Archbishop submitted that the Clonliffe College Registerswere recorded “for the sake of ensuring that, in the event that NorthWilliam Street Parish omitted to record a notification of a conferral of the sacrament which had occurred in Clonliffe College, a record would remain in the place where the sacrament was conferred.” The Archbishop also submitted that this “is not an unusual practice in parishes where chaplaincies are located away from the parish church”.103 161. While not held in the parish church or offices, I am of the view that the Clonliffe College Registers are held within the bounds of the North William Street Parish itself and as such are part of the filing system of Baptism Registers in the Archdiocese which is decentralised and dispersed through the parishes of the Archdiocese. 162. The second exception is the Adopted Persons Baptism Register. This register is held in the Chancellery on a centralised basis104 and consists of entries relating to baptisms which took place in various parishes in the Archdiocese between 1982 and 2011. The Adopted Persons Baptism Registers is ordered by when the Chancellery was notified by the Adoption Board of the details of an adopted child and the details of their baptism. The original entry in the parish of baptism then ceased (meaning the original baptismal entry is annotated and that no baptism certificate may issue from the parish of baptism). 163. In my view the Adopted Persons Baptism Registers also forms part of the filing system of the Baptism Registers within the Archdiocese. In circumstances where a person’s baptism entry needs to be annotated or a baptismal certificate needs to be issued, the criteria of parish of baptism and date of baptism still apply (unless an individual is already aware that they must contact the Chancellery). As stated in the “Adopted Persons’ Baptismal Register Cessation of Parish Entry” form provided by the Archbishop with the 16 March 2020 Submission, the parish is required to annotate the following beside the relevant baptism entry ”Refer all requests for certificates/notifications to the Chancellery”. Issue 3 for Determination: Whether any of the exemptions to the scope of the GDPR as set out in Article 2(2) applies to the processing of the Baptism Registers 164. I must now consider whether, in circumstances where it is my view that that the personal data and the special category personal data contained in the Baptism Registers, not being processed by automated means, and forming part of a filing system, are exempt from the GDPR under Article 2(2) of the GDPR. 165. Article 2(2) of the GDPR outlines certain types of processing of personal data to which the GDPR does not apply, in particular processing: a) in the course of an activity which falls outside the scope of Union law; 103 Submissions dated 23 July 2021, page 3. 104 Submissions dated 15 October 2020, page 3. b) by the Member States when carrying out activities which fall within the scope of Chapter 2 of Title V of the TEU; c) by a natural person in the course of a purely personal or household activity; d) by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. 166. I will now address each of these categories in turn. 167. The exemption contained in Article 2(2)(a) applies in circumstances where the processing in question relates to activities which fall outside the scope of Union law. Although activitieswhich fall outside the scope of Union law are not defined in the GDPR and are not set out in an exhaustive form in Union law, Articles 2 to 6 of the TFEU set out the exclusive and shared competences of the European Union with respect to Member States. 168. While churches and religious associations are not specifically stated as being part of the exclusive or shared competencies of the Union in Articles 2 to 6 of the TFEU, Article 17(1) of the TFEU states that “The Union respects and does not prejudice the status under national law of churches and religious associations or communities in the Member States”. Article 17(2) of the TFEU also states that “Recognising their identity and their specific contribution, the Union shall maintain an open, transparent and regular dialogue with these churches and organisations”. 169. As such, it is clearly envisaged under Union law that churches and religious organisations would interact with Union law in some capacity. Further, the Charter of Fundamental Rights (the ‘Charter’) does encompass the Union’s protection of fundamental rights of European Union citizens relating to religion, in particular under Article 10 (freedom of thought, conscience and religion) and Article 12 of the Charter. 170. I note that in the case C-25/17 Jehovan todistajat,105 the ECJ accepted that “the door-to-door preaching practised by members of a religious community, such as the Jehovah’s Witnesses Community, is not one of the activities excluded from the scope of Directive 95/46, by virtue of the first indent of Article 3(2) thereof.”106 The exclusions set out in Article 2 of the GDPR mirror those originally set out in the previous data protection directive. 171. Therefore, I am of the view that the exemption under Article 2(2)(a) of the GDPR does not apply to the processing of personal data and special category personal data held in the Baptism Registers of the Archdiocese, not being processing relating to an activity which falls outside the scope of Union law. 105 C-25/17 Jehovan todistajat ECLI:EU:C:2018:551. 106 Ibid, at paragraph 19 172. The exemption contained in Article 2(2)(b) applies in circumstances where the processing in question relates to activities which fall within the scope of Chapter 2 of Title V of the TEU. Chapter 2 of Title V of the TEU sets out the EU’s Common Foreign and Security Policy. It is clear that the processing in the context of this Inquiry, being the processing of personal data and special category personal data held in the Baptism Registers of the Archdioceses, does not relate to the EU’s Common Foreign and Security Policy. As such, the exemption under Article 2(2)(b) of the GDPR does not apply to this processing. 173. The exemption contained in Article 2(2)(c) of the GDPR applies in circumstances where the processing in question is by a natural person in the course of a purely personal or household activity. 174. The processing of personal data and special category personal data contained in Baptism Registers is processed in certain circumstances by the Church as an organisation and in an official capacity, for the purposes of its administration by keeping records of sacraments undertaken. 175. Therefore, I am satisfied that the exemption contained in Article 2(2)(c) of the GDPR does not apply in circumstances where the processing of the personal data and special category personal data contained in the Baptism Registers is not undertaken by a natural person in the course of a purely personal or household activity. 176. The exemption contained in Article 2(2)(d) of the GDPR applies to processing by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. Processing of personal data and special category personal data contained within the Baptism Registers of the Archdiocese is not undertaken by a competent authority for any processing activities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. As such, the exemption contained in Article 2(2)(d) of the GDPR does not apply to this processing. Findings 177. I find that: a) The personal data and special category personal data recorded in Baptism Registers and which is subsequently processed by way of digital indexes, is processing wholly or partly by automated means for the purposes of the GDPR. However, the hardcopy Baptism Register is the sole official record of importance for the purposes for which the personal data and special category personal data is processed in the first instance. I find that the personal data and special category personal data which is contained in the hardcopy Baptism Register is not processedwholly or partly by automatedmeans; b) The hardcopy Baptism Registers form part of a filing system or are intended to form part of a filing system, having regard to the definition of filing system under Article 4(6) of the GDPR; c) No exemptions as set out in Article 2(2) of the GDPR apply to the processing of the personal data and the special category personal data contained in the Baptism Registers. 178. As such, the GDPR applies to the personal data and special category personal data contained in the Baptism Registers. b) CONTROLLERSHIP Issue for determination: whether the Archbishop or the parish priest alone and / or jointly with others determines the purposes and means of the processing of the personal data and special category personal data contained in the Baptism Registers, which are now the subject of this Inquiry Introduction 179. The DPC expressed a preliminary view at the commencement of this Inquiry that, in circumstanceswhere the personal data contained in the church records falls within thematerial scope of the GDPR, the Archbishop was the (sole) controller in respect of the personal data contained in these records (now the scope focusses on the Baptism Registers only). Subsequently, the DPC confirmed to the Archbishop that it was considering the proposition that both the Archbishop and the parish priest, having recourse to inter-alia Canon Law, may determine to different extents the purposes and means of processing in relation to the Church Registers (now the Baptism Registers only), leading to a position of joint controllership. 180. It is acknowledged that the Archbishop disagrees with this position, and has made a number of submissions during the course of the Inquiry refuting sole or joint controllership of the Baptism Registers and emphasising both the role of the parish priests and the Chancellor in this regard. 181. To contextualise the question of controllership vis-à-vis processing, this Inquiry is concerned only with Baptism Registers held within the Archdiocese of Dublin to include those held in the parishes and the Chancellery, the Adopted Persons Baptism Register and the Clonliffe College Registers. The overall processing activities each of these Registers concern the recording, storage, retention, alteration and special annotation of the personal data contained within these Baptism Registers.107 However, this Inquiry is only concerned with data processing as it relates to the rectification and erasure of personal data contained within these Registers. 182. As set out above, the issue for determination is whether the Archbishop or the parish priest alone and/or jointly with others determines the purposes and means of processing personal data. There are 197 parishes within the Archdiocese of Dublin entrusted to the pastoral care of the Archbishop.108 It is impracticable for the DPC to make separate inquiries of all parish priests of all 197 parishes within the Dublin Diocese; this is particularly so in circumstances where the Archbishop of Dublin administers to and is responsible for his own Archdiocese. Therefore, the DPC engaged solely with the Archbishop of Dublin. The analysis contained in this Inquiry on the question of sole or joint controllership of personal data is therefore based on the DPC’s engagement with the Archbishop of Dublin. 183. As the engagement by the DPC was solely with the Archbishop of Dublin, the DPC has exercised its discretion to inquire primarily into the role of the Archbishop of Dublin and to determine whether the Archbishop of Dublin either solely or jointly determines the purposes and means of processing the personal data and special category contained within the Baptism Registers which are the subject of this Inquiry. 107 Submissions dated 6 September 2021, page 2. 108 Submissions dated 1 February 2023, [1], citing Canon 381 §1 and Canon 515 §1. 184. As the subsequent analysis will demonstrate, my view is that the Archbishop of Dublin, jointly with the parish priest, determines the purposes and means of processing activities for the purposes of collection and recording of the personal data contained within the Parish Baptism Registers held within the Archdiocese of Dublin. 185. I am of the view that the Archbishop of Dublin solely determines the purposes and means of all other processing activities on personal data contained within the Parish Baptism Registers within the Archdiocese of Dublin that are the subject of this Inquiry. 186. In submissions dated 1 February 2023, the Archbishop disputed the findings in the two paragraphs above109 and made a global submission that “the draft Decision’s conclusions and findings in respect of controllership are legally in error, with the exception of the proposed findings in relation to the controllership of the Adopted Persons Baptism Register. In regard to the other proposed findings, the Archbishop respectfully points to the submissions as made above, and the submissions made on his behalf during the currency of the investigation to date.”110 187. In preparing this final Decision, I have carefully considered the Archbishop’s submissions, including the global submission about the issue of controllership. I have included edits to the text of the Draft Decision to address specific points raised in paragraphs 1 to 19 of the submissions of 1 February 2023. However, the submissions of 1 February 2023, in combination with the other submissions received in the course of the investigation do not convince me to change the conclusions reached in the Draft Decision regarding controllership. I have therefore retained those findings in this Decision, but have addressed the submissions on the specific points raised by the Archbishop on 1 February 2023 in the relevant sections of this Decision. 188. I am also of the view that the Archbishop of Dublin is the sole controller of the personal data contained within the Clonliffe College Registers and the Adopted Persons Baptism Register for all processing activities. Canon Law 189. The Roman Catholic Church in Ireland is divided into dioceses and parishes, but from a civil law perspective, civil legal obligations attach to the office holders in each diocese and parish, being the diocesan bishop and parish priest respectively. In respect of the Archdiocese, the Archbishop is the relevant office holder111 and is the diocesan bishop of the Archdiocese. 190. In accordancewith canon 515 §1 a diocesan bishop is conferredwith authority over the parishes in the diocese. Canon 515 §2 further states that it is for the diocesan bishop only to erect, suppress or alter parishes. Under Canon Law, the diocesan bishop is conferred with the authority to appoint parish priests, in accordance with canon 519 and canon 523. The diocesan bishop also has the power to determine the suitability of individuals for the office of pastor (parish priest) in accordance with canon 521 §3. 109 See paragraphs 2 and 3 110 Submissions of 1 February 2023, page 6. 111 Submissions dated 16 March 2020, page 3. 191. Canon Law confers powers on a diocesan bishop within his diocese consistent with the fulfilment of his office.112 Some relevant provisions are set out hereunder: • Canon 381 §1: “A diocesan bishop in the diocese entrusted to him has all ordinary, proper, and immediate power which is required for the exercise of his pastoral function except for cases which the law or a decree of the Supreme Pontiff reserves to the supreme authority or to another ecclesiastical authority”; • Canon 391 §1: “It is for the diocesan bishop to govern the particular church entrusted to him with legislative, executive, and judicial power according to the norm of law”; • Canon 391 §2: “The bishop exercises legislative power himself. He exercises executive power either personally or through vicars general or episcopal vicars according to the norm of law. He exercises judicial power either personally or through the judicial vicar and judges according to the norm of law”; • Canon 392 §1: “Since he must protect the unity of the universal Church, a bishop is bound to promote the common discipline of the whole Church and therefore to urge the observance of all ecclesiastical laws”; • Canon 392 §2: “He is to exercise vigilance so that abuses do not creep into ecclesiastical discipline, especially regarding the ministry of the word, the celebration of the sacraments and sacramentals, the worship of God and the veneration of the saints, and the administration of goods“; • Canon 393: “The diocesan bishop represents his diocese in all its juridic affairs”; • Canon 473 §1: “A diocesan bishop must take care that all the affairs which belong to the administration of thewhole diocese are duly coordinated and are ordered to attain more suitably the good of the portion of the people of God entrusted to him”; • Canon 491 §1: “A diocesan bishop is to take care that the acts and documents of the archives of cathedral, collegiate, parochial, and other churches in his territory are also diligently preserved and that inventories or catalogs are made in duplicate, one of which is to be preserved in the archive of the church and the other in the diocesan archive”; • Canon 491 §2: “A diocesan bishop is also to take care that there is an historical archive in the diocese and that documents having historical value are diligently protected and systematically ordered in it”; • Canon 491 §3 “In order to inspect or remove the acts and documentsmentioned in §§1 and 2, the norms established by the diocesan bishop are to be observed”. 192. Local normsmay be prescribed by the Archbishop and the Irish Episcopal Conference of Bishops. 112 Submissions of 1 February 2023, [4]. 193. In addition, the diocesan bishop enjoys a power of inspection of baptism registers pursuant to canon 535 §4. This permits the Archbishop to inspect the Baptism Registers held in parishes during the course of a “visitation” to the parishes of the Archdiocese. The purpose of this inspection is to ensure that the registers are maintained by the parish priest as he is obligated to do in his parish, in accordance with Canon Law. In practice, the Archbishop states that this would involve looking at the last entry in the registers and checking the register was up to date113. Upon completion of a parish visitation, the Archbishop will complete a report that is given to the parish priest. This may offer recommendations for certain improvements within the parish if required.114 194. Canon 1276 §1 also places a responsibility on the Archbishop to “exercise careful vigilance over the administration of all goods which belong to the public juridic persons subject to him, without prejudice to legitimate titles which attribute more significant rights to him”. Canon 1287 §1 also requires that clerical and lay administrators of any ecclesiastical goods whatever (which have not been legitimately exempted from the power of governance of the diocesan bishop) are “bound by their office to present an annual report to the local ordinary”. 195. The Archbishop also provides support services to parish priests in the Archdiocese via his diocesan offices, “including, but not limited to, areas such as education, finance and communications, property, chancellery, human resources, investment portfolio management and advice, pastoral relationship management, accounting services and regulatory compliance and reporting services.” To facilitate this sharing of resources, each Pastor has signed a Data Processing Agreement in 2016 and an updated Agreement in 2019. These agreements state that the Archbishop acts as a processor for the parish priest acting as controller.115 These are considered further at a later point in this Decision. 196. The Archbishop is assisted in his functions by the diocesan curia, as set out in canon 469, which states that the diocesan curia consists of those institutions and persons which “assist the bishop in the governance of the whole diocese, especially in guiding pastoral action, in caring for the administration of the diocese, and in exercising judicial power”. The curia consists of the chief officials of the Archdiocese. Canon Law allows the Archbishop, as the diocesan bishop of the Archdiocese, to appoint those who will exercise the offices in the diocesan curia, further to canon 470. 113 Submissions dated 16 March 2020, page 7. 114 Submissions dated 15 October 2020, page 12. 115 Submissions dated 16 March 2020, page 5. 197. Within every diocesan curia, a diocesan bishop must appoint a chancellor.116 Canon 471 §1 requires that all those admitted to the offices of the curia, which includes the chancellor, must “promise to fulfil their function faithfully according to the manner determined by the law or by the bishop”. The diocesan bishopmay also “freely remove” the chancellor from office according to canon 485117. The principal task of a chancellor as defined in canon 482 §1 is “to see to it that the acts of the curia are gathered, arranged and safeguarded in the archive of the curia”. The Chancellery, the office of the Chancellor, also offers advice on certain matters, including Canon Law, to the Archbishop, the priests of the Archdiocese and the Diocesan Agencies, in order to ensure good canonical practice. 198. The Chancellery also issues guidance on Canon Law matters for parish priests of the Archdiocese, which is contained in the ‘Directives and Guidelines for Sacramental and Pastoral Practice’ (the Guidelines). The Guidelines contain general advice concerning, among other things, the management of baptism records in accordance with Canon Law. The Guidelines provide detailed instructions on a number of topics including applying to be baptised, on how to record baptism details in specific situations, issuing baptismal certificates, access to baptismal registers, and alterations to the baptism register. In respect of alterations to a baptism register, the Guidelines state that “[t]he express permission of the Chancellery is required before any alteration or emendation may be made in any entry in any such parochial register”.118 The Guidelines also set out that “the primary purpose of registration is to record the fact of Baptism and to establish the identity of the one who received the sacrament”.119 199. The moderator and financial administrator, other members of the Diocesan Offices, also provide guidance to parish priests of the Archdiocese via the Administrative Regulations and Guidelines for Parishes (October 2017) (the “Administrative Regulations”) relating to, among other things, parish property, finances, data protection, archiving, parish registers and record management. For instance, with regard to parish registers the Administrative Regulations provide that “Catholic Parish church records are private records and the public do not have an automatic right of access to them. The Parish Priest is custodian of the registers but the Archbishop dictates policy with regard to access”.120 116 Canon 482§1: “In every curia a chancellor is to be appointed whose principal function, unless particular law establishes otherwise, is to take care that acts of the curia are gathered, arranged, and safeguarded in the archive of the curia. See also canon 470: “The appointment of those who exercise offices in the diocesan curia pertains to the diocesan bishop”. 117 Canon 485: “The chancellor and other notaries can be freely removed from office by the diocesan bishop, but not by a diocesan administrator except with the consent of the college of consultors”. 118 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, section 4.5 (page 23 of the PDF submission). See section 1.12 which states that “[a]ny alteration to the Baptismal Register must be authorised though the Chancellery” (page 12 of the PDF submission). 119 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, section 1.5 (page 10 of the PDF submission). 120 Submissions dated 15 October 2020, Schedule of Documents, Administrative Regulations, October 2017, section E1 (page 32 of the Regulations and/or page 167 of the PDF submission). 200. In respect of property, the Administrative Regulations states that “[a]ll property of parishes and agencies of the diocese must be vested in the St. Laurence O’Toole Diocesan Trust”. The St Laurence O’Toole Diocesan Trust is a company limited by guarantee which acts as a trustee “for property and instruments of every kind owned by or used in connection with the Roman Catholic Church in the Diocese of Dublin or held or to be held in trust for any charitable purpose whatsoever…”.121 201. The Guidelines and the Administrative Regulations are not formally published or promulgated by the Archbishop as norms, and as such do not have the force of Canon Law. Where a parish priest deviates from the Guidelines or Administrative Regulations, further action will be taken only where the deviation relates to a particular canon in Canon Law or to a particular provision of civil law. In circumstances where the deviation is amatter of civil law, the finance secretariat or human resources department of the Diocesan Officesmay intervene. In circumstances where the deviation relates to sacramental or canonical practice, the Chancellery may intervene.122 The Role and Position of the Parish Priest vis-à-vis the Archbishop under Canon Law 202. Each diocese is made up of parishes, and each parish “has a relationship with the Diocese in canon law”.123 A parish is described under canon 515 §1, as “a certain community of Christian faithful stably constituted in a particular church, whose pastoral care is entrusted to a pastor (parochus) as its proper pastor (pastor) under the authority of the diocesan bishop”.124 203. The diocesan bishop is conferredwith the power to bring a parish into being, according to canon 515 §2.125 Once he has heard the advice of the Presbyteral Council, the Bishop can proceed to establish a parish.126 In the establishing of a parish, it automatically gains juridic personality, which means that it is, under Canon Law, a legal person subject to rights and obligations.127 204. In accordancewith canon 519 the pastoral care of the parish is entrusted to the pastor, or parish priest, by the diocesan bishop. Canon 519 states that “The pastor (parochus) is the proper pastor (pastor) of the parish entrusted to him, exercising the pastoral care of the community committed to him under the authority of the diocesan bishop in whose ministry of Christ he has been called to share, so that for that same community he carries out the functions of teaching, sanctifying, and governing, also with the cooperation of other presbyters or deacons and with the assistance of lay members of the Christian faithful, according to the norm of law”128. 121 Memorandum of Association of St. Laurence O’ Toole Diocesan Trust, page 1. 122 Submissions dated 15 October 2020, pages 15-16. 123 Submissions dated 16 March 2020, page 3. 124 This version of the Code of Canon Law is as stated on https://www.vatican.va/archive/cod-iuris- canonici/eng/documents/cic_lib2-cann460-572_en.html#Art._1 (accessed 20 February 2023). The Submissions of 1 February 2023 appear to use a different source with a variation in the text, which matches that on http://www.intratext.com/IXT/ENG0017/_P1T.HTM (accessed 20 February 2023). 125 Canon 515 §2 states: “It is only for the diocesan bishop alone to erect, suppress or alter Parishes. He is neither to erect, suppress nor alter notably parishes, unless he has heard the presbyteral council.” 126 Canon 127. 127 Canon 515 §3. 128 See also canon 521 §3, 522 and 523. 205. The parish priest has all the ordinary power which comes from his office as exercised under the authority of the Archbishop pursuant to canon 131 §1 and canon 515 §1.129 In the Guidelines at section 4.3 it is stated that “Parish Priests and Moderators are the legal representatives of the parish”, however, they do “need the Archbishop’s permission if they wish to initiate or contest legal proceedings on behalf of the parish”130 and they are answerable to their ecclesiastical superior. In the submissions of 1 February 2023, the Archbishop clarified that: “… the property of the Parish belongs to the Parish. The powers of the Parish Priest are not gained by virtue of or through the person who made the Parish Priest’s appointment.”131 206. Canon 273 provides that “[c]lerics are bound by a special obligation to show reverence and obedience to the Supreme Pontiff and to their own ordinary”. A bishop cannot command anything from a parish priest forbidden by law; nor can he prohibit what the Code of Canon Law clearly permits. 207. Among the duties attached to the office of pastor (parish priest), canon 535 §1 prescribes the duty to maintain parochial registers. Canon 535 §1 provides that “[e]ach Parish is to have parochial registers, that is, those of baptisms, marriages, deaths, and others as prescribed by the conference of bishops or the diocesan bishop. The pastor is to see to it that these registers are accurately inscribed and carefully preserved”. 208. The Archbishop stated in his submissions that: “ The Parish Priest is responsible for all applications and activities concerning the baptismal register, such as: • the creation of the original, handwritten, record of baptism; • the responsible disposal of the baptismal application form, completed by the parent(s)/guardian(s), once the baptism has taken place and has been written up in the register; • the issuing of baptismal certificates; • the annotation of the baptismal record with details of a person’s confirmation, marriage/annulment and ordination/laicisation; • the maintenance of security and confidentiality of baptismal registers; • the making of decisions as to who may access the baptismal register”.132 209. Further, the parish priest is tasked with ensuring that baptism registers do not fall into unauthorised hands and that they, along with other parochial registers, are stored or archived correctly within the parish.133 129 This sentence reflects the text suggested in the submission of 1 February 2023. 130 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, section 4.3 (page 23 of the PDF submission). 131 Submissions of 1 February 2023 at page 2. 132 Submissions dated 16 March 2020, page 5. 133 Canon 535 §4. 210. On issuing a baptismal certificate, the parish priest must make sure that all documents emanating from the registers are sealed with the parish seal and bear his signature, or the signature of his delegate.134 211. When an individual requests the alteration of a baptism record (for instance where the individual has changed their name), the parish priest must either request authorisation from the Chancellery to make the change or the parish priest directs the individual to contact the Chancellery directly. The parish priest cannot make any changes to an entry in the baptism register without contacting the Chancellery (aside from making notations of other sacraments received). This is evident from the Guidelines, drafted by the Chancellery, which states that “[t]he express permission of the Chancellery is required before any alteration or emendation may be made in any entry in any such parochial register”.135 212. Once the request for authorisation is raised by a parish priest, an investigation is carried out by the Chancellery. The Chancellor will relay the findings of the investigation in written form to the parish priest who then makes an annotation of the change in the baptism register. The original data (even where it is an error) remains in place in the baptism register.136 The Chancellery 213. The involvement of the Chancellery in the processing activities of annotation and alteration is relevant. The Chancellor deals with Canon Law matters in the Archdiocese.137 214. The Chancellery is an office of the Archdiocese which assists the Chancellor in the discharge of his functions within the diocesan curia of the Archdiocese. The Archbishop may freely appoint the heads of the various curial offices and may introduce any improvements that may be necessary in the curia, and to correct anything that does not conform to canonical discipline.138 The Chancellor’s role in Canon Law is set out in canon 482 §1 ”to take care that acts of the curia are gathered, arranged and safeguarded in the archive of the curia”. In the Archdiocese, the Chancellor, along with his office, the Chancellery, is tasked by the Archbishop with dealing with issues of Canon Law and archiving which arise in the Archdiocese on behalf of the Archbishop. 134 Canon 535 §3; see also submissions dated 16 March 2020, page 31. 135 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, section 4.5 (page 23 of the PDF submission). 136 Submissions dated 16 March 2020, page 6. 137 See also https://dublindiocese.ie/archdiocese-overview/diocesan-offices/. 138See passage number 176 of the Directory for the Pastoral Ministry of Bishops (2004) https://www.vatican.va/roman_curia/congregations/cbishops/documents/rc_con_cbishops_doc_20040222_apostolorum- successores_en.html 215. While the Archbishop in his submissions has maintained that the Chancellery acts independently as an advice-giving body, it is clear from Canon Law that the Chancellor is appointed directly by the Archbishop as part of the diocesan curia.139 The Chancellor may also be removed at any time by the Archbishop.140 The clear primacy of the Archbishop here is further emphasised by canon 469, which states that the diocesan curia consists of those institutions and persons, which “assist the bishop in the governance of the whole diocese, especially in guiding pastoral action, in caring for the administration of the diocese, and in exercising judicial power”. Canon 471 §1 requires that all those admitted to the offices of the curia must “promise to fulfil their function faithfully according to the manner determined by the law or by the bishop”. 216. I note that the Chancellery, a Diocesan office, which forms part of the diocesan curia, to “assist the bishop in the governance of the whole diocese”141 issues guidance on Canon lawmatters for parish priests, which is contained in the Guidelines. According to the Archbishop, these Guidelines contain general advice concerning the management of baptism records in accordance with Canon Law only and that the “Archbishop does not impose these requirements on the Parish”142. In my view, the guidance provides detailed instructions on a number of topics including on retention of Baptism Registers, on issuing baptismal certificates, on access to Baptism Registers, and on alterations to Baptism Registers. It also sets out that “the primary purpose of registration is to record the fact of Baptism and to establish the identity of the one who received the sacrament”.143 217. It is evident that the role of the Chancellery under Canon law is that of assistance to the Archbishop in his governance of the Archdiocese, in particular with respect to Canon law matters. Further, the principal duty of the Chancellor is stated [in the Report] as “his principal duty is to attend to canon law matter on behalf of the Archdiocese”.144 218. The Archbishop states in his submissions that the Chancellery is an office which provides only advice to the parish priest, the Archbishop and diocesan agencies, and has no power to impose the Canon Law on those parties.145 The Archbishop has asserted that in offering canonical advice to a parish priest “the Chancellery is acting on behalf of the Parish Priest, and not as mentioned above, for and on behalf of the Archbishop when and if giving any guidance or direction on data protection issues to Parish Priests within the Archdiocese of Dublin”.146 139 Canon 482. 140 Canon 485. 141 Canon 469. 142 Submissions dated 16 March 2020, page 11. 143 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, section 1.5 (page 10 of the PDF submission). 144 Report by Commission of Investigation into Catholic Archdiocese of Dublin commissioned by the Minister for Justice and Equality (published 29 November 2009), Appendix 3, page 24; https://www.justice.ie/en/JELR/Pages/PB09000504 https://www.justice.ie/en/JELR/DACOI%20Appendices.pdf/Files/DACOI%20Appendices.pdf 145 Submissions dated 16 March 2020, page 6; Submissions dated 15 October 2020, pages 15-16. 146 Submissions dated 15 October 2020, page 14. 219. However, I respectfully reject the notion that the Chancellery acts only on behalf of the party asking advice (such as the parish priest) at any given time, only providing advice and not imposing the Archbishop’s interpretation of the Canon Law (or indeed the civil law). 220. On the contrary, the Chancellor is appointed by the Archbishop to assist in the governance of the Archdiocese. The Chancellormust “promise to fulfil their function faithfully according to the manner determined by the law or by the bishop”.147 The Chancellormay be “freely” removed by the Archbishop.148 The Archbishop has confirmed that should a disagreement arise between the Chancellor and the Archbishop, it would be resolved as follows: “If the wish of the Archbishop were unlawful, the Chancellery would brief him accordingly. If the Archbishop refused in the light of this advice to alter his position, the Chancellery, at that point, would not act against his wishes. Rather, it would inform the Archbishop that in light of the issue in question, that he or the Chancellery should refer the matter for decision to a higher authority, namely the Holy See”.149 221. Further, the Archbishop has noted in his submissions that he disseminates guidance to the Archdiocese “through the Chancellery”150 to assist with the interpretation of Canon Law. I do not accept that in this instance the Chancellery is providing advice only, but I take the view that the Chancellery is disseminating the decisions taken by the Archbishop. 222. As such, the Archbishop has not demonstrated to my satisfaction the way in which the Chancellor acts independently and how he is not under the authority of the Archbishop, who governs the Archdiocese unequivocally with respect to the Canon Law by legislative, executive and judicial power, according to the norm of law.151 Therefore, for the purposes of this Decision, I have taken the view that, on balance, the Chancellery acts for and on behalf of the Archbishop as part of the diocesan curia, in all its interactions with parish priests of the Archdiocese. The Chancellery’s guidance and advice to parish priests is an extension of the function of the Archbishop himself. Relevant Provisions 223. Article 4(7) of the GDPR defines a ‘controller’ as: “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”. 147 Canon 471 §1. 148 Canon 485. 149 Submissions dated 23 July 2021, page 2. 150 Submissions dated 16 March 2020, page 11 151 Canon 391 §1. 224. Article 26(1) of the GDPR provides that: “[w]here two ormore controllers jointly determine the purposes andmeans of processing, they shall be joint controllers. They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14, by means of an arrangement between them unless, and in so far as, the respective responsibilities of the controllers are determined by Union or Member State law to which the controllers are subject”. 225. Article 5(2) of the GDPR requires that controllers “be responsible for, and be able to demonstrate compliance” with the principles of relating to the processing of personal data as set out in Article 5(1) of the GDPR. Relevant Case Law and Guidance 226. Inmaking his submissions regarding controllership, the Archbishop referred to three judgments of the CJEU, case C-210/16Wirtschaftsakademie,152 case C-25/17 Jehovan todistajat153 and case C-40/17 Fashion ID,154 which have previously provided guidance on the meaning of a controller, and joint controllership. All three cases concerned the notion of a controller and joint controller under Directive 95/46/EC, however, the judgments still offer useful guidance as to the interpretation of a controller and joint controller under the GDPR. This case law has interpreted the concept of a controller broadly, with reference to case C-131/12 Google Spain and Google.155 227. In C-25/17 Jehovan todistajat, the CJEU stated that “a natural or legal person who exerts influence over the processing of personal data, for his own purposes, and who participates, as a result, in the determination of the purposes and means of that processing, may be regarded as a controller within the meaning of Article 2(d) of Directive 95/46”156. Further, the CJEU also stated that “neither the wording of Article 2(d) of Directive 95/46 nor any other provision of that directive supports a finding that the determination of the purpose andmeans of processingmust be carried out by the use of written guidelines or instructions from the controller”.157 228. In C-210/16 Wirtschaftsakademie, the CJEU found that in respect of joint controllers, the “existence of joint responsibility does not necessarily imply equal responsibility of the various operators involved in the processing of personal data. On the contrary, those operators may be involved at different stages of that processing of personal data and to different degrees, so that the level of responsibility of each of them must be assessed with regard to all the relevant circumstances of the particular case”.158 152 C-210/16 Wirtschaftsakademie Schleswig-Holstein EU:C:2018:388. 153 C-25/17 Jehovan todistajat ECLI:EU:C:2018:551. 154 C-40/17 Fashion ID ECLI:EU:C:2019:629. 155 C-131/12 Google Spain and Google, EU:C:2014:317, paragraph 34. 156 C-25/17 Jehovan todistajat, paragraph 68. 157 C-25/17 Jehovan todistajat, paragraph 67. 158 C-210/16 Wirtschaftsakademie, paragraph 43. 229. In C-25/17 Jehovan todistajat, the CJEU stated that the concept of a controller may “concern several actors taking part” in processing of personal data who “may be involved at different stages of that processing of personal data and to different degrees”.159 In all three judgments, the CJEU stated that joint responsibility does not require the parties to have access to the personal data concerned under Directive 95/46/EC.160 230. In C-40/17 Fashion ID, the CJEU stated that a party would be a controller “jointly with others only in respect of operations involving the processing of personal data for which it determines jointly the purposes and means”.161 231. The DPC also had regard, when conducting the Inquiry, to the EDPB’s Guidelines 07/2020 on the concepts of controller and processor in the GDPR (‘the EDPB Guidelines 07/2020’)162, which are referenced throughout this analysis. Archbishop’s Submissions 232. In his submissions as to the Archbishop’s role as a controller of the Baptism Registers, the Archbishop stated his position is that “the data controller in respect of baptism registers is the Parish Priest”. The Archbishop emphasised that he “is not entitled to remove the registers from the Parish, he is not entitled to alter entries in the registers and he has no power to compel a Parish Priest to alter a register”.163 233. The Archbishop submitted that a parish, though created by a Bishop, takes on a wholly separate juridic statuswhen created. The parish priest as appointed by the bishop and then acts on behalf of the parish: “The Pastor governs with the ordinary power granted to him by virtue of his office (canon 131§1). As such, the Parish Priest makes his own decisions, but such decisions are made in a spirit of the Bishop’s concerns and policies. As the one who governs the juridic person of the Parish (canon 1279§1), the pastor (Parish Priest) alone represents the Parish in all juridical matters (canon 532)”.164 234. Any obligations placed on the parish priest to keep records of sacraments administered are “imposed on Parishes and Parish Priests as a matter of canon law. They are not imposed on the Parish Priest by ArchbishopMartin”.165 Further, the Archbishop submitted “[l]egal ownership of the property rights in these registers belongs to the Parish. It is not available to the Archbishop, either in civil law or in Church law, to enter a Parish and remove a register, or to enter a Parish and alter or erase a record even if he were minded to do so”.166 159 C-25/17 Jehovan Todistajat, paragraph 66. 160 C-210/16 Wirtschaftsakademie, paragraph 38; C-25/17 Jehovan Todistajat, paragraph 69;and C-40/17 Fashion ID, paragraph 69. 161 C-40/17 Fashion ID, paragraph 74. 162 EDPB Guidelines 07/2020 on the concepts of controller and processor in the GDPR, Version 2.0, Adopted on 07 July 2021. 163 Submissions dated 16 March 2020, page 2. 164 Submissions dated 16 March 2020, page 4. 165 Submissions dated 16 March 2020, page 4. 166 Submissions dated 16 March 2020, page 4. 235. The Archbishop has stated that insofar as baptism records are concerned, the Archbishop “plays only a very limited role”. For example, “if a request for a baptism certificate is received by the Archbishop, it will be sent, by the Chancellery, to the relevant Parish Priest, so that the request can be directly fulfilled by him. Archbishop Martin does not play any other role in responding to the request”.167 236. The Archbishop submitted that the Chancellery is a Diocesan Office, which deals mainly with Canon Law matters. The Archbishop submitted that the Chancellery “serves as a resource to give advice on canonical issues to the Archbishop, his staff, Parish Priests and Diocesan agencies. Where the Chancellery advises on a matter of canon law, it is not defining canon law and imposing it on the Parish Priest, but rather providing assistance to the Parish Priest in the interpretation of canon law, and guidance on its operation”.168 237. With regard to data protection requests, the Archbishop stated that the Chancellery “evaluates queries, in accordance with canon law, and with the advice of civil lawyers, on how to proceed”.169 This advice is then relayed to the recipient (which may be by the Archbishop, a parish priest, or a diocesan agency). The Archbishop stated that the actions thereafter fall under the jurisdiction of the recipient on how they will proceed. 238. The Archbishop stressed that the Chancellery “only offers advice”. It in no way compels the recipient to follow the advice, much akin to a person seeking legal advice from a solicitor”.170 In response to queries regarding the Chancellery and the use of the word “authorise” with respect to requests for alterations to the Baptism Registers171, the Archbishop stated that the Chancellery “does not “authorise” an amendment in the sense of the giving official permission by someone in a position of authority. A better termmight perhaps be “advise””. The Archbishop also emphasised that “in confirming that the request is a legitimate one, the Chancellery is confirming whether the individual has a right to have their baptismal record amended. It is then a matter for the relevant Parish Priest to give effect to this right and lawful amendment, where it arises”.172 239. The Archbishop stated that “most, if not all, of the queries received by the Chancellery originate in the Parish” and as such it is the parish priest who makes contact with the Chancellery, and the advice is relayed to him for further action. The Archbishop stated that, in offering canonical advice to parish priests on any issue, “the Chancellery is acting on behalf of the Parish Priest, and not, as mentioned above, for and on behalf of the Archbishop when and if giving any guidance or direction on data protection issues to Parish Priests within the Archdiocese of Dublin”.173 167 Submissions dated 16 March 2020, page 6. 168 Submissions dated 16 March 2020, page 6. 169 Submissions dated 15 October 2020, page 14. 170 Submissions dated 15 October 2020, page 14. 171 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, section 1.12 states “Any alteration to the Baptismal register must be authorised through the Chancellery” (page 12 of the PDF submission). 172 Submissions dated 23 July 2021, page 1. 173 Submissions dated 15 October 2020, page 14. 240. The Archbishop stated that where a parish priest raises such a matter with the Chancellery, an investigation of thematter is carried out by canon lawyers, and the staff of the Chancellery. The Archbishop also stated that “this investigation is carried out by the Chancellery on behalf of the Parish Priest, because he is the custodian of the records”.174 The Chancellor will then relay the findings of the investigation “in written form to the Parish Priest, and as data controller, he makes an annotation of the change in the appropriate column of the register”.175 241. As previously outlined in this Decision the Archbishop submitted that, should a disagreement arise between the Archbishop and the Chancellery, “[i]f the wish of the Archbishop were unlawful, the Chancellery would brief him accordingly. If the Archbishop refused in the light of this advice to alter his position, the Chancellery, at that point, would not act against his wishes. Rather, it would inform the Archbishop that in light of the issue in question, that he or the Chancellery should refer the matter for decision to a higher authority, namely the Holy See”.176 242. The Archbishop points out that he did not create the requirement to maintain the Baptism Registers, this is imposed directly on the parish priest by virtue of Canon Law.177 However, the Archbishop submitted that he does enjoy a power of inspection of the Baptism Registers when he makes a visitation to a parish, pursuant to canon 535 §4, to “ensure that the registers are being maintained by the Parish Priest as he is obligated to do in his Parish in accordance with canon law”178. The Archbishop submitted that this inspection is “superficial” and “[i]n practice, thismeant that the Archbishop would look at the last entry in the registers and check the register was up to date, in a very general sense”. The Archbishop further submitted that “in the context of the functional analysis that governs the concept of the data controller, the inspection power cannot be regarded as significant”.179 243. With respect to the relationship between the Archbishop and the parish priest, the Archbishop submitted that: “while a priest’s ministry is dependent upon that of his bishop, and every priest promises respect and obedience to his bishop at ordination, it is a common mistake to think of a Parish Priest as a kind of “branch manager” or “tenant farmer” of a bishop… A bishop is free to establish policies for all Parishes in his diocese provided that they do not conflict with universal canon law or divine law. However, within the boundaries established by canon law, divine law and civil law, it is the Parish Priest’s job to lead the parish and to determine how best to govern the community with which he has been entrusted”.180 174 Submissions dated 16 March 2020, page 6. 175 Submissions dated 16 March 2020, page 6. 176 Submissions dated 23 July 2021, page 2. 177 Submissions dated 16 March 2020, page 11. 178 Submissions dated 16 March 2020, page 7. 179 Submissions dated 16 March 2020, page 7. 180 Submissions dated 15 October 2020, page 16. 244. In this regard, the Archbishop also noted that a bishop does have “the authority to oblige any priest or member of the faithful to do, or not do, a particular thing he may determine to be detrimental to the wider community. He can do this through a “precept”, a kind of canonical injunction directed at a specific person or situation”.181 The Archbishop further submitted that pursuant to canon 49: Precepts are decrees “by which an obligation is directly and lawfully imposed on a specific person or persons to do or to omit something, especially in order to urge the observance of a law”. They are rarely used.”182 245. Further, the Archbishop noted that although bishops have the authority to appoint parish priests within their diocese, “[a] bishop is not free, however, to remove or transfer a Parish Priest from his office without following a detailed and non-negotiable process defined by canon law […] In short,while no priest has a right to an assignment or toministry, once a priest is appointed a Parish Priest, he cannot be removed from his office or from his ministry, without serious cause and without observation of the canon law’s procedural requirements”.183 246. The Archbishop also submitted that upon completion of a visitation the Archbishop is to prepare a report that is to be given to a parish priest. With respect to this report, the Archbishop submitted that: “It is in this report that any shortcomings of the Parish Priest in his duty to maintain and preserve the parish registers would be highlighted by the Bishop, and recommendations offered on how he can better fulfil this duty. Any recommendations made are likely to be taken seriously by the Parish Priest and brought to Parish Council/Parish Finance Committee for discussion, but there is no power on the part of the Archbishop to compel compliance with specific recommendations”.184 247. The Archbishop further submitted that, with respect to the two executed agreements relating to the microfilming project of church registers in the Archdiocese in the 1980s and 1990s: “[i]t is apparent in these agreements that co-ownership in relation to the records concerned was asserted by the Archbishop. A careful review of correspondence relating to these agreements indicates that no analysis was undertaken at the time of their execution as to the assertion of ownership on the part of the Archbishop in common with the Parish Priest concerned. Questions relating to ownership and control of records have necessarily been considered in depth for the purpose of this inquiry and in the context of the requests made by the DPC. We are satisfied that these agreements were mistaken in asserting co-ownership on the part of the Archbishop”.185 181 Submissions dated 15 October 2020, page 19. 182 Submissions dated 1 February 2023, page 3. 183 Submissions dated 15 October 2020, page 17. 184 Submissions dated 15 October 2020, page 12. 185 Submissions dated 15 October 2020, page 21. 248. Further, the Archbishop submitted that in applying the law to the facts that “[t]he position of the Archbishop is that the Parish Priest is the data controller in respect of baptism records” and that: “[t]he Parish Priest is the one responsible for the collection of the data in the first instance, it he who arranges the sacrament of baptism and he who manages the making of the record in the register. The data in the baptism register exists because the Parish Priest has permitted the baptism to take place in his Parish.Where a baptism certificate is issued, it is the Parish Priest that consults the register and issues the certificate. The Parish Priest has ongoing access to the registers and it is he that bears the responsibility of ensuring their security and confidentiality. It is the Parish Priest who controls access to the register for individuals, and he who decides whether someone has a valid reason for seeking access to the register, in compliance with the principles of canon law. Legal ownership of the property rights in these registers belongs to the Parish”.186 249. With respect to the above cases, the Archbishop submitted that: “the most succinct statement of the law may be found in Fashion ID, which defined the controller as a person “who exerts influence over the processing of personal data, for his own purposes, and who participates, as a result, in the determination of the purposes and means of that processing.” There can be no doubt that the Parish Priest exerts influence in the processing of personal data. An analogy can be drawn with the website operators in Wirtschaftsakademie and Fashion ID. In those cases the operators merely facilitated the collection of personal data by Facebook. Here, the Parish Priest not only collects the data, but remains responsible for the processing stage. He furthermore remains in possession of the data on a continuous and indefinite basis, and controls access to that data by all outside parties, including the person to whom the record relates. There can be no doubt that the Parish Priest, therefore, is a data controller”.187 186 Submissions dated 16 March 2020, page 10. 187 Submissions dated 16 March 2020, page 11. 250. In respect of questions relating to joint controllership, the Archbishop submitted that the situation of the Archbishop could be distinguished from the above mentioned cases as follows: “The Archbishop does not create the requirement to maintain baptism registers, nor did he initiate it. The processing arises as a requirement of canon law, imposed directly on the Parish Priest. Similarly, the fact of a power of investigation on the part of the Archbishop does not mean that he initiated or caused the processing to happen. Second, insofar as the vast majority of entries on the baptism register are concerned, the Archbishop will never have any control or interaction with them at any point. While the Archbishop (through the Chancellery) disseminates guidance, this is to assist in the interpretation of canon law. The Archbishop does not impose these requirements on the Parish. The only point at which the Chancellery has any influence over a particular entry on the register is where an amendment is sought to be made, in the circumstances set out above. In such a case, the Chancellery will advise the Parish Priest as to the results of its investigation as to the application of canon law to the particular amendment sought. The investigation is carried out on behalf of the Parish Priest. The Archbishop submits that this minimal role does not constitute “decisive influence” in the sense contemplated by the CJEU”.188 251. The Archbishop further stated that: “the role of Archbishop Martin can be distinguished from that of the website administrators in Wirtschaftsakademie and Fashion ID insofar as the Chancellery only ever interacts directly with a tiny number of entries on the register, whereas the website operators caused all data collected via the cookies in question to be gathered. Furthermore, the role of ArchbishopMartin can be distinguished from the situation of the religious community in Jehovan todistajat, because there, the data was collected by the members and then sent (at least in part) to the central church community, organised and stored by it. This never occurs in the case of the Chancellery, which accesses data only in the limited circumstances set out above. Similarly, the theoretical power of inspection does not involve the Archbishop gathering in the data, storing or organising it”.189 Legal Analysis 252. Havingmade the determination in this Decision that Baptism Registers comewithin thematerial scope of the GDPR, the DPC now considers the following issue: whether the Archbishop or the parish priest alone and / or jointly with others determines the purposes and means of the processing of the personal data and special category personal data contained in the Baptism Registers which are now the subject of this Inquiry. 188 Submissions dated 16 March 2020, page 11. 189 Submissions dated 16 March 2020, pages 11-12. Legal Analysis: Canon Law 253. As a preliminary point, it is noted that Canon Law is the internal law of the Roman Catholic Church and is the principal framework by which the Roman Catholic Church is governed. Canon Law was revised in 1983 and is the current applicable Code. 190 In addition, provisions relating to Baptism Registers are contained within Canon Law, which also identifies the respective roles of the Archbishop and the parish priest regarding these registers. 254. Canon Law is not determinative of the position of controllership under data protection law. However, Canon Law is clearly a relevant consideration; it assists in understanding, within the Archdiocese itself, the role and influence the parties have on the governance of parish affairs and on the decision-making power regarding Baptism Registers. 255. At the outset, I accept the position that Canon Law, from a civil law perspective,must be viewed as a species of foreign law in accordance with O’Callaghan v O’Sullivan – “[t]he Canon law of the Roman Catholic Church is foreign law, which must be proved as a fact and by the testimony of expert witnesses according to the well-settled rules as to proof of foreign law”.191 It ismy view that, pursuant to the decision in O’Callaghan v O’Sullivan, Canon Law in Ireland is a foreign law that does not exempt people resident in the State from compliance with the obligations imposed by the Constitution of Ireland, European Union law and the laws enacted thereunder.192 256. The Archbishop is considered the representative at law for the Archdiocese of Dublin, which is not a distinct legal person in its own right, though both dioceses and parishes have distinct juridical personality under Canon Law.193 The Archbishop is autonomous in the Archdiocese and is accountable directly to the Holy See.194 The Archbishop has control over the day-to-day management of the Archdiocese, as long as he remains compliant with Canon Law.195 The Archbishop governs the Archdiocese of Dublin with the ordinary power which comes from his office as exercised under the authority of the Pope pursuant to canon 381.196 In accordance with canon 391 §1, it is for the Archbishop to govern the Archdiocese with “legislative, executive, and judicial power according to the norm of law”. 257. The EDPB Guidelines 07/2020 state there is “no limitation as to the type of entity which may assume the role of controller. It might be an organisation, but it might also be an individual or a group of individuals”.197 As such, the DPC has turned to the Archbishop rather than the Archdiocese to assess his role as controller (either joint or sole) in the context of this Inquiry. 190 The version of the Code of Canon Law referred to by the DPC is the Canon Law Society of America’s translation, available on the Vatican website at https://www.vatican.va/archive/cod‐iuris‐canonici/cic_index_en.html 191 O’Callaghan v O’Sullivan [1925] 1 IR 90 at 113. 192 This sentence is based on the submission of 1 February 2023 at paragraph 8. 193 Canons 373, 515 §3. 194 Report by Commission of Investigation into Catholic Archdiocese of Dublin (29 November 2009) at paragraph 3.16 195 Ibid at 3.17. 196 As submitted by the Archbishop in the Submissions of 1 February 2023, at paragraph 9. 197 EDPB Guidelines 07/2020, paragraph 17. 258. I accept that the Archbishop does not solely, or with the conference of bishops, impose the requirements to record the Baptism Registers on the parish priests of the Archdiocese, or impose the requirement to record certain personal data in the Baptism Registers as set out in canon 877 §1. These are requirements, which are imposed by Canon Law. However, Canon Law does impose a duty on diocesan bishops to govern their dioceses and to represent their diocese in all juridic affairs. A diocesan bishop is empowered under Canon Law to use his legislative and executive power to govern his diocese.198 As such, the Archbishop may direct the manner in which Canon Law is applied by the parishes of the diocese via the issuing of local laws or directions, whichmay take a number of forms.199 Canon 391 §2 notes that “the bishop exercises judicial power either personally or through the judicial vicar and judges according to the norm of [Canon] law.” 259. The Diocesan Curia, via the Chancellery, assists the diocesan bishop in governing by implementing the directions and norms set down by the Archbishop. For instance, the Chancellery is the office that authorises or gives permission to parish priests tomake alterations to Parish Baptism Registers in some instances. 260. As such, Canon Law does not direct the exact purposes for, and means by which, many of its requirements are to be fulfilled. This is instead determined by the diocesan bishop, at his discretion, as this discretion is conferred on him under Canon Law. Legal Analysis: Identifying a Controller: Preliminary Points 261. As a preliminary point, the key test for identifying whether a person, natural or legal, is a controller is set out in Article 4(7) of the GDPR. A person shall be a controller if they alone or jointly with others “determines the purposes and means of the processing of personal data”. Article 26(1) of the GDPR similarly states that in the instance where “two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers”. 262. I have had regard to the EDPB Guidelines 07/2020 in consideration of this issue. In particular, I note that the EDPB Guidelines clarify that an assessment of controllership, or indeed joint controllership, is a factual assessment.200 This is because the concept of a controller is a functional concept, which aims to “allocate responsibilities according to the actual roles of the parties”.201 263. I note the view of the EDPB where it states “the concepts of controller and processor are also autonomous concepts in the sense that, although external legal sources can help identifyingwho is a controller, it should be interpreted mainly according to EU data protection law”.202 198 Canon 375 defines bishops as, inter alia, “ministers of governance” 199 Canons 391 §1, 391 §2, 392 §1, 392 §2, 393, 369, 375 §1. 200 Opinion of Advocate General Mengozzi, paragraph 68 in Case C-25/17 Jehovan todistajat, ECLI:EU:C:2018:57 – “excessive formalism would make it easy to circumvent the provisions of Directive 95/46 and that, consequently it is necessary to rely upon a more factual than formal analysis in order to assess whether the religious community plays an effective role in determining the objectives and practical means of processing” 201 EDPB Guidelines 07/2020, paragraph 12. 202 EDPB Guidelines 07/2020, paragraph 13. 264. The EDPB Guidelines 07/2020 state that in order to identify the controller in respect of certain personal data: “One should look at the specific processing operations in question and understand who determines them by first considering the following questions: "why is this processing taking place?” and “who decided that the processing should take place for a particular purpose?”203 265. This involves analysis of the person or persons who ultimately determines the purposes of processing. 266. The EDPB Guidelines 07/2020 also note that with respect to the means of processing, a controllermust determine the essential rather than the non-essentialmeans of processing. The EDPB notes that essential means are: “closely linked to the purpose and the scope of the processing, “Essential means” are means that are closely linked to the purpose and the scope of the processing, such as the type of personal data which are processed (“which data shall be processed?”), the duration of the processing (“for how long shall they be processed?”), the categories of recipients (“who shall have access to them?”) and the categories of data subjects (“whose personal data are being processed?”)”.204 267. The EDPB Guidelines 07/2020 also confirm that a controller must decide on both the purposes and the means of processing.205 Legal Analysis: Joint Controller: Preliminary Points 268. The DPC has also considered whether a joint controllership exists over the personal data contained within the relevant Baptism Registers. Joint controllers are defined under Article 26(1) of the GDPR as two or more controllers, which “jointly determine the purposes and the means of processing”. To identify a joint controller relationship, the DPC considers the EDPB Guidelines 07/2020 and the case law of CJEU. 269. The EDPB Guidelines state “[j]oint controllership exists when entities involved in the same processing carry out the processing for jointly defined purposes. This will be the case if the entities involved process the data for the same, or common, purposes”.206 203 EDPB Guidelines 07/2020, paragraph 20. 204 EDPB Guidelines 07/2020, paragraph 40. 205 EDPB Guidelines 07/2020, paragraphs 35, 36. 206 EDPB Guidelines 07/2020, paragraph 59. 270. The EDPB Guidelines further state: “Joint participation in the determination of purposes and means implies that more than one entity have a decisive influence over whether and how the processing takes place. In practice, joint participation can take several different forms. For example, joint participation can take the form of a common decision taken by two or more entities or result from converging decisions by two or more entities regarding the purposes and essential means”.207 271. The EDPB sets out that a common decision in this context means “deciding together and involves a common intention in accordance with the most common understanding of the term “jointly” referred to in Article 26 of the GDPR”.208 272. Converging decisions are defined by the EDPB as follows: “Decisions can be considered as converging on purposes and means if they complement each other and are necessary for the processing to take place in such manner that they have a tangible impact on the determination of the purposes and means of the processing”.209 273. The EDPB also notes that an important criterion in identifying a converging decision between joint controllers is “whether the processing would not be possible without both parties’ participation in the purposes and means in the sense that the processing by each party is inseparable, i.e. inextricably linked”.210 274. Recent CJEU case law has interpreted the concept of a joint controller broadly. As confirmed by the CJEU in C-210/16 Wirtschaftsakademie, joint responsibility does not require the parties to have access to the personal data concerned.211 In Wirtschaftsakademie, it was also noted by the CJEU that: “existence of joint responsibility does not necessarily imply equal responsibility of the various operators involved in the processing of personal data. On the contrary, those operators may be involved at different stages of that processing of personal data and to different degrees, so that the level of responsibility of each of them must be assessed with regard to all the relevant circumstances of the particular case”.212 275. This was also affirmed by the CJEU in C-25/17 Jehovan todistajat.213 207 EDPB Guidelines 07/2020, paragraph 54. 208 EDPB Guidelines 07/2020, paragraph 55. 209 EDPB Guidelines 07/2020, paragraph 55. 210 EDPB Guidelines 07/2020, paragraph 55. 211 C-210/16 Wirtschaftsakademie, paragraph 38. 212 C-210/16 Wirtschaftsakademie, paragraph 43. 213 C-25/17 Jehovan Todistajat, paragraph 66. 276. The CJEU also noted in its judgment for case C-40/17 Fashion ID that “it appears that a natural or legal person may be a controller, within the meaning of Article 2(d) of Directive 95/46 jointly with others only in respect of operations involving the processing of personal data for which it determines jointly the purposes and means”.214 Legal Analysis: Data Processing Agreements 277. As a further preliminary matter, I have considered the two template data processing agreements which the Archbishop provided during the course of the Inquiry, the 2016 data processing agreement (‘the 2016 DPA’) and the 2019 data processing agreement (‘the 2019 DPA’) (together the ‘DPAs’). These DPAs were agreed between the parish priest for each parish and the Archbishop. 278. In respect of the DPAs, I have had regard to the EDPB Guidelines 07/2020, which states in particular that: “the legal status of an actor as either a “controller” or a “processor” must in principle be determined by its actual activities in a specific situation, rather than upon the formal designation of an actor as being either a “controller” or “processor” (e.g. in a contract). This means that the allocation of the roles usually should stem from an analysis of the factual elements or circumstances of the case and as such is not negotiable”.215 279. I have reviewed the DPAs and am of the view that the DPAs are not determinative in indicating the roles that the Archbishop and the parish priests play in respect of the processing of the personal data and special category personal data contained in the Baptism Registers for the purposes of data protection law. 280. First, the 2016 DPA designates the Archbishop as the processor and the parish priests, as listed in the Schedule, as controller. This is similarly set out in the 2019 DPA. I note that the 2016 DPA refers to the duties of inspection and oversight (canons 535 and 1276) placed on the Archbishop in recitals A and B. Recital B notes that “In ease of enabling the Archbishop of Dublin to comply with the requirements of the Code of Canon Law, in particular but not limited to Can. 535 and Can. 1276, the Parties desire to enter into this Agreement.” 281. In general, recitals of an agreement tend not to contain operative provisions, but assist in the interpretation of the operative provisions. Typically, recitals do not override the operative provisions of an agreement. The 2016 DPA makes clear that the recitals form part of the agreement within the definition of “Agreement”. 214 C-40/17 Fashion ID, paragraph 74. 215 EDPB Guidelines 07/20, paragraph 12. 282. Recital D of the 2016 DPA states: “The Archbishop of Dublin, acting as Data Processor, provides a range of management and support services to each Data Controller, including but not limited to, shared services support in areas such as education, finance and communications, property, chancellery, human resources, investment portfolio management and advice, pastoral relationship management, accounting services and regulatory compliance and reporting services (the “Purpose”).” 283. Clause 3 of the 2016 DPA sets out the obligations of the Data Processor (the Archbishop) under the agreement. Clause 3.2.1 requires that the Data Processor will “only deal with and process the Relevant Personal Data for the Purpose of, and subject to, the instructions received from the Data Controller and in compliance with this Agreement”. 284. The “Relevant Personal Data” is defined in Clause 1.1 of the 2016 DPA as “Personal Data controlled by the Parish Priest in relation to a Parish including, but not limited to Personal Data relating to, the parishioners of a Parish”. 285. It is not clear to the DPC what involvement the Archbishop’s duties of oversight and inspection have regarding his purported role as a processor under this agreement. Neither of these duties are encompassed under the defined “Purpose” of the 2016 DPA and are referred to only in the recitals as opposed to the operative provisions. In any event, I am not convinced that a duty of oversight and inspection conferred on the Archbishop independently by Canon Law could, in practice, be executed by the Archbishop acting as a processor, on the instruction of the parish priest. 216 In such circumstances, the Archbishop could not properly fulfil such oversight without using his own discretion. 286. On that basis, it is my view that the 2016 DPA does not adequately demonstrate that, with respect to the processing of personal data and special category personal data in the Baptism Registers, the Archbishop acts as a processor regarding his duties of inspection and governance. Indeed, the “Purpose” in the 2016 DPA is confined to matters, which do not touch on these functions. The 2016 DPA limits the Archbishop’s role as a processor to the “Purpose” and limits the Archbishop’s obligation under this agreement to take instruction from the parish priest as a controller in respect of the “Purpose” only. 287. Second, the 2019 DPA is also an agreement between the parish priest and the Archbishop purportedly in the roles of controller and processor respectively. The 2019 DPA seeks to comply with changes introduced by the GDPR. The Archbishop’s roles of oversight, governance and inspection are referred to in the recitals only, similarly to the 2016 DPA, and are not brought into the operative provisions of the agreement. 216 In paragraph 11 of the 1 February 2023 Submissions, the Archbishop clarified in relation to this paragraph that the Parish Priest is also bound by obligations and duties under Canon Law. 288. Recital D of the 2019 DPA refers to the “Services” as being: “A range of management and support services to each Controller, including but not limited to, shared services support in areas such as education, finance and communications, property, chancellery, human resources, investment portfolio management and advice, pastoral relationship management, accounting services and regulatory compliance and reporting services (the “Services”)” 289. Recital E of the 2019 DPA states: “The Data Controller may provide the Processor (and the Processor Personnel) with Relevant Personal Data and the Processor (and the Processor Personnel) may process Relevant Personal Data on behalf of the Controller for the purpose of providing the Services.” 290. Clause 3 of the 2019 DPA sets out the details of the processing activities: “[t]he subject-matter and duration of the processing carried out by the Processor on behalf of the Controller together with the nature and purpose of the processing, the type of personal data and categories of data subjects are described in Schedule 2, which forms an integral part of this Agreement”. 291. Clause 4 of the 2019 DPA specifies, as required by Article 28(3)(a) of the GDPR, that “the Processor shall only Process the Relevant Personal Data on the written instructions of the Controller”, unless required by law to do otherwise. Relevant Personal Data is defined in Clause 1.1 of the 2019 DPA as “Personal Data controlled by the Parish Priest in relation to a Parish including, but not limited to Personal Data relating to, the parishioners of a Parish, as set out in Schedule 2”. 292. Clause 2 of the 2019 DPA sets out that the “[t]he Processor may process Data to the extent necessary to provide the Services to the Controller” only. Schedule 2 of the 2019 DPA also sets out that the data processed by the processor concerns a number of categories of data subjects, including “individuals participating in ceremonies or rites conducted by the Controller (marriages, baptisms, confirmations etc)”. 293. Similar to the 2016 DPA, the activities for which the Archbishop acts as a processor under the 2019 DPA does not encompass his roles of oversight and inspection, though these are mentioned in the 2019 DPA at Recital A. The 2019 DPA clearly states that the Archbishop may process the personal data only for providing “the Services to the Controller”, and this must be on the written instructions of the parish priest. On consideration of the above, the DPC finds it difficult to see how the Archbishop’s inspection and oversight roles could be encompassed by the Services of the 2019 DPA, as processing activities delegated to a processor. 294. The Archbishop does not in practice take instruction from the parish priest on the manner in which he conducts his inspections, or his obligations under canon 1276, and it seems to the DPC that taking any such instructions would be contrary to the duty of oversight and inspection placed on him by Canon Law in any event. While the 2019 DPA seeks to demonstrate that this is the case, it limits itself to the provision of the Services only, even in circumstances where the categories of data subjects included seeks to cover those who have participated in ceremonies or rights. The actual role of the Archbishop, in my view would not entail taking instruction from the parish priest with respect to functions under canon 535 and canon 1276, and even if it did, the 2019 DPA does not adequately capture such processing activities. 295. Therefore, the DPC does not accept the 2016 DPA or the 2019 DPA as evidence, which reflects the actual role the Archbishop plays in relation to the processing of the personal data and the special category personal data contained in any of the Baptism Registers. The DPAs may on paper designate the role of processor to the Archbishop, however, considering the concept of a ‘controller’ and ‘processor’ as functional concepts,217 functionally the DPAs do not encompass the actual role the Archbishop plays when it comes to the processing of the personal data and special category personal data in the Baptism Registers. 296. In coming to this conclusion, I have regard in particular to the EDPB Guidelines 07/20 which state that: “It may also be that the contract contains an explicit statement as to the identity of the controller. If there is no reason to doubt that this accurately reflects the reality, there is nothing against following the terms of the contract. However, the terms of a contract are not decisive in all circumstances, as this would simply allow parties to allocate responsibility as they see fit. It is not possible either to become a controller or to escape controller obligations simply by shaping the contract in a certain way where the factual circumstances say something else. If one party in fact decides why and how personal data are processed that party will be a controller even if a contract says that it is a processor”.218 297. Therefore, I have formed the view that the DPA Agreements do not establish, for the purposes of data protection law, that the Archbishop is a data processor or that the parish priest is a controller, but that the Archbishop has a role to play as a data controller regarding the processing of personal data contained within the Baptism Registers. As to whether the Archbishop is sole controller or joint controller with the parish priest depends on the processing activities involved with the Baptism Registers. Identification of the relevant Baptism Registers 298. In order to examine whether the Archbishop, alone or jointly with others (such as the parish priest), determines the purposes and means of processing of the personal data and special category personal data contained in the Baptism Registers, it is necessary for the DPC to look at the various Baptism Registers separately. 217 EDPB Guidelines 07/2020, paragraph 12. 218 EDPB Guideline 07/2020, paragraphs 28, 29. 299. The Baptism Registers will be considered separately within the context of the relevant processing activities. The three registers that form the Baptism Registers are the Parish Baptism Registers, Clonliffe College Register and the Adopted Persons Register. Parish Baptism Registers 300. The Parish Baptism Registers consist of the Baptism Registers which are held within each parish of the Archdiocese, according to canon 535 §1. The content of the Parish Baptism Registers is set out in various provisions of the Code of Canon law, such as canon 535 §2 and canon 877 §1. Clonliffe College Register 301. The Clonliffe College Register consists of the register of baptisms for baptisms that took place in Holy Cross College, Clonliffe, dating between 1913 and 1999. This register is held in the Chancellery Office, though the Archbishop submits that it should be properly held in the parish of NorthWilliam Street in which the former seminary Clonliffe College was located. The content of the Clonliffe College Registers is set out in various provisions of the Code of Canon Law, such as canon 535 §2 and canon 877 §1. Adopted Persons Baptism Register 302. The Adopted Persons Baptism Register is a central baptism register for all adopted children (adopted after baptism). Between 1982 and 2011, it recorded the details of an adopted child and of their baptism, as sent by the Adoption Board to the Archdiocese. The Adopted Persons Baptism Register is ordered by the date of receipt of notifications from the Adoption Board, not by order of date of baptism, as are the Parish Baptism Registers and the Clonliffe College Registers. This register was recorded by the Chancellery and is held in the Chancellery Office on behalf of the Archbishop. Identification of the Relevant Processing Activities for the purposes of this Inquiry 303. In addition to retention, the Archbishop has indicated that the following processing activities take place regarding the Baptism Registers: Collection and recording of data for the purposes of recording the baptism; Storage of the Baptism Register Alteration of the Baptism Register on request of the baptised person or his/her parents (where the baptised person is a minor), or annotation with details of a person’s confirmation, marriage/annulment and ordination/laicisation (or adoption); Retrieval, consultation and use of the Baptism Register, at the request of the baptised person for the administration of other Sacraments, namely Confirmation, Marriage and Holy Orders. The Baptism Register may also be consulted in the context of annulments of marriages or laicisation of priests; and Disclosure of extracts (baptismal certificates) from the Baptism Register by transmission upon request to individual, identified baptised persons, or authorised persons acting on their behalf, or upon inspection by the Archbishop on the occasion of a Parish Visitation.219 304. In case C-40/17 Fashion ID, the CJEU stated, “the processing of personal datamay consist in one or a number of operations, each of which relates to one of the different stages that the processing of personal data may involve”.220 As such, I consider that the relevant processing activities as they relate to this Inquiry are the retention (retention and storage), erasure (deletion) and rectification (annotation/special annotation) of personal data contained within the various Baptism Registers. 305. Further, as the subject of this Inquiry relates primarily to rectification and erasure, I have considered the processing activity of collection and recording of personal data in the Baptism Registers because all other data processing activities flow from that point. I am of the opinion that it is not necessary to examine all possible processing activities as they are not relevant for the purposes of this Inquiry. I also consider it necessary to identify whether the Archbishop is a controller or joint controller of the personal data for such processing activities as identified and which are relevant for the purposes of this Inquiry. 219 Submissions dated 6 September 2021, pages 2-3. 220 C-40/17 Fashion ID ECLI:EU:C:2019:629, paragraph 72. 306. The Archbishop also noted that in circumstances where “a person no longer wishes to be identified as a member of the Catholic Church, the only processing activity likely to continue is the storage of the baptism register”.221 However, the Archbishop also submitted that “[e]xceptionally, the entry in respect of that person may be retrieved, consulted and disclosed in rare circumstances where the person concerned or his/her spouse has requested an annulment (ie within the Church and not an annulment under civil law), or the even rarer circumstances where the person concerned is a priest and wishes to be laicised”. I am not convinced that these statements cover all possible processing activity of the personal data belonging to the data subject.Whether or not a person no longer wishes to be identified as a member of the Catholic Church, the personal data and special category personal data stored on the Baptismal Register in relation to that person remains accessible for disclosure to the parish priest who retains it, and is readily available when accessing any other records on that page of that volume. Collection and Recording The Archbishop 307. The Archbishop is considered the representative at law for the Archdiocese of Dublin, which is not a distinct legal person in its own right, though both dioceses and parishes have distinct juridical personality under Canon Law. The Archbishop is autonomous in the Archdiocese and is accountable directly to the Holy See.222 The Archbishop has control over the day-to-day management of the Archdiocese, as long as he remains compliant with Canon law.223 In accordance with canon 391 §1, it is for the Archbishop to govern the Archdiocese with “legislative, executive, and judicial power according to the norm of law”. 308. In general, the Archbishop is under an obligation placed on him by canon 473 §1 “to take care that all the affairs which belong to the administration of the whole diocese are duly coordinated and are ordered to attain more suitably the good of the portion of the people of God entrusted to him”. 309. The administration of the diocese “to attain more suitably the good of the portion of the people of God entrusted” to the Archbishop includes the recordings and proper keeping of registers, in my view. This is particularly in light of the Archbishop’s submissions that “[i]t is essential for the administration of the affairs of the Catholic Church tomaintain a register of all people who have been baptised in the Church”224. I am of the view that if the proper recording of relevant sacraments is a core aspect of the administration of the Catholic Church, then it must also be central to the administration of the affairs of the diocese. 221 Submissions dated 6 September 2021, page 2. 222 Paragraph 3.16, Report by Commission of Investigation into Catholic Archdiocese of Dublin (29 November 2009). 223 Ibid. 224 Submissions dated 16 March 2020, page 50. 310. Canon 515 §1 and canon 519 also provide thatwhile a parish is entrusted to a pastor, it is “under the authority of the diocesan bishop”. Passage number 221 of the Directory for the Pastoral Ministry of Bishops (2004) states that the “weight of responsibility to govern the diocese falls squarely on the shoulders of the Bishop”.225 311. Canon 396 §1 places an obligation on the Archbishop to make a visitation to the parishes of the Archdiocese. During his visitation, the Archbishop has stated that he is to: “examine the administration and maintenance of the parish, including places of worship, liturgical vessels and appointments, parish registers and other goods. Nevertheless, some aspects of this task may be left to the Vicars forane or other suitable clerics (683) just before or after the visit, so that the Bishop can concentrate on personal meetings during the visit itself, as befits a true Shepherd (684)”.226 312. Though the Archbishop stated in his submissions that the emphasis is on the pastoral nature of the visitation, the original text of the above passage from number 221 of the Directory for the Pastoral Ministry of Bishops (2004), places an italicised emphasis on the words “administration and maintenance”, not evident in the excerpt included in the Archbishop’s submission.227 313. The Archbishop had also submitted that a power of inspection exists under canon 535 §4, allowing him to inspect Baptism Registers during the course of a visitation. In practice, this entails the Archbishop looking at the last entry of the register and checking that the register is up-to-date.228 314. Following a visitation, the Archbishop is to prepare a report of the visit, which can include “offering recommendations for certain improvements in the life of the parish, with special reference to the state of divine worship, pastoral work and any other important initiatives”.229 315. Further, canon 1276 §1, places a responsibility on the Archbishop to “exercise careful vigilance” over the administration of all goodswhich belong to public juridic persons subject to him (which would include the parishes of the Archdiocese). 225See https://www.vatican.va/roman_curia/congregations/cbishops/documents/rc_con_cbishops_doc_20040222_apostoloru m-successores_en.html. 226 Page 12, 15 October 2020 Submission, with reference to the Directory for the Pastoral Ministry of Bishops (2004) no. 221. 227See https://www.vatican.va/roman_curia/congregations/cbishops/documents/rc_con_cbishops_doc_20040222_apostoloru m-successores_en.html. 228 Page 7, 16 March 2020 Submission. 229 Directory for the Pastoral Ministry of Bishops (2004) no. 224: This was also submitted by the Archbishop in the 15 October 2020 Submission. 316. The Guidelines (The Directives and Guidelines for Sacramental and Pastoral Practice) also set out specific guidance on the collection and recording of personal datawhen recording a baptism in particular or unusual circumstances, for example, in section 1.6, “The Child of a CivillyMarried Couple”230. With respect to the Guidelines, the Archbishop submitted that: “[i]n cases where the Directives or Guidelines are not followed, further action can be taken against the priest who deviates from them, but only where the deviation relates directly to a particular canon in the Code of Canon Law, or a particular element of civil law”.231 317. In determining the controllership status of an entity or individual, consideration must be given as to whether the Archbishop determines the purpose and means of processing. 318. The obligation to collect and record personal data at the time of baptism emanates from Canon Law. Some sacraments are only administered once, and only if one is baptised. As such, it is essential, according to the Archbishop, tomaintain a record of all those persons who have been baptised232 as this keeps a record of “the administration of certain sacraments in the Church”233 which is “essential for the administration of the Church”.234 319. The Archbishop is obliged under canon 473 §1 “to take care that all the affairs which belong to the administration of the whole diocese are duly coordinated and are ordered to attain more suitably the good of the portion of the people of God entrusted to him”. The parishes of the Archdiocese are under the authority of the Archbishop further to canons 515 §1 and 519. As such, I am satisfied that the Archbishop has a practical duty of oversight regarding the administration of the Archdiocese and exercises authority over the parishes of the Archdiocese. This, in my view, includes matters “essential for the administration of the Church” such as the recording of baptisms. 320. The Archbishop submitted that any obligations placed on the parish priest to keep records of sacraments administered are “imposed on Parishes and Parish Priests as amatter of canon law. They are not imposed on the Parish Priest by ArchbishopMartin”235. I accept that the Archbishop does not set the obligation in Canon Law for the parish priest to collect and record data relating to baptisms. However, in my view, the Archbishop still plays a central role in overseeing the execution of these duties, in addition to enforcing those interpretations of Canon Law among the parishes that he oversees. The Archbishop submitted, “the Archbishop (through the Chancellery) disseminates guidance, this is to assist in the interpretation of canon law”.236 Further, the Archbishop is in a position to promulgate norms, which take on the force of Canon Law, and as such is in a position to steer and augment Canon Law obligations placed on the parish priest, which form the basis of the purposes of processing for this processing activity. 321. The Archbishop plays a significant role in determining the purpose of processing for the collection and recording of the data for the Baptism Registers by virtue of his administrative function and his oversight of the duties and obligations placed on the parish priest. 230 Page 10, Schedule accompanying the 15 October 2020 Submission. 231 Page 15, 15 October 2020 Submission. 232 Page 34, 16 March 2020 Submission. 233 Page 34, 16 March 2020 Submission. 234 Page 23, 15 October 2020 Submission. 235 Page 4, 16 March 2020 Submission. 236 Page 11, 16 March 2020 Submission. 322. In the case of the Adopted Persons Baptism Register and the Clonliffe College Register, I am of the same view, that the Archbishop plays a central role in determining the purposes of processing with respect to collection and recording of data relating to a baptism. Although the personal data and special category personal data contained in the Adopted Persons Baptism Register is also contained in a separate Parish Baptism Register, this does not alter the position that the Archbishop (occasionally also via the Irish Episcopal Bishop’s Conference) steers the purpose of the collection and recording as he sees fit and exerts influence on the purposes of the processing. The Clonliffe College Register, may, for the purposes of the above discussion, be assessed in the same manner as a Parish Baptism Register; I accept that the Archbishop exerts influence over the Clonliffe College Register in the same manner as that of a Parish Baptism Register for the processing activities of collection and recording. This is because the former seminary of Clonliffe College, which collected and recorded the personal data, had juridic personality in its own right within the Archdiocese, much like a parish does. 237 323. The Archbishop, by enforcing Canon Law and providing guidance, norms, recommendations and issuing precepts to individuals in the parishes in his Archdiocese,238 as well fulfilling his duties of governance and oversight, defines the parameters through which the personal data and special category personal data of those who are baptised is collected and recorded. 324. Canon 391 states that “It is for the diocesan bishop to govern the particular church entrusted to him with legislative, executive, and judicial power according to the norm of law... He exercises legislative power himself. He exercises executive power either personally or through vicars general or episcopal vicars according to the norm of law. He exercises judicial power either personally or through the judicial vicar and judges according to the norm of law.” My view is that the Archbishop may decide certain key elements about the purposes of personal data processing in his diocese through his exercise of those functions of the Canon Law. 325. The Archbishop’s power of inspection has been set out above. The Archbishop also submitted that the “purpose of this superficial inspection is not to ascertain the information contained in the registers, rather it is to ensure that the registers are being maintained by the Parish Priest as he is obligated to do in his Parish according to canon law”.239 326. I note that it is within the competence of the Archbishop to determine the extent and depth of the inspection, whether superficial or otherwise, however, this does not negate the power of inspection the Archbishop holds, regardless as to how he wishes to implement that power. 327. Following a visitation and inspection, the Archbishop writes a report to the parish priest containing recommendations for improving practices if necessary. The Archbishop has stated that, though these recommendations are “likely to be taken seriously by the Parish Priest”, there is “no power on the part of the Archbishop to compel compliance with specific recommendations”. 237 Canon 238 §1. 238 As per submissions of 1 February 2023, paragraph 13. 239 Ibid. 328. The Archbishop may not have an express power under Canon Law that compels compliance with the recommendations of his report following visitation and inspection; however, in practice the Archbishop exerts significant factual influence240 over the parish priest. In addition, the Archbishop has a number of other powers conferred by Canon Law, which allow him to exert decisive influence241 on the parish priest. In this way, the Archbishop operates an effective decision-making power242 over the means of processing. 329. The Archbishop did concede that “a priest’s ministry is dependent upon that of his bishop, and every priest promises respect and obedience to his bishop at ordination”. However, the Archbishop asserted: “it is a common mistake to think of a parish priest as a kind of ‘branch manager’ or ‘tenant farmer’ of a bishop”. The Archbishop also acknowledged that a bishop is “free to establish policies for all Parishes in his diocese provided that they do not conflict with universal canon law or divine law”.243 330. I note in particular the priests’ duty of obedience to their bishop, based on canon 273, which states: “[c]lerics are bound by a special obligation to show reverence and obedience to the Supreme Pontiff and to their own ordinary”. At ordination, a priest is required to take an oath of obedience as they are asked by their bishop “Do you promise respect and obedience to me and my successors?”244 to which the priest responds, “I do”.245 I also note246 that norms published and promulgated by the Archbishop take on the force of Canon Law, and must be obeyed by the parish priests of the Archdiocese.247 240 See paragraph 25, EDPB Guidelines 07/2020. 241 Paragraph 78, C-40/2017 Fashion ID. 242 See paragraph 20, EDPB Guidelines 07/2020. 243 Page 16, 15 October 2020 Submission. 244 Paragraph 3.28 Murphy Report. 245 Page 1, Obedience to the bishop by the diocesan priest in the 1983 Code of Canon Law by Francis James Schneider J.C.D., dissertation, 1990, Catholic University of America. 246 A statement in the Draft Decision (that canonical obedience was restricted to matters prescribed in Canon Law) was removed on foot of Submission of 1 February 2023 paragraph 6. 247 See for example canon 491 §3 “In order to inspect or remove the acts and documents mentioned in §§1 and 2, the norms established by the diocesan bishop are to be observed”. 331. Any recommendations in a report following a visitation and inspection, which may seek to change the means by which the parish priest is collecting and recording data to record a baptism, are framed by the Archbishop as recommendations only. However, it is clear that the oath of obedience placed on a parish priest to his diocesan bishop will create an expectation in practice that the parish priest will obey any such recommendations. The submissions of 1 February 2023 dispute this view, on the basis that any such guidelines have “no compelling force”, as they “have not been promulgated by the Archbishop according to Canon Law.” The absence of compelling force in a bishop’s instructions do not convinceme to altermy conclusion that in practice, the oath of obedience will create an expectation that parish priests obey recommendations of their diocesan bishops. 332. I remain of the view that any policy put in place by the Archbishop for the parishes of the Archdiocese are likely to be complied with by parish priests, based on each parish priest’s duty of obedience. Although the Archbishop has argued: “[w]hile the Archbishop (through the Chancellery) disseminates guidance, this is to assist in the interpretation of canon law. The Archbishop does not impose these requirements on the Parish”,248 the DPC respectfully rejects the implication that the Archbishop is not aware, when disseminating such guidance, of the decisive influence his policies will have over the actions of parish priests in the Archdiocese. 333. Furthermore, the Archbishop, possessing executive power, can issue instructions to the parish priest to clarify Canon Law and to set out the manner in which it should be observed.249 This would allow the Archbishop to clarify the obligations of the parish priest to collect and record the data relating to a baptism under canon 535 and under canon 877. In this regard, I note that canon 138 states: “ordinary executive power as well as power delegated for all cases must be interpreted broadly”. 334. The Archbishop also has the power to issue precepts under canon 35 and canon 49.250 A precept may be issued in respect of a particular priest. The issuing of a precept enables the Archbishop to make a ruling of sorts on what that priest is permitted to do, even in circumstances where the priest may in the ordinary course make decisions as to the running of the parish. The Archbishop has confirmed that this is the case, stating that he does have the “authority to oblige any priest or member of the faithful to do, or not to do, a particular thing he may determine to be detrimental to the wider community. He can do this through a “precept”, a kind of canonical injunction directed at a specific person or situation”251. It is my view that such a power allows the Archbishop to effectively override any decisions or actions of the parish priest in respect of processing personal data in the Baptism Registers, if he so wishes. 248 Page 11, 16 March 2020 Submission. 249 Canon 34 and canon 1276 §2. 250 Canon 35 states that “A singular administrative act, whether it is a decree, a precept, or a rescript, can be issued by one who possesses executive power within the limits of that person’s competence, without prejudice to the prescript of can. 76, §1”and canon 49 states that “A singular precept is a decree which directly and legitimately enjoins a specific person or persons to do or omit something, especially in order to urge the observance of law”. 251 Page 17, 15 October 2020 Submission. 335. It is also necessary to consider whether the Archbishop is in a position to determine the essential rather than the non-essential means of processing with respect to the collection and recording of data for the purposes of recording a baptism. As stated by the EDPB, the essential means of processing are closely linked to the purpose and the scope of processing, such as “the type of personal data which are processed (‘which data shall be processed?’), the duration of the processing (‘for how long shall they be processed?’), the categories of recipients (‘who shall have access to them?’) and the categories of data subjects (‘whose personal data are being processed?’)”.252 336. For the purposes of collecting and recording, the Archbishop has oversight over the affairs of the parishes in his Archdiocese, which includes what data shall be processed by collection and recording a baptism entry.253 The Archbishop’s power of inspection, derived from canon 535 §4, allows him to provide recommendations to the parish priest with respect to the Parish Baptism Registers and how they have been recorded.While the Archbishop has asserted that he has no power to compel compliance from the parish priest with such recommendation, they are “likely to be taken seriously by the Parish Priest”.254 I am satisfied that it is reasonable to assume that in practice the relationship between the Archbishop and the parish priest is such that the recommendations are more likely than not to be followed by the parish priest, which is largely due to the oath of obedience to his bishop taken by the parish priest on ordination. 337. With respect to the Clonliffe College Register, though the Archbishop does not in practice exercise his power of inspection over this register as it is housed in the Chancellery Office rather than a parish, he can still exercise his power to do so. The Archbishop is in a position to exert material influence on the means of processing with respect to the Clonliffe College Register notwithstanding that it is not held within a parish but in the Archbishop’s House itself. 338. With respect to the Adopted Persons Baptism Register, I am of the view that the Archbishop directly and solely influenced the collection and recording of this register held in the Chancellery Office also on behalf of the Archbishop. The Archbishop solely determined the means of processing with respect to the collection and recording for this register, in particular, the type of personal data recorded (the personal data which was provided on the notifications from the Adoption Board), and the categories of data subjects whose personal data was included in the Adopted Persons Baptism Register. 252 Paragraph 40, EDPB Guidelines 07/2020. 253 Canon 473 §1, canon 1276 §1. 254 Page 12, 15 October 2020 Submission. 339. As such, while the source of the Archbishop’s authority to exercise control may be Canon Law, it ismy view that the Archbishop, in practice, determines the purposes andmeans of processing of the personal data and special category personal data in the Baptism Registers. The submissions of 1 February 2023 contest this view, stating that “the purpose of processing of the personal data and special category personal data contained in the Baptism Registers is determined by Canon Law, which the Archbishop plays no role in initiating. Further, the Archbishop does not prescribe the means of recording or collecting personal data or special category personal data in the Baptism Registers.” I note that although canon 535 §1 states that “the pastor is to see to it that these registers are accurately inscribed…”, the earlier sentence in that same canon states that “Each parish is to have parochial registers… as prescribed by the conference of bishops or the diocesan bishop.” On the basis of this Canon and the reasoning set out earlier in this section of the Decision, I remain of the view that the Archbishop exerts a de facto influence over the activity of collecting and processing the personal data and so is a controller. 340. Although the Archbishop has argued that his ““power of investigation” “does not mean that he initiated or caused the processing to happen”, 255 it is my view that given the right to visitation and inspection conferred on the Archbishop,256 and his responsibility for governance and oversight of the parishes of the Archdiocese, that the Archbishop has a central role in determining the manner, purpose and means of the collection and recording of the personal data contained within the Baptism Registers, to such a degree as to be identified as a data controller. Controllership: Collection and Recording: The Parish Priest 341. The parish priest is under an obligation, further to canon 535 and canon 877, to collect and record certain personal data when recording a baptism and other sacraments257. Canon 535 §1 states “the pastor is to see to it that these registers are accurately inscribed and carefully preserved”. Canon 877 §1 prescribes the personal data which must be recorded by the parish priest “without delay”. 342. Canon 515 §1 states that a parish is entrusted to a parish priest “as its proper pastor (pastor) under the authority of the diocesan bishop”. In general, the parish priest has also been conferred a governance role over his parish via his office, further to canon 131 §1. In accordance with canon 519, the parish priest is entrusted with, “exercising the pastoral care of the community” and carrying out the “functions of teaching, sanctifying, and governing”. 343. Certain functions are also “especially entrusted” to the parish priest in accordance with canon 530. One of these functions is “the administration of baptism”. In accordance with canon 532, the parish priest represents his parish in all juridic affairs and is to “take care that goods of the parish are administered according to the norm of _ cann. 1281-1288”. 255 Page 11, 16 March 2020 Submission. 256 Submissions dated 15 October 2020, page 12. 257 See further canon 535 §2. 344. The Archbishop has submitted that the parish priest is “responsible for all applications and activities concerning the baptismal register” including “the creation of the original, handwritten, record of baptism”258. Further, the Archbishop submitted that: “[t]he Parish Priest is the one responsible for the collection of the data in the first instance, it he who arranges the sacrament of baptism and he who manages the making of the record in the register. The data in the baptism register exists because the Parish Priest has permitted the baptism to take place in his Parish”259. 345. I accept that the parish priest is obliged under Canon Law, in particular canon 535 and canon 877, to collect and record certain details relating to baptisms (and certain other sacraments) in registers. The DPC also accepts that “the parish priest governs the parish with the ordinary power which comes from his office as exercised under the authority of the Archbishop pursuant to canon 131 §1 and canon 515 §1.”260 Therefore, the DPC also accepts that the parish priest has a degree of autonomy as to the governance and administration of his parish, including the manner in which he executes the duties and obligations placed on him by Canon Law. 346. As previously stated in this Decision, the purpose for which the personal data of data subjects is collected and recorded is because it is central to the administration of the Church. As the sacrament of baptism can only be administered once, it is necessary to collect and record certain details relating to the baptised person in the Baptism Registers. 347. It is the view of the DPC that the parish priest has the ability to determine the purpose for which personal data are collected and recorded in the Baptism Registers. The parish priest may undertake his obligations under Canon Law in such a way as to collect and record, for example, more personal data and special category personal data than is strictly necessary under Canon Law. 348. I am of the view that the parish priest has discretion as to the means he uses to collect and record the personal data and special category personal data in the Parish Baptism Register. Neither Canon Law nor the Archbishop have prescribed all the means by which the personal data is collected, though certain requirements are in place surrounding the type of personal data which are processed and the categories of data subjects. 258 Page 5, 16 March 2020 Submission. 259 Page 10, 16 March 2020 Submission. 260 Submission of 1 February 2023 at paragraph 17. 349. Canon Law requires the recording of certain information as per canon 877; however, this does not preclude the parish priest from recording additional information or choosing his preferred format for recording the hardcopy Parish Baptism Register. I note that the submission of 1 February 2023 includes the statement that “the Parish Priest essentially has very little choice in what may be recorded here. Cannon Law requires the Parish Priest of the place of baptism to record the information specified in canon 877 §1 in the Baptismal Register.” 261 This submission does not convince me to alter the views set out in the first sentence of this paragraph. While Canon 877 §1 specifies certain minimum information, the submissions do not dispute that the parish priest can add additional information to the register. Further, the parish priest may also determine the essential means of processing of the personal data, via collection and recording, by the use electronic forms of indexing and recording the entries. The parish priest may choose the types of personal data processed in this way, the duration of such processing and the categories of data subjects whose personal data is processed. The option to use electronic means is envisaged in Appendix 3 to the Guidelines, as published by the Chancellery, which sets out requirements for “the Secure Maintaining of Duplicate Electronic Sacramental Records in Parishes”, “Software Requirements for Electronic Sacramental Records” and “Scanning of Parish Registers”. I am of the view that the use of these means, while envisaged as a possibility by the Archbishop, is not prescribed and it is for the parish priest himself to determine whether to process the personal data and special category personal data by electronic means. 350. As such, I am satisfied that the parish priest, in the case of the Parish Baptism Registers, determines the means of processing to such an extent as to include essential means of processing. Consequently, I am of the view that the parish priest exerts a decisive influence over the processing activities contained in the Parish Baptism Register by reference to the collection and recording of personal data in those Registers. Conclusion: Controller of Collection and Recording Parish Baptism Register 351. I am satisfied that both the Archbishop and the parish priests engage in controllership decisions relating to the collection and recording of personal data in the Parish Baptism Registers and are therefore joint controllers. 352. I am satisfied that the processing would not be possible without both parties’ participation in deciding, albeit to different extents, the purposes and means of processing and that the processing by each party is inextricably linked. The DPC reiterates the content of paragraph 38 of the C-210/16Wirtschaftsakademie judgment, and the fact that one of the parties not having access to the personal data processed is not a sufficient reason to exclude the concept of joint controllership. This is relevant within the context of the Parish Baptism Registers whereby the Archbishop does not have day-to-day access to them. 261 Submissions of 1 February 2023, [19] 353. Both the parish priests and the Archbishop have obligations under Canon Law, as detailed in sections 191 and 347, which are inextricably linked. Both the decisions of the parish priest and the Archbishop as to how they comply with their obligations determine the purpose of processing which is the recording of the sacrament of baptism to ensure it is only administered once. As previously set out, this is an important tenet in the administration of the Catholic Church. 354. While it is for the parish priest to determine how the personal data and special category personal data is collected and recorded, he must comply with his obligations under canon 535 §1, canon 877 §1 and the guidance of the Archbishop. It is also within the competence of the parish priest to collect additional personal data or record it in an electronic format as well as recording it electronically to create an index. The Archbishop has oversight of the process to ensure that themanner inwhich the personal data is collected and recorded by the parish priest complies with Canon Law, such as whether it is accurately inscribed and diligently preserved.262 The Archbishop is empowered to alter the means of processing used by the parish priest via recommendations in the report sent to the parish following a visitation, via guidance in the Guidelines, or by publishing a norm. The Archbishop can also issue directions via precepts to the parish priests and the parish priests operate under an oath of allegiance to the Archbishop under Canon Law. Therefore, both the decisions of the parish priest and the Archbishop complement each other in determining the means of processing and have a tangible impact on the determination of the means of processing. 355. As such, I am of the view that within the framework of Canon Law, it falls to both the diocesan bishop (the Archbishop in this instance) and the parish priest to determine the purposes and means of processing of personal data in the Parish Baptism Registers in respect of the personal data and special category contained therein. With regard to the personal data collected and recorded in the Parish Baptism Registers, the Archbishop and the parish priests are joint controllers in circumstances where both jointly determine the purposes and means of processing. 262 Canon 535 §1, Canon 545 §4, canon 473, canon 491 §2 and canon 396 §1. Conclusion: Controller of Collection and Recording Clonliffe Parish Register 356. Although the Archbishop has submitted that the Clonliffe College Registers are in fact rightfully Parish Baptism Registers of North William Street Parish, I am of the view that these registers have never been under the practical influence of the parish priest of North William Street. Recorded to “ensure that, in the event that North William Street Parish omitted to record a notification of a conferral of the sacrament which had occurred in Clonliffe College, a record would remain in the place where the sacrament was conferred”263, the parish priest of North William street has not in reality ever had influence over the purpose andmeans of the collection and recording of the personal datawhich is held in the Clonliffe College Registers. In that regard, the Archbishop, being the person who holds the Clonliffe College Registers following the dissolution of the Clonliffe College seminary, and who played and continues to play a role of oversight and governance in the administration of his Archdiocese, is the controller of the personal data contained within it for the processing activity of collecting and recording. Conclusion: Controller of Collection and Recording Adopted Persons’ Baptism Register 357. In respect of the Adopted Persons’ Baptism Register, I am of the view that the Archbishop is the sole controller of the personal data and special category personal data contained within it for all processing activities. 358. The personal data and special category personal data was collected and recorded in the Adopted Persons Baptism Register between 1982 and 2011, by the Chancellery on behalf of the Archbishop. The information contained in this register was provided to the Archbishop by way of notifications received from the Adoption Board. The parishes in which the data subjects were originally baptised did not provide the personal data directly to the Archbishop. 359. Further to Decree 10 of the Irish Episcopal Bishop’s Conference (at which the Archbishop’s predecessor would have had an opportunity to provide his views and input), a centralised baptism register for adopted children was to be kept in each diocese. As such, the obligation to keep this centralised register and all the processing activities flowing from this fell on the Archbishop himself, being the leader of his diocese.264 263 Page 3, 23 July 2021 Submission. 264 Promulgated in Intercom December 1987/January 1988. Decree No. 10 states that “It was decided that a central baptismal register for all adopted children be kept in each diocese. This is to be kept either at the diocesan Curia or in a parish or centre specially designated by the diocesan Bishop for this purpose. It has been agreed that the (civil) Adoption Board would, on the adoption of a child, send to this office all relevant information necessary for the issuing of baptismal certificates”. 360. In order to adhere to this obligation, which he himself would have had influence over at the Irish Episcopal Bishop’s Conference, the Archbishop determines the purposes of processing the personal data contained in the Adopted Persons Baptism Register. As previously stated, the Archbishop is in a position to provide guidance on the interpretation of Canon Law, and issue decrees and norms on behalf of his Archdiocese, and to implement these in whatever manner he sees fit (as long as this adheres to Canon law, divine law and civil law).265 361. The Chancellery has put in place an electronic version of the register also, which indicates the determination of the essential means of processing. The Archbishop also determines, based on the notifications received from the Adoption Board, which types of personal data contained in the notification would be collected and recorded and which categories of data subjects (adopted children) would be entered into the Adopted Persons’ Baptism Register, what duration the processing would take and the possible recipients of the personal data contained in the Adopted Persons Baptism Register. 362. As such, I am of the view that the Archbishop solely influences the collection and recording of this register, which is held in the Chancellery Office also on behalf of the Archbishop. The Archbishop solely determines the means of processing with respect to collection and recording for this register, in particular, the type of personal data recorded (the personal data which was provided on the notifications from the Adoption Board), and the categories of data subjects whose personal data was included in the Adopted Persons Baptism Register. Storage and Retention The Archbishop 363. Baptism Registers are stored and retained for the purposes of maintaining a record of those who have received the sacrament of baptism. These records are essential to the administration of the Catholic Church. 364. Under canon 491 §1, a diocesan bishop is required to “take care that the acts and documents of the archives of cathedral, collegiate, parochial, and other churches in his territory are also diligently preserved and that inventories or catalogs are made in duplicate, one of which is to be preserved in the archive of the church and the other in the diocesan archive.” The requirement of the Archbishop to ensure documents are “diligently preserved”, whether in the various parishes within the diocese or in the Archbishop’s house, mandates that the Archbishop must ensure a particular standard is met according to his own judgment. 365. I am of the view that this demonstrates an element of controllership by the Archbishop, as he is the person with sole competence and discretion in terms of setting the relevant standard. Of note also in canon 491 §1 is the requirement that “catalogs” or “inventories” of archives “of the church” are made and the provision places the responsibility on the Archbishop to ensure this is done. 265 See canon 381§1 and 391§1. 366. Further, canon 491 §3 provides that the Archbishop’s norms must be observed “in order to inspect or remove acts and documents mentioned in §§1 and 2”, being the acts and documents of an archive in the parish or in the Archdiocese. I am of the view that this provision also points to the important role the Archbishop’s norms play in exerting influence on both the purposes and the means of processing the personal data contained in the Baptism Registers, both those held in the Chancellery and the parishes. 367. Canon 1276 §1 also requires the Archbishop to exercise “careful vigilance over the administration of all goods which belong to public juridic persons subject to him without prejudice to legitimate titles which attribute more significant rights to him”. This provision requires the Archbishop to exercise vigilance over the goods of the parishes in his Archdiocese. This would include the storage of the Parish Baptism Registers held in these parishes, the Clonliffe College Registers and the Adopted Persons Baptism Registers in the Chancellery (situated in the Archbishop’s House). As this provision does not define “careful vigilance”, I am satisfied that Canon Law affords the Archbishop discretion as he sees fit in the implementation of this obligation. 368. Further, canon 1276 §2 requires that “ordinaries are to take care of the ordering of the entire matter of the administration of ecclesiastical goods by issuing special instructions within the limits of universal and particular law”. This provision, in the view of the DPC, envisages that the Archbishop will use his discretion in exercising his vigilance and oversight over the Baptism Registers (among other things) to issue special instructions to the juridic personalities in his diocese to order the administration of such goods. 369. As previously set out, I am of the view that any recommendations, instructions, directions and guidance provided by the Archbishop to the parish priests of the Archdiocese, will be likely to be interpreted as a requirement by the parish priest, in light of the oath of obedience to ecclesiastical superiors undertaken by each priest on ordination. The Archbishop has confirmed, “part of the Parish Visitation could include the Bishop, or his delegate, not only inspecting that the registers are kept up to date, but also that they are carefully stored and preserved in the parish”.266 370. As previously set out, under canon 35 and canon 49, the Archbishop has the power to issue singular precepts to priests in this Archdiocese requiring them to store and retain the Baptism Registers in a certain way, or to refrain from doing so. The Archbishop is not limited in the subjectmatter of a precept, though itmust not conflict with divine law, other Canon Law or civil law. 371. In respect of guidance and instruction to the parish priests, the Archbishop issued, via the Chancellery, the Administrative Regulations, most recently in October 2017 and previously in November 2008 (the ‘November 2008 Administrative Regulations’) and August 2002 (the ‘August 2002 Administrative Regulations’). 266 Submissions dated 15 October 2020, page 12. 372. Section E of the Administrative Regulations set out guidance for the parish priest regarding “Preservation and Storage”, “Fire Prevention” and “Security”.267 Under “RecordsManagement”, the Administrative Regulations set out the “suggested length of time records are kept”. With respect to Baptism Registers, the length of time for storage and retention is “permanent”. 373. The previous iterations of the Administrative Regulations are more definitive as to the role the Archbishop plays with regard to the Baptism Registers. The November 2008 Administrative Regulations contains similar guidance on the Baptism Registers with regard to “Preservation and Storage”, “Fire Prevention” and “Security”268. However, the November 2008 Administrative Regulations also states that: “Catholic parish church records are private records and the public do not have an automatic right of access to them. They are the property of the church, coming under the jurisdiction of the local bishop as is the case with all aspects of parochial administration” (emphasis added).269 374. Both the November 2008 Administrative Regulations and the August 2002 Administrative Regulations state on their cover pages that “Unless indicated otherwise, the following regulations and guidelines apply to each parish and agency in the diocese”.270 375. The Archbishop submitted that the DPC should not read anything into the change of language between the different versions of the Administrative Regulations, stating: “Nothing should be read into the fact that there was a change in the language between the two documents. The documents are intended for the guidance of parishes, for the most part run by a Parish Priest, secretary (usually employed on a part-time basis) and volunteers. Therefore, the guidelines need to be drafted in such a way that they are accessible to that audience. As such, nothing turns on the fact that a sentence appeared in one version and not the other. It is simply a matter of drafting” 271 376. With regard to this submission, I am of the view that the Administrative Regulations (each draft) are the intended directions of the Archbishop, which are delivered via the diocesan curia, to the parish priests of the diocese. 267 Submissions dated 15 October 2020, Schedule of Documents, Administrative Regulations and Guidelines for Parishes (2017), Schedule E (page 167 of PDF submission). 268 Submissions dated 15 October 2020, Schedule of Documents, Administrative Regulations and Guidelines (2008), section L1-L4 (Preservation, Storage, Fire Prevention, Security) (pages 107-109 of the PDF submission). 269 Submissions dated 15 October 2020, Schedule of Documents, Administrative Regulations and Guidelines (2008), section L (Archives/Parish Registers) (page 107 of the PDF submission). 270 Submissions dated 15 October 2020, Schedule of Documents, Administrative Regulations and Guidelines (2008) (page 73 of the PDF submission); Administrative Regulations and Guidelines (2002) (page 41 of the PDF submission). 271 Submissions dated 23 July 2021, page 2. 377. In his submissions, the Archbishop also noted that Baptism Registers are stored and retained in perpetuity.272 There is no express provision in Canon Law requiring Baptism Registers be retained and stored in perpetuity, only that they are carefully or diligently preserved.273 Further, the Archbishop submitted that “[a] central requirement of canon law in this regard is that entries are never deleted from baptismal records”;274 this is with reference to canon 535 §1 which requires Baptism Registers (and other sacramental registers) be preserved. Though the duty set out under canon 535 §1 is a duty placed on the relevant parish priest, it is clear from the Archbishop’s submission that he has a role to play in interpreting and disseminating the appropriate approach, in his view, to Canon Law, among the parishes of the Archdiocese. 378. Notwithstanding the fact that there is no express requirement under Canon Law to store Baptism Registers in perpetuity, or any express prohibition against deleting/destroying entities (this is not expressly contained in canon 535 §1), the Archbishop has clearly stated that “records are retained in perpetuity” and that “entries are never deleted from baptismal records” in any circumstances. In the Draft Decision, I noted that this indicates the Archbishop’s defining role in determining the purposes and essential means of processing when it comes to storage and retention. In the submissions of 1 February 2023, the Archbishop clarified that: “the Archbishop does not require the Baptism Registers to be retained in perpetuity. This is a long-standing tradition of the Catholic Church, dating back centuries. For example, in France, parish registers have been in use since the Middle Ages. The oldest surviving registers there date from 1303.” 379. I accept this clarification. However, it does not lead me to change the conclusions around the Archbishop’s influence over storage and retention, for the reasons set out below and elsewhere in this Decision. In particular, Appendix 3 of the Guidelines published by the Chancellery in 2011, for the benefit of the parish priests, states “[t]he handwritten registers must be maintained and the registers themselves are never to be destroyed or discarded”.275 380. I am satisfied that with respect to storage of the Parish Baptism Registers, the Archbishop has sufficient control of the purposes of processing and disseminates his views to the parish priests in the form of guidance and instruction, in particular, via Guidelines and the Administrative Regulations, which explicitly set out that the Baptism Register entries are not to be deleted and should be stored and retained permanently. 272 Submissions dated 16 March 2020, page 31. 273 Canons 535 §1, 491 274 Submissions dated 16 March 2020, pages 4-5. 275 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, Appendix 3 (page 27 of the PDF submission). 381. With respect to the Clonliffe College Register and the Adopted Persons Baptism Register, the Archbishop holds these registers in the Chancellery. As far as storage and retention is concerned, including duration or length of processing, organisation and preservation of the registers while in storage and security measures in place in the Chancellery, it appears to the DPC that the Archbishop is the only person who enforces and makes these decisions.While the Clonliffe College Register is, according to the Archbishop, a Parish Baptism Register, I have been provided with no evidence that the parish priest of NorthWilliam Street has any input as to the storage environment of the Clonliffe College Register, or that on balance he exerts any tangible influence over the duration of the storage and retention. 382. The Archbishop has submitted that both the Clonliffe College registers and the Adopted Persons’ Baptism Registers are kept securely. The Chancellery Offices, located at the Archbishop’s house is under the jurisdiction of the Archbishop. He is responsible for the administration and good ordering of the goods in his diocese and I am satisfied that ultimately he is in charge of the security arrangements, which are in place in the Archbishop’s House, even where such tasks may be delegated to others in the diocesan curia in certain instances. The Archbishop is obligated under Canon Law to ensure that there is an historical archive in the Archdiocese and that “documents having historical value are diligently protected and systematically order in it”.276 I am satisfied that, given the necessity (according to the Archbishop) of retaining the Baptism Registers even after the death of the individuals whose baptisms are recorded in them, the Clonliffe College Register and the Adopted Person Baptism Register are ‘documents’which have an historical value and which, being in the Dublin Diocesan Archives, are to be diligently protected and systematically ordered by the Archbishop. 383. Based on the above analysis, I am of the view that the Archbishop does exert a decisive influence over the processing of the personal data and special category personal data contained in all Baptism Registers for the purposes of storage and retention. The DPC next considers whether this is sole or joint controllership. Controllership: Storage and Retention The Parish Priest 384. The parish priest is under an obligation further to canon 535 §1 to ensure that the Parish Baptism Registers are “carefully preserved”. Further, the parish priest is also tasked with ensuring that the Parish Baptism Registers are stored correctly and do not fall into unauthorised hands, in accordance with canon 535 §4. Canon 535 §4 requires that each parish has a storage area or archived “in which the parochial registers are protected”. 276 Canon 491§2. 385. The Archbishop submitted that the parish priest is responsible for the “the maintenance of security and confidentiality of baptismal registers”277 and has also submitted that each Parish is required to have an archive in which Parish Baptism Registers are kept, and that these are normally kept in safe rooms, which are fireproofed and are accessible only by authorised personnel.278 386. The Archbishop has asserted that the parish priest “has ongoing access to the registers and it is he that bears the responsibility of ensuring their security and confidentiality”.279 According to the Archbishop, the parish priest not only collects the personal data but also “remains in possession of the data on a continuous and indefinite basis, and controls access to that data by all outside parties, including the person to whom the record relates. There can be no doubt that the Parish Priest, therefore, is a data controller”.280 387. My initial view is that, while the parish priest does remain in possession of the personal data in the Parish Baptism Registers on a ”continuous and indefinite basis”, this duration of processing has been pre-determined by the Archbishop and is specified to the parish priest through the Archbishop’s instructions and guidance. Such instructions and guidance are based on the Archbishop’s interpretation of Canon Law.281 388. Further, I am of the view that while the parish priest is responsible for day-to-day storage and retention of the Parish Baptism Registers, the Archbishop does provide clear guidance on the minimum standards expected with regard to retention, security, preservation and fire safety for the Parish Baptism Registers.282 Indeed, the Dublin Diocesan Archives Guidance provided by the Archbishop notes explicitly that with respect to Parish Records, “No items are to be disposed of through sale, donation, or other means before they have been assessed by the archivist and without the explicit permission of the Archbishop”.283 389. I have had regard to the “non-essential means” of processing as set out in the EDPB Guidelines 07/20. It states: ”Non-essentialmeans” concernmore practical aspects of implementation, such as the choice for a particular type of hard-or software or the detailed security measures which may be left to the processor to decide on. 390. I am of the view that the parish priest has a discretion as to the means he uses to store the personal data contained with the Parish Baptism Registers. Neither Canon Law nor the Archbishop’s guidance have prescribed all themeans by which the personal data is to be stored, though certain guidance is in place as to how the parish priest may best preserve his archive and ensure that it is secure against unauthorised third parties. 277 Submissions dated 16 March 2020, page 5. 278 Submissions dated 16 March 2020, page 29. 279 Submissions dated 16 March 2020, page 10. 280 Submissions dated 16 March 2020, page 11. 281 Submissions dated 16 March 2020, page 11. 282 Submissions dated 15 October 2020, Schedule of Documents, Dublin Diocesan Archives (IE/DDA), section 3.6.1 (page 256 of the PDF submission) and Administrative Regulations, November 2008, section L (pages 107-109 of the PDF submission). 283 Submissions dated 15 October 2020, Schedule of Documents, Dublin Diocesan Archives (IE/DDA), section 3.6.1 (page 256 of the PDF submission). 391. I am of the view that for the purposes of storage of personal data contained within the Parish Baptism Registers that the parish priest is engaged with the “non-essential means” of such processing and is therefore not a data controller for this purpose. This is because the storage of the parish Baptism Registers by the parish priest is concerned with the practical implementation of the Archbishop’s instruction and, based upon the EDPB guidance, it is within the discretion of the parish priest to decide upon certain storage measures once they conform overall to and are within the overall parameters of the instructions of the Archbishop as data controller. 392. I do not accept either that the parish priest, short of disobeying the instructions of the Archbishop and by extension the Archbishop’s interpretation of Canon Law, determines the duration of the processing, which must be perpetual and which has been clearly set out by the Archbishop. 393. Based on the above, I am of the view that the parish priest does not exert influence over the processing of the personal data and special category personal data contained in the Parish Baptism Registers for the purposes of storage. Conclusion: Controllership: Storage 394. I am of the view that the Archbishop solely engages in decisions relating to the storage of the personal data in the Parish Baptism Registers. 395. With respect to the purposes of processing, both the Archbishop and the parish priest have obligations under Canon Law that are inextricably linked. The parish priest is under an obligation to carefully preserve the Parish Baptism Registers and to ensure that they are protected in an adequate storage area, further to canon 535 §1 and canon 535 §4 respectively. The Archbishop is under an obligation to ensure the affairs that relate to the administration of the Archdiocese are duly coordinated and ordered. However, it is the Archbishop who has issued clear guidance as to how the Parish Baptism Registers should be stored and it is the parish priest who must ensure that this guidance is followed, even though hemay have some discretion as to the “non- essential means” of processing. 396. With respect to the means of processing, the parish priest must comply with his obligations under canon 535 §1 and canon 535 §4, in addition to the guidance provided by the Archbishop. The parish priestmay have some discretion, but this is in relation to the non-essential means of processing. The Archbishop however determines the means of processing, having a role of oversight to ensure that the manner in which the personal data is stored by the parish priest complies with Canon Law, such as whether they have been diligently preserved284, and in compliance with the guidance he has put in place via the Administrative Regulations. The Archbishop is empowered to alter the means of processing used by the parish priest via recommendations in the report sent to the parish following a visitation further to canon 535 §4 or via a precept. 397. As such, I am satisfied, based on the evidence presented to it, that the Archbishop is the sole controller for the purposes of the storage of the Parish Baptism Registers. 284 Canons 535 §1, 545 §4, 491 §2, 396 §1. Conclusion: Controllership: Retention 398. On careful consideration of the evidence before me, I am of the view that the Archbishop is the sole controller for the purposes of the retention of the personal data and special category personal data contained in the Parish Baptism Registers. 399. I have considered the judgment of C-40/17 Fashion ID, in this regard, in particular the CJEU’s statement at paragraph 40 that a personmay be a controller jointly with others “only in respect of the operations involving the processing of personal data for which it determines jointly the purposes and means”. On consideration of this processing activity, the DPC does not regard the parish priest to act in the role of a joint controller in respect of retention, not being involved in jointly determining the purposes andmeans for the retention of the personal data in the Parish Baptism Registers. 400. From the evidence provided, it is the view of the DPC that the Archbishop solely determines the purposes and means of the retention of the personal data in the Parish Baptism Registers. It is the Archbishop who has determined that the personal data in these registers must be retained indefinitely and never deleted in order that the purposes of processing are fulfilled. As such, the parish priest has no control over the essential means of processing of the Parish Baptism Registers when it comes to retention, in particular the duration of the processing.285 401. The essential means of processing for retention of the personal data in perpetuity are not agreed jointly between the Archbishop and the parish priest and there has been no evidence presented to the DPC that there is any joint participation in determining the purposes and means in this regard. The DPC rejects that there is any evidence that the parish priest solely determines the means and purposes of processing with respect to retention. The Guidelines from the Archbishop as set out above clearly state that the Parish Baptism Register entries are never to be deleted or destroyed. According to the Dublin Diocesan Archives guidance, the Parish Baptism Registers are not to be disposed of by anymeans, without the explicit permission of the Archbishop.286 402. As such, in respect of the processing activity of retention, I am of the view that the Archbishop solely controls the purposes and means of processing and therefore is the sole controller of the personal data for this processing activity. Conclusion: Controllership Clonliffe College Registers 285 EDPB Guidelines 07/20, paragraph 40. 286Submissions dated 15 October 2020, Schedule of Documents, Dublin Diocesan Archives (IE/DDA), section 3.6.1 (page 256 of the PDF submission) and Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, Appendix 3 (page 27 of the PDF submission). 403. Although, as previously set out, the Archbishop submits that the Clonliffe College Register is rightfully a Parish Baptism Register, it has never been in the possession of the North William Street parish (or at least this was the case up until July 2021 as far as I am aware). The Clonliffe College Register is stored in the Chancellery Office/Diocesan Archives at the Archbishop’s House and the Archbishop is the only person (having regard to the delegation of the task to others in the diocesan curia) who determines the purposes and means of processing for the storage of this register, including security, fire prevention, preservation etc. The DPC rejects any implication that the parish priest of North William Street has any practical or realistic input as to the purposes and means of storage for this register. 404. Insofar as retention is concerned, further to my views as set out above, the Archbishop is also the sole controller of the Clonliffe College Register in respect of this processing activity. Conclusion on Controllership: Storage and Retention Adopted Persons Baptism Register 405. I am of the view that the Archbishop is the sole controller of the personal data and special category personal data in the Adopted Persons Baptism Register for all processing activities, and refers to my views previously set out herein in this regard. Alteration of Baptismal records Preliminary Points 406. As a preliminary point, I note that in the context of this Inquiry, the meaning of annotation of the Baptism Registers and alteration of the Baptism Registers must be distinguished. 407. When an individual undertakes certain sacraments, such as confirmation or marriage, a note of this is made in the Baptism Register entry for that person. (‘Standard Annotation’). Further, when a person’s marriage is annulled by the Church, or when a person formally defects from the Church, this would also be annotated into the Baptism Register. In the case of when a baptised person prior to 2011 was adopted, their original baptism entry in the Parish Baptism Register ‘ceased’ by way of a notation only. This notation was placed beside the entry, referring all requests to the Chancellery (a ‘Special Annotation’). 408. This is to be distinguished from an alteration (‘Alteration’) to the Baptism Register,which is also of a form of annotation. When an entry to the Baptism Register requires alteration, which may occur for a number of reasons, for example a change of name or an error in the recording of a date of birth, the entry is not deleted. The Archbishop has submitted that entries in the Baptism Register are never deleted. Rather, when an alteration or emendation is required, the incorrect or out of date information will be struck through and a note of the correct information will be made on the Baptism Register, above or below the struck through entry.287 287 Submissions dated 16 March 2020, page 6. 409. However, for the purposes of this Decision, a Standard Annotation will refer to routine annotations of the Baptism Register, which take place when information on further sacraments received is recorded on the Baptism Register. A Special Annotation will refer to an instance where the parish priest it notified by the Chancellery of the addition of a specific note to an entry in a Baptism Register (often also changing the sacramental status of a person). An Alteration will refer to the less common instances where a Baptism Register entry is annotated with a view to altering or changing the information which is already present in that entry, due to an error or inaccuracy. Standard Annotation, Special Annotation and Alteration 410. The Archbishop has submitted that, with respect to alteration and annotation of the Baptism Registers, “he is not entitled to alter entries in the registers and he has no power to compel a Parish Priest to alter a register”288. I have previously set out herein, the obligations of the Archbishop regarding governance and oversight within the Archdiocese, in addition to his powers to compel a parish priest to take certain actions by way of a precept. As such, the DPC finds it difficult to accept the Archbishop’s assertion that he has no power to compel the parish priest to alter a Parish Baptism Register. 411. I previously stated my view that the Archbishop’s power of inspection, coupled with the parish priest’s oath of obedience effectively means that the Archbishop exerts influence over the Annotations which the parish priest makes in the Parish Baptism Registers, being subject to scrutiny and possible recommendations from the Archbishop. 412. In the submissions to the DPC by the Archbishop, I note that there are suggestions therein, that the Archbishop, via the Chancellery, exerts influence over themanner in which the Annotations and Alterations may occur with reference to the personal data contained in the Baptism Registers. 413. The Archbishop also asserted that the Chancellery “only offers advice. It in no way compels the recipient to follow the advice, much akin to a person seeking legal advice from a solicitor”289. However, I note the following: • section 1.12 of the Guidelines state that “[a]ny alteration to the Baptismal Register must be authorised through the Chancellery”; • section 4.5 of the Guidelines state that “[t]he express permission of the Chancellery is required before any alteration or emendation may be made in any entry in any such parochial register”; and • Appendix 3 of the Guidelines, explicitly states, “[a]ny amendment to a register needs to the prior written permission and authorisation from the Chancellery”.290 288 Submissions dated 16 March 2020, page 2. 289 Submissions dated 15 October 2020, page 14. 290 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, (pages 12, 23, 27 of the PDF submission). 414. The Archbishop has argued that the Chancellery does not in fact ““authorise” an amendment in the sense of the giving official permission by someone in a position of authority. A better term might perhaps be “advise””291. While the Archbishop states that in respect of the term “authorise” “[i]ts usual meaning is where official permission or approval is given for something to happen. It is important to note that it is not used in that sense where the Chancellery is concerned”, the DPC respectfully rejects this assertion by the Archbishop. 415. Taking the ordinary meaning of phrases such as “must be authorised”, “express permission”, or “written permission” it is untenable to suggest that such phrases in fact mean that the Chancellery will advise only, and that they would be universally understood to be read that way by parish priests and others in receipt of the Guidelines. Further, the Archbishop has not demonstrated why these words do not retain their ordinary meaning “where the Chancellery is concerned” or why this might be. On balance, I am satisfied that if “advise” was the meaning intended by the Archbishop and the Chancellery in the Guidelines, it would have in fact been used instead of the language of authorisation and permission. 416. It is not solely the Guidelines, which reflect the language of authorisation in the Archbishop’s and Chancellery’s communications with parish priests. In a letter dated 24 September 2018,292 a parish priest is requested by the Chancellery to amend an entry in the Parish Baptism Register. The parish priest is requested to write “Chancellery Auth. 24th September 2018” beside the change in the Observation Column293 and that the alteration to the date of birth of the data subject be executed as follows: “i) In the Date of Birth Column place an asterisk, draw a line through the “9th” and, above or below insert the “10th”. ii) In the Observation Column place an asterisk and the following: “Future certificates to reflect changes made: pub.doc: Chancellery Auth. 24th September 2018”.294 417. The same type of notation is present in a letter of 22 October 2018 requesting an alteration, “Chancellery Auth. 22nd October 2018”295. In the letter dated 22 October 2018, the Chancellery instructed the parish priest to rectify the surname of a data subject, which was recorded in the Parish Baptism Register. The Chancellery instructed the parish priest of St Luke the Evangelist parish alter the entry as follows: “i) In the Surname column place an asterisk, before the name […] and, insert the name […] ii) In the Observation Column place an asterisk and the following: “Future certificates to be issued in the name […] pub.doc: Chancellery Auth. 22nd October 2018” 291 Submissions dated 23 July 2021, page 1. 292 Submissions dated 15 October 2020, Schedule of Documents, (page 194 of the PDF submission). 293 Submissions dated 15 October 2020, Schedule of Documents, (page 194 of the PDF submission). 294 Submissions dated 15 October 2020, Schedule of Documents, (page 194 of the PDF submission). 295 Submissions dated 15 October 2020, Schedule of Documents, (page 207 of the PDF submission). 418. I am satisfied that these references indicate that the parish priestmust record whenmaking the Alteration that the Chancellery’s authorisation has been obtained and the Alteration is legitimatelymade. In addition to this, in an email to the data subject in respect of the 22 October 2018 request, the Chancellery writes “[w]e have authorised the parish of St Luke the Evangelist to amend […] Baptismal Certificate”.296 This further strengthens my view that the ordinary meaning of the word “authorise” is intended with respect to the Chancellery’s involvement in Annotations and Alterations. This arises in circumstances where it is used with laypeople who may not be privy to any purported special status surrounding the Chancellery. 419. The Archbishop states that: “the Chancellery acts as a form of legal advisor to a Parish Priest in that it carries out an investigation of the particular circumstances surrounding the requested amendment and confirms to the Parish Priest whether it is legally possible, according to canon law, to effect the amendment. In this regard, the Chancellery confirms whether the request is a legitimate one […] As such, in confirming that the request is a legitimate one, the Chancellery is confirming whether the individual has a right to have their baptismal record amended. It is then a matter for the relevant Parish Priest to give effect to this right and lawful amendment, where it arises”.297 420. Similarly, the Archbishop also stated that: “This advice is then relayed to the recipient (which in any particular case could be the Archbishop, a Parish Priest, or a Diocesan Agency). The action(s) thereafter fall under the jurisdiction of the recipient on how they will proceed”.298 421. I am of the view that the only recipient of “advice” from the Chancellery with any element of discretion in terms of how to proceed is the Archbishop. I am not satisfied that it is possible for a parish priest or indeed a diocesan agency, to go against the directions of the Chancellery, even where the parish priest has operational control within his parish. This is in circumstances where I am satisfied that in respect of Special Annotations and Alterations, the communications issued from the Chancellery are not in fact advice, but instructions from the Archbishop to be complied with by the parish priest. 296 Submissions dated 15 October 2020, Schedule of Documents, (page 203 of the PDF submission). 297 Submissions dated 23 July 2021, page 1. 298 Submissions dated 15 October 2020, page 14. 422. As previously stated, in C-131/12 Google Spain, the concept of a controller (in that case with reference to the definition under Article 2(d) of Directive 95/46) is defined broadly to ensure the effective and complete protection of data subjects299. It would be remiss to ignore the practical influence the Chancellery has in guiding, assisting and advising the Archbishop as part of the diocesan curia) over the actions of the parish priest, when it comes to amending and annotating the personal data in the Baptism Registers. In order to protect data subject rights properly, it is necessary to define a controller broadly and to ensure that the influence of controllers, even when emanating from another body or office, which purportedly has no power, is properly recognised for what it is. 423. With respect to the Adopted Persons Baptism Register, the Archbishop provided a template letter with his 16 March 2020 Submission, which is issued to a parish when an individual is entered on that register centrally. The letter states that: “The record of Baptism of the person named below is now contained within the Adopted Persons’ Baptismal Register held in the Chancellery, Archbishop’s House. As a result, the entry contained in the Baptismal Register of your Parish ceases. No Baptismal certificate may be issued from your parish for this entry” 424. The letter also states that “to effect this, I would ask you to make the following notation in the comments column of the above entry …”.300 In the view of the DPC, the language in this letter is a clear statement that the entry in the Parish Baptism Registers has ceased and the parish priest is now prohibited from issuing a baptismal certificate, by direct instruction from the Chancellery. This is not advice but a strict direction, though the Chancellery has attempted to frame the latter part of the letter as a request. 425. The Archbishop stated in respect of this that “[u]ltimately it was a decision of the Parish Priest concerned to make the relevant annotations in the baptismal register held in the Parish”.301 I have considered this submission by the Archbishop and having had regard to all evidence presented to the Inquiry, respectfully reject this assertion. The above statement is similar to prior submissions made by the Archbishop whereby “[i]t is then a matter for the relevant Parish Priest to give effect to this right and lawful amendment, where it arises” and “[t]he action(s) thereafter fall under the jurisdiction of the recipient on how they will proceed” respectively. While technically a parish priest may choose not to make the relevant Special Annotation or Alteration, just as a parish priest may choose not even to record a legitimate baptism in a register in the first place, this would be in direct contravention of his duties under Canon Law and his oath of obedience to the Archbishop, as previously set out. 299 C-131/12 Google Spain, paragraph 34. 300 D-201015 Adopted Persons – cessation of entry in baptismal register letter. 301 Submissions dated 23 July 2021, pages 8-9. 426. The Archbishop has certain authority over a parish priest and can even remove a parish priest from his office in some instances,302 in addition to a power of oversight of the Baptism Register at his visitation, after which hemay send a report to the parish detailing improvements that are required. The fact that a parish priest does not undertake the instructions given to him by the Chancellery does not indicate he is prima facie a controller in his own right, in circumstances where the alternative to following the instruction is to be in contravention of the duties and obligations of his office and possibly incur some degree of sanction. 427. The failure to make a Special Annotation or Alteration requested by the Chancellery would not be the action of a controller legitimately determining the purposes and means of processing personal data, but rather, the actions of a processor who has failed to follow the instructions of a controller. In that circumstance the parish priest would then become a controller, further to Article 28(10) of the GDPR.303 428. In addition to the foregoing and coupled with the Archbishop’s duties of oversight and governance, including his power of inspection and the right tomake recommendations, or issue a precept, extends to the oversight of these annotations in the Baptism Registers also. The interpretation of Canon Law and its anticipated outcome may be provided by the Archbishop and disseminated to the parish priests, either as guidance or by recommendations to a particular parish following an inspection and visitation and this determines the purposes of processing of the personal data. 429. With respect to other Special Annotations directed by the Chancellery, the Archbishop is empowered to determine not only that a Special Annotation bemade, but also exactly, how the annotation is to be phrased. In this regard, I note that the Archbishop, via the Chancellery, directed that when a person formally defected from the Catholic Church, this would be annotated on their Parish Baptism Register entry. The template letter which was sent to the parish priest indicates the exactmanner inwhich the Parish Baptism Register is to be annotated: “I would be grateful if you would make the following insertion in the observation column of the Baptismal Register in respect of the Petitioner: “Cessation of Church membership by formal act of defection recognised: Doc. Apud Curiam, prot. No FD/XX/09. All future requested Baptism Certificates should include this observation” .304 430. In circumstances where a baptised person was adopted prior to 2011, the Chancellery also notified the parish priest of the exact means by which the Parish Baptism Register was to be annotated, as set out previously. In this instance, the Chancellery would set out the following entry which was to be made in the comments column of the Parish Baptism Register entry: 302 Submissions dated 15 October 2020, page 19 303 EDPB Guidelines 07/20, page 4 states: “A processor infringes the GDPR, however, if it goes beyond the controller’s instructions and starts to determine its own purposes and means of the processing. The processor will then be considered a controller in respect of that processing and may be subject to sanctions for going beyond the controller’s instructions”. 304 Submissions dated 23 July 2021, Booklet of Documents Accompanying Responses to DPC Queries, template letter dated 31 August 2009 on the cessation of church membership sent from the Chancellery (page 21 of the PDF submission). “Adoption Order granted (DATE), Serial No: In the name Refer all requests for certificates/notifications to the Chancellery”.305 431. Further, I note that the Archbishop has in fact offered in his submissions to recommend that a further annotation be made by the parish priests in circumstances where a person has sought de facto defection. The Archbishop stated that the “register could be annotated as follows: “No longer wishes to be identified as a Roman Catholic”.306 This, in my view, indicates that the Archbishop has the power to determine further annotations, whichmay be placed on the entry of a data subject in the Baptism Registers, including the Clonliffe College Registers and Adopted Persons Baptism Registers. 432. As such, the Archbishop determines the essential means of processing when it comes to Special Annotations, which are specifically directed by the Chancellery, in particular the type of the personal data processed, the duration of the processing, the data subjects whose personal data is processed and the form in which the processing must take. 433. Similarly, with regard to Alterations to the Baptism Registers, the Archbishop, via the Chancellery, specifies exactly the means by which an alteration to an entry is executed. This is evident from the sample letters dated 24 September 2018 and letter of 22 October 2018 provided by the Archbishop in his submissions, which instruct a parish priest to perform an Alteration to the Parish Baptism Register. 434. Both of the aforementioned Alterations are set out precisely in their terms, and the parish priest does not determine any aspect of the essential means of processing for the above alterations. He must execute these as instructed, transcribing the exact language used by the Chancellery. It is evident to the DPC that that these Alterations, are to be undertaken in the exact manner in which the Chancellery has directed that they be done. 435. For Standard Annotations which indicate a change in a person’s sacramental status, further to canon 535 §2, the Archbishop is empowered to determine the interpretation and implementation of Canon Law in his Archdiocese. As such, he is empowered to direct themeans of processing for such annotations if he wishes, in particular, the type of personal data processed by determining the amount of detailwhich should be provided in such an annotation; the duration of the processing for an annotation (in perpetuity); and the categories of data subjects. With respect to the categories of data subjects, the Archbishop is empowered to determine whether further annotations can be made in the Baptism Register. 436. The parish priest has no power to effect an Alteration without the express permission and instruction of the Chancellery. Hemay not even formulate thewording of the Alteration himself, nor can he decide to include more or less personal data, further to his own discretion under canon 535 §2. 305 Submissions dated 16 March 2020, per template letter provided therein, D-201015 Adopted Persons – cessation of entry in baptismal register letter. 306 Submissions dated 16 March 2020, page 44. Controllership: Standard Annotation, Special Annotation and Alteration Parish Priest 437. The parish priest is obliged under canon 535 §2 to make Standard Annotations on the Parish Baptism Register. Canon 535 §2 provides that: “In the baptismal register are also to be noted confirmation and those things which pertain to the canonical status of the Christian faithful by reason of marriage, without prejudice to the prescript of _ can. 1133, of adoption, of the reception of sacred orders, of perpetual profession made in a religious institute, and of change of rite. These notations are always to be noted on a baptismal certificate”. 438. I accept that the parish priest, for the most part, fulfils this obligation on a day-to-day basis without reference to the Archbishop and am of the view that he has an element of discretion as to how this is achieved. Canon 895 states that “[t]he pastor must inform the pastor of the place of baptism about the conferral of confirmation so that a notation ismade in the baptismal register according to the norm of _ can. 535, §2”. Canon Law does not specify the personal data which is to be included in such a notation, just that it must be done to fulfil the requirements of Canon Law. The parish priest is obliged under Canon Law to make standard annotations in the parish baptism registers for the purposes of recording the sacramental or canonical status of an individual, the recording of which is central to the administration of the Church. 439. My view is that any element of discretion that the parish priest may have in terms of the recording of the standard annotation is part of the non-essential means of processing. It simply concerns a practical aspect of the implementation of obligations that are set out under Canon Law, notwithstanding the significance of its administrative function and purpose. 440. The Archbishop has also submitted that the parish priest is responsible for the “annotation of the baptismal record with details of a person’s confirmation, marriage/annulment and ordination/laicisation”.307 I note the distinction between these Standard Annotations and Special Annotations, which require direction or instruction from the Archbishop (via the Chancellery). Such Special Annotations may include the recording in a Baptism Register of the annulment of a marriage, the laicisation of a previously ordained individual, the formal defection of an individual from the Church (which is no longer possible), or annotating the cessation of an entry in a Parish Baptism Register on the adoption of a baptised individual (this practice has also ceased). 307 Submissions dated 16 March 2020, page 5. 441. With respect to these Special Annotations, the evidence provided to the DPC by the Archbishop indicates that, in these instances, such an annotation is only performed by a parish priest when a specific instruction has been received by the Chancellery to do so. These specific instructions appear to set out the exactwording and form which the Special Annotation is to take and leaves no discretion to the parish priest as to how the personal data in question is to be processed. The wording of such an annotation in the case of a formal defection from the Church has been previously set out herein together with the wording in the case of the cessation of a baptismal entry following the adoption of a baptised person. 442. When a parish priest is approached by an individual who wishes an Alteration to be made to the Baptism Register, the Archbishop has submitted that this will only occur in limited circumstances. The Archbishop submits that an Alteration can consist of changing the name of the individual following a change of name by deed poll.308 Amending a factual error in the name or date recorded are also possible alterations that may be made.309 443. To make an Alteration to a Baptism Register entry, the parish priest must apply to the Chancellery for “authorisation” if he has been contacted directly by an individual.310 The Chancellery then undertakes an investigation as to whether the alteration may be carried out. The Archbishop submitted that the investigation is “carried out on behalf of the Parish Priest as he is the custodian of the records”.311 The Chancellery then relays the findings to the parish priest and the parish priest then undertakes the Alteration based on the Chancellery’s findings. As stated above, I note the clear language used in a number of the documents submitted by the Archbishop accompanying the submissions, which indicates that the Chancellery must in fact expressly authorise or give permission for an Alteration to be performed by the parish priest. The parish priest does not have any discretion in this regard. 444. The DPC respectfully disagrees with the viewpoint presented by the Archbishop that the Chancellery is working on behalf of the parish priest, providing advice only as to whether an Alteration should be performed. As previously set out, I am of the view that the parish priest cannot alter the baptism records unless and until he is permitted to do so by the instructions from the Archbishop, delivered through the Chancellery. Conclusion on Controllership: Standard Annotation, Special Annotation, Alteration Parish Baptism Registers 445. I am of the view that the Archbishop, in respect of Standard Annotations of entries in the Parish Baptism Registers, is the sole controller who determines the purposes and means of the processing of personal data. 308 Submissions dated 16 March 2020, page 6. 309 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, section 1.13 (page 12 of the PDF submission). 310 Submissions dated 16 March 2020, page 6. 311 Submissions dated 16 March 2020, page 6. 446. It is the view of the DPC that the Archbishop, in respect of the processing activity of Special Annotation of entries in the Parish Baptism Registers, is the sole controller who directs the purposes and means of processing. The Archbishop via the Chancellery instructs the parish priest as to the exact manner in which a Special Annotation is to be effected. The parish priest does not determine the purposes or the means of such processing and therefore cannot be identified as a controller in these circumstances. 447. I am of the view that in respect of the processing activity of Alteration of entries in the Parish Baptism Registers, the Archbishop is the sole controller who directs the purposes and means of processing. The Archbishop via the Chancellery instructs the parish priest as to the exactmanner in which an Alteration is to be effected. The parish priest is required to obtain the express permission or authorisation for the purposes of an Alteration. The parish priest does not determine the purposes or the means of such processing and therefore cannot be identified as a controller in these circumstances. Clonliffe College Registers 448. I am of the view that the Archbishop is the sole controller of the personal data and special category personal data in the Clonliffe College Register for the processing activities of Standard Annotation, Special Annotation and Alteration. Although the Archbishop submits that the Clonliffe College Register is rightfully a Parish Baptism Register, it was not in the possession of the NorthWilliam Street parish at the time of the Archishop’s submission. 449. The Clonliffe College Register is stored in the Chancellery Office/Diocesan Archives at the Archbishop’s House and the Archbishop is the only person (having regard to the delegation of the task to others in the diocesan curia) who determines the purposes andmeans of processing for the standard and special annotation and alteration of this register. The DPC rejects any implication that the parish priest of North William Street has any practical or realistic input on the purposes and means of Standard Annotation for this Clonliffe College Register. Adopted Persons Baptism Register 450. I am of the view that the Archbishop is the sole controller of the personal data and special category personal data in the Adopted Persons Baptism Register this Decision. Findings 451. While having regard to the findings of joint controllership with the parish priest, I reiterate the position previously set out which is that the DPC engaged solely with the Archbishop of Dublin in relation to this Inquiry and my findings are based on the submissions of the Archbishop. However, it is important to note that this Inquiry relates to the rectification and erasure of personal data contained within the Baptism Registers (which includes retention and storage) under Articles 16 and 17 of the GDPR respectively. Earlier sections of this Decision included an analysis of the collection and recording of personal data because the issue of rectification or erasure flows therefrom. 452. It is clear to me from the foregoing analysis, that the Archbishop retains sole controllership for the processing activities of rectification and erasure of personal data contained within the Baptism Registers. In simple terms, this is so because any such amendment cannot be made by the parish priest without having first obtained hierarchal approval. While the Archbishop submits that the Chancellery is the Canon Law office of the Diocesan Curia with no decision- making power and fulfils only an advisory role, the DPC does not accept for the purposes of data protection law that this organisational make-up relieves or removes the Archbishop from consideration as a data controller. The Archbishop decides certain key elements312 about the purposes of the data processing by his governance of the interpretation of the obligations under Canon Law and instructing those to the parish priest. The Archbishop issues instructions on how to comply with certain obligations, via the Chancellery. 453. Therefore, I find that: a. The Archbishop and the parish priest are joint controllers of the personal data and special category data contained in the Parish Baptism Registers with respect to the processing activities of: i. Collecting and recording. b. The Archbishop is the sole controller of the personal data and special category data contained in the Parish Baptism Registers with respect to the processing activities of: i. Storage and Retention; ii. Standard and Special Annotation; iii. Alteration; c. The Archbishop is the sole controller of the personal data and special category personal data contained in the Clonliffe College Registers with respect to all processing activities. d. The Archbishop is the sole controller of the personal data and special category personal data contained in the Adopted Persons Baptism Register with respect to all processing activities. 312 EDPB Guidelines 07/20, paragraph 20. c) LEGAL BASIS Issue for determination Introduction 454. I have made the determinations herein that firstly the Baptism Registers come within the material scope of the GDPR; and secondly that the Archbishop acts in the capacity as sole controller for the processing activities, the subject of this Inquiry. As such, the following issues arise for determination by the DPC in relation to the Archbishop’s compliance with Articles 6 and 9 of the GDPR They are set out as follows: a. In relation to the processing of personal data and special category personal data of data subjects who no longer wish to have their personal data recorded in any Baptism Registers: i. whether the Archbishopmay rely on legitimate interests for the processing of Baptism Registers, in accordance with on Article 6(1)(f) of the GDPR, in circumstances where the processing is necessary for the purposes of the legitimate interests pursued by the Archbishop; ii. whether, and to what extent the Archbishop’s interests (or those of a third party) in retaining the personal data and special category personal data are overridden by the interest or fundamental rights and freedoms of the data subjects and accordingly whether the Archbishop is entitled to rely on Article 6(1)(f) for the processing of the personal data and special category personal data; iii. whether the Archbishop is entitled to rely on Article 9(2)(d) of the GDPR for the processing of the special category personal data contained in the Baptism Registers, which permits processing carried out in the course of the Archbishop’s legitimate activities as a foundation, association or non-profit body with a religious aim where the processing relates solely to members or former members of the body or to persons who have regular contact with it in connection with its purposes and where the special category personal data are not disclosed outside the body without the consent of the data subjects; iv. whether the Archbishop, in processing the special category personal data in accordance with Article 9(2)(d) of the GDPR, put in place the required appropriate safeguards for such processing under Article 9(2)(d); and v. in assessing the legal bases relied on by the Archbishop, whether the Archbishop is compliant with the principle of purpose limitation under Article 5(1)(b) of the GDPR and the principle of lawfulness fairness and transparency under Article 5(1)(a) of the GDPR. b. In relation to any further processing of personal data and special category personal data of data subjectswho no longer wish to have their personal data recorded in the Baptism Registers: vi. whether the Archbishop may rely on legitimate interests for the processing, in accordance with Article 6(1)(f) of the GDPR, in circumstances where the processing is necessary for the purposes of the legitimate interests pursued by the Archbishop; vii. whether, and to what extent the Archbishop’s interests (or those of a third party) in further processing the personal data and special category personal data are overridden by the interest or fundamental rights and freedoms of the data subjects and accordingly whether the Archbishop is entitled to rely on Article 6(1)(f) for the further processing of personal data and special category personal data; viii. whether the Archbishop is entitled to rely on Article 9(2)(j) of the GDPR for the further processing of special category personal data contained in the Baptism Registers, which permits processing which is necessary for archiving purposes in the public interest, scientific or historical research purposes in accordance with Article 89(1) of the GDPR; ix. whether the Archbishop, in further processing the special category personal data in accordance with Article 9(2)(j) of the GDPR, put in place the required appropriate safeguards for such processing in accordance with Article 89(1) of the GDPR, which ensure that technical and organisational measures are in place in particular in order ensure respect for the principle of data minimisation; x. whether the processing of special category personal data is necessary and proportionate for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Section 54 of the 2018 Act; xi. whether, in circumstances where processing is established to be necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, (i) suitable and specific measures have been taken by the Archbishop to safeguard the fundamental rights and freedoms of data subjects; (ii) the processing respects the principle of dataminimisation (Article 5(1)(c) of the GDPR); and (iii) where the purposes can be fulfilled by processing which does not permit or no longer permits identification the processing is fulfilled in that manner, in accordance with Section 42 of the 2018 Act; xii. whether, in circumstances where processing is established to be necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, data subject rights have lawfully been restricted in accordance with Section 61(1) and 61(2) of the 2018 Act to the extent that the exercise of any of those rights would be likely to render impossible, or seriously impair, the achievement of those purposes, and such restriction is necessary for the fulfilment of those purposes; and xiii. in assessing the legal bases relied on by the Archbishop, whether the Archbishop is compliant with the principle of purpose limitation under Article 5(1)(b) of the GDPR and the principle of lawfulness fairness and transparency under Article 5(1)(a) of the GDPR. Relevant Provisions 455. Article 5(1) (a) of the GDPR requires that personal data shall be “processed lawfully, fairly and in a transparent manner in relation to the data subject”. This is known as the principle of lawfulness, fairness and transparency. 456. Article 5(1)(b) of the GDPR requires that the personal data be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordancewith Article 89(1), not be considered to be incompatiblewith the initial purposes (‘purpose limitation’). 457. Article 6 of the GDPR states that processing shall be lawful only if and to the extent that one of the conditions under Article 6(1) applies. Under Article 6(1)(f), processing shall be lawful in circumstances where: “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child”. 458. Under Article 9 of the GDPR, the processing of special categories of personal data (which includes personal data revealing religious or philosophical beliefs) is prohibited unless one of the conditions under Article 9(2) applies. This includes: Article 9(2)(d) permits processing which is: “carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects”; and 459. Article 9(2)(j) permits processing which is: “necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specificmeasures to safeguard the fundamental rights and the interests of the data subject.” 460. Article 89(1) of the GDPR states that: “Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organisational measures are in place in particular in order to ensure respect for the principle of data minimisation. Those measures may include pseudonymisation provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner”. 461. Recital 156 of the GDPR provides guidance on further processing under the legal basis of Article 9(2)(j), stating that the: “further processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is to be carried out when the controller has assessed the feasibility to fulfil those purposes by processing data which do not permit or no longer permit the identification of data subjects, provided that appropriate safeguards exist (such as, for instance, pseudonymisation of the data).” 462. Recital 158 of the GDPR provides further guidance on the legal basis under Article 9(2)(j), stating that: “Where personal data are processed for archiving purposes, this Regulation should also apply to that processing, bearing in mind that this Regulation should not apply to deceased persons. Public authorities or public or private bodies that hold records of public interest should be services which, pursuant to Union or Member State law, have a legal obligation to acquire, preserve, appraise, arrange, describe, communicate, promote, disseminate and provide access to records of enduring value for general public interest...” 463. Article 9(2)(j) has also been given further effect in Irish law by section 54 of the 2018 Act,313 which provides that: “Subject to compliance with section 42, the processing of special categories of personal data is lawful where such processing is necessary and proportionate for— (a) archiving purposes in the public interest, (b) scientific or historical research purposes, or (c) statistical purposes”. 464. Section 42 of the 2018 Act states that: “(1) Subject to suitable and specificmeasures being taken to safeguard the fundamental rights and freedoms of data subjects, personal data may be processed, in accordance with Article 89, for— (a) archiving purposes in the public interest, (b) scientific or historical research purposes, or (c) statistical purposes. (2) Processing of personal data for the purposes referred to in subsection (1) shall respect the principle of data minimisation. (3) Where the purposes referred to in paragraph (a), (b) or (c) of subsection (1) can be fulfilled by processing which does not permit, or no longer permits, identification of data subjects, the processing of information for such purposes shall be fulfilled in that manner.” Relevant Case Law 465. The CJEU in Rigas Satiksme314 set out ‘three cumulative conditions’ to satisfy the lawfulness of processing under Article 7(f) of Directive 94/46 in the following terms: “first, the pursuit of a legitimate interest by the data controller or by the third party or parties to whom the data is disclosed; second, the need to process personal data for the purposes of the legitimate interests pursued; and third, that the fundamental rights and freedoms of the person concerned by the data protection do not take precedence”.315 Although Article 7(f) refers to the now repealed Data Protection Directive, its provisions are comparable to Article 6(1)(f) of the GDPR and therefore the case law remains relevant for the purposes of interpreting Article 6(1)(f). 313 Article 89 of the GDPR refers to safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes 314 C-13/16 Rigas Satiksme 4 May 2017 315 C-13/16 Rigas Satiksme 4 May 2017, paragraph 28. 466. As affirmed in the DPC’s Guidance Note on Legal Bases for Processing Personal Data: “Controllers who are assessing whether to process data under the legitimate interest legal basis should consider the three elements needed for this legal basis: a) Identifying a legitimate interest which they or a third party pursue; b) Demonstrating that the intended processing of the data subject’s personal data is necessary to achieve the legitimate interest; and c) Balancing the legitimate interest against the data subject’s interests, rights and freedoms”.316 467. In C-524/06 Heinz Huber,317 the CJEU held that the ‘concept of necessity’ must ‘fully reflect the objective of’ the directive.318 468. In Rigas,319 the CJEU held: “As regards the condition relating to the necessity of processing personal data, it should be borne inmind that derogations and limitations in relation to the protection of personal data must apply only in so far as it strictly necessary…’320 469. The DPC in its Guidance on Legal Bases for Processing Personal Data clarifies the ‘Necessity and Legitimate Interests’ further in the following terms: “Once a legitimate interest has been identified, a controller must be able to show that the processing of personal data is actually necessary for the purpose of that interest. The necessity test requires controllers to demonstrate that the processing is a reasonable and proportionate way of achieving their purpose. If a controller can reasonably pursue these interests in another, less intrusive way, legitimate interests will not provide a legal basis for processing. Therefore, when assessing whether processing is necessary for the purpose of pursuing a legitimate interest, controllers should consider whether the processing actually helps to further the identified interest, whether it is a reasonable and proportionate way to do so, and whether there are any less intrusive ways to achieve the same result. In line with the principle of data minimisation, even where processing may seem necessary, controllers should ensure that the amount of data processed and extent of that processing is the minimum amount needed to achieve the stated purpose. As is the case of other legal bases which involve the concept of necessity, the extent of what precisely is ‘necessary’ for the purposes of any legitimate interest will ultimately depend on the circumstances of each case, and will also be relevant to the consideration of the balancing of interests…”.321 316 DPC Guidance Note: Legal Bases for Processing Personal Data, December 2019, page 21. 317 C-524/06 Heinz Huber v Bundesrepublik Deutschland, 18 December 2008. 318 C-524/06 Heinz Huber v Bundesrepublik Deutschland, 18 December 2008, paragraph 52. 319 C-13/16 Rigas Satiksme 4 May 2017 320 C-13/16 Rigas Satiksme 4 May 2017, para 30. 321 DPC Guidance Note: Legal Bases for Processing Personal Data, December 2019, page 23. 470. In relation to the balancing exercise between the legitimate interests of the data controller and the fundamental rights and freedoms of the data subjects, Advocate General Bobek in his Opinion in Rigas stated: “[s]uch an act of balancing must be carried out on a case-by-case basis”…….“[b]alancing is the key to the correct application of Article 7(f). It is that operation that makes Article 7(f) wholly distinctive compared to the other provisions of Article 7”.322 471. The DPC’s Guidance Note provides direction regarding the balancing test that is required: “A balancing test is needed as a controller’s interests will not always align with the interests of the data subject(s). However, where there is a conflict or tension between these interests it is not the case that processing can never take place, but rather the controller can only process the personal data where their interests provide a clear and proportionate justification for the impact on the individual”.323 472. Finally, the DPC Guidance Note sets out that in relation to the principle of accountability under Article 5 of the GDPR: “In line with the principle of accountability, found in Article 5 GDPR, controllers should keep a record of the assessment they undertook to determine whether the legitimate interests were overridden by the interests, rights, or freedoms of the data subject. There is no set way in which controllers have to do this, but it is important that they record their reasoning in some way, to show that an appropriate decision-making process was utilised to justify processing, and that data subject rights and freedoms were sufficiently taken into account. The results of this assessment should also be reviewed if there is a significant change in the nature or context of the processing operation”.324 Background 473. The DPC acknowledges that the Archbishop is of the view that he is not a controller or a joint controller of the personal data and special category personal data contained in the parish Baptism Registers and that the parish priest is the controller of the parish Baptism Registers. As such, the submissions made by the Archbishop with respect to the lawful bases for processing, relate to what the Archbishop states are the legal bases relied upon by the parish priests for such processing of the parish Baptism Registers and the Archbishop’s legal basis for processing the Baptism Registers held in the Chancellery325 (save for the Clonliffe College Registers, which the Archbishop has submitted are held in the Chancellery but not on behalf of the Archbishop, according to his submissions).326 322 C-13/16, Opinion of Advocate General Bobek delivered on 26 January 2017, Valsts policijas Rīgas reģiona pārvaldes Kārtības policijas at paras 67 & 68 respectively. 323 DPC Guidance Note: Legal Bases for Processing Personal Data, December 2019, page 24. 324 DPC Guidance Note: Legal Bases for Processing Personal Data, December 2019, page 24. 325 See section 1.4 of the letter from Mason Hayes Curran on behalf of the Archbishop, accompanying the 16 March 2020 Submission. 326 Submissions dated 23 July 2021, page 3. For Determination: Processing Issues: In relation to the processing of personal data and special category personal data of data subjects who no longer wish to have their personal data recorded in any Baptism Register. 474. In his submissions to the DPC, the Archbishop stated that he and the parish priests rely on the following legal bases for the processing by way of retention of the personal data and special category data contained in the Baptism Registers: • Articles 6(1)(f) of the GDPR, which provides that processing will be lawful where it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject; and • Article 9(2)(d) of the GDPR, which provides that processing of special categories of personal data is permitted where the processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a religious aim and on condition that the processing relates solely to members or to former members of the body of persons who have regular contact with it in connection with its purpose and that the personal data are not disclosed outside that body without the consent of the consent of the data subjects. Archbishop’s Submissions Article 6(1)(f) 475. The Archbishop submitted that the lawful basis of legitimate interests under Article 6(1)(f) of the GDPR is often analysed using a three-stage approach, with reference to the CJEU’s judgment in case C-13/16 Rigas Satiksme,327 namely: a) identifying a legitimate interest which a controller or a third party pursues; b) demonstrating that the intended processing of the data subject’s personal data is necessary to achieve the legitimate interest; and c) balancing the legitimate interest against the data subject’s interests, rights, and freedoms. The Archbishop submitted that the processing in question with respect to this legal basis is the “maintenance of the name of the data subject on a register of baptised persons”.328 Identifying a legitimate interest 476. With respect to the first of these criteria, the Archbishop identified the legitimate interests pursued in the processing of the personal data contained in the Baptism Registers. The Archbishop noted at the outset that with respect to an appropriate legitimate interest “a wide range of interests may be covered, including commercial interests, individual interests and broader societal benefits”.329 327 C-13/16 Rigas Satiksme ECLI:EU:C:2017:336, paragraphs 28-31. 328 Submissions dated 16 March 2020, page 44. 329 Submissions dated 16 March 2020, pages 33-34. 477. The Archbishop firstly submitted that the parish priests of the Archdiocese of Dublin “have a legitimate interest in preserving the information contained in Parish registers, because such registers (baptism, confirmation and marriage in particular) consist of a record of the administration of certain sacraments in the Church. The Archbishop also has a legitimate interest in preserving the information contained in the records held in the Chancellery Office”.330 478. The Archbishop also submitted, “The Roman Catholic Church sees baptism as the first and basic sacrament of Christian initiation. It is important to note that baptism can only be received once. As such, it is essential that the Roman Catholic Church maintain a record of all those persons who have been baptised”.331 479. Similarly, the Archbishop noted that the sacrament of confirmation may only be received once, and that a marriage between baptised people, validly entered into, cannot be dissolved. As such, “a careful record is made of the administration of the sacraments of baptism, confirmation, matrimony and Holy Orders, as, from the perspective of Church teaching, these sacraments can only be administered once. Insofar as these sacraments are concerned, the Roman Catholic Church has a particular interest in maintaining an accurate record on a permanent basis”332. Certain other sacraments may be administered a number of times, such as the Eucharist, and as such there is no necessity to keep a register. 480. Secondly, the Archbishop submitted that: “[...] the baptism register is of particular importance as it is considered to be the “gateway” to all of the records of a person’s life within the Catholic Church. The baptism register includes a space for notations of future sacraments, namely confirmation, and/or marriage/Holy Orders. In order to receive the sacraments of confirmation and marriage/Holy Orders, reference is alwaysmade to the entries made in the baptism register to establish (1) that the person has been baptised and (2) there is no impediment to receiving the proposed sacrament, eg it would not be possible for a man who had received the sacrament of marriage then to receive the sacrament of Holy Orders. It is also important to note that the registers are not considered to be a list of members of the Catholic Church. It is entirely possible and, indeed, perhaps common, that a person who has received the sacrament of baptism is no longer a practising Catholic or no longer considers themselves to be a member of the Catholic Church. […] However, the baptism register at all times remains the reference point from which any other Parish throughout the world can ascertain whether a person has received any of the other sacraments. This information is critical in terms of certain key beliefs in the Catholic faith, i.e. that a person can only receive the sacraments of baptism, confirmation, marriage or Holy Orders once”.333 330 Submissions dated 16 March 2020, page 34. 331 Submissions dated 16 March 2020, page 34. 332 Submissions dated 16 March 2020, pages 34-35. 333 Submissions dated 16 March 2020, page 35. 481. The Archbishop also noted the case study included in the Data Protection Commissioner’s Annual Report 2003. In the case study, the Commissioner had concluded that a parish priest was entitled to refuse a request by a data subject to have their name removed from a parish Baptism Register, stating “it is my understanding that the data could not be deleted from the Register as it is essential for the administration of Church affairs to maintain a register of all the people who have been baptised. Indeed it is of course a factual record of an event that happened”.334 482. The Archbishop noted that the legitimate interests he had outlined (i) that it is necessary for the administration of the Church to keep a record of the sacraments received by individuals; and (ii) to ensure that certain sacraments are not administered more than once are underpinned by fundamental rights and protections under the Irish Constitution and the Charter which among other things, protect the right of religious denominations tomanage their own affairs.335 483. The Archbishop also noted that Recital 4 of the GDPR “respects the principles enshrined in the Charter, particularly relating to the protection of conscience and religion”336 and referred to Recital 165 of the GDPR which states that “[t]his Regulation respects and does not prejudice the status under existing constitutional law of churches and religious associations or communities in theMember States, as recognised in Article 17 TFEU”. As such, the Archbishop also submitted, “data protection law should be interpreted, insofar as possible to respect the fundamental freedoms of religious organisations”.337 Processing is necessary to achieve the legitimate interest(s) 484. The Archbishop submitted that the processing is necessary, as “complete and accurate records of all persons who have been baptised must be maintained because it must be possible to operate a rule that baptism may only be administered once. In the absence of such a record, it would be impossible to operate this rule, and thus a core aspect of the freedom of religious practice would be interfered with”.338 The Archbishop also submitted that: “[t]he only way to maintain such a record is to retain the names of all persons who have been baptised. There is no other way that the data controller could reasonably pursue this end. The legitimate interests in maintaining baptismal records cannot be achieved by any other means and thus the means – the maintaining of the original record – are the least intrusive method possible, and are necessary for the purposes of the legitimate interests”.339 334 DPC Annual Report 2003, Case Study 8, page 37. 335 Bunreacht na hÉireann, Articles 44.2.1, 44.2.5; Charter of Fundamental Rights, Article 22. 336 Submissions dated 16 March 2020, page 36. 337 Submissions dated 16 March 2020, page 38. 338 Submissions dated 16 March 2020, page 42. 339 Submissions dated 16 March 2020, page 42. 485. The Archbishop also referred to the CJEU judgment in C-13/16 Rigas Satiksme,which considered the concept of necessity in this context and theminimum personal data thatwould be necessary to process in order to give effect to the legitimate interest. The Archbishop stated that in respect of the Baptism Registers, “the processing in question involves the minimum amount of personal data necessary to achieve the end, ie, the name of the data subject and the date of baptism”.340 486. When questioned by the DPC as to how the parish or the Archdiocese verifies the sacramental status of a person (in particular the baptismal status) in circumstances where Baptism Registers have been irreparably damaged, the Archbishop responded that: “ The Chancellery on behalf of the Parish, would first obtain objective evidence from the Bishop of the Diocese where the fire/flood occurred, that this in fact happened. Following that, the Chancellery would obtain statements from the godparents, being the official witnesses, regarding the fact of baptism and the approximate date of the event. Failing that, it would obtain a sworn statement from the parents/siblings/other relations present on the day, regarding similar details. The person may also be in possession of photographic evidence of the day. It may happen that the parents had an old certificate received at the time of the baptism, which in the circumstances, would also suffice”.341 487. The Archbishop also responded that in circumstances where a person wishes to undertake a sacrament but the parish or the Archdiocese is unable to verify the sacramental status of that person: “ the individual is invited to search the neighbouring parishes in the vicinity of the place of residence of his parents upon his/her birth. Inmany cases, the Chancellery undertakes this task on behalf of the individual. When the Archdiocese, after an extensive enquiry, fails to determine in any way that baptism has occurred, the person in that event will be conditionally baptised in accordance with Canon 869 of the Code of Canon Law”.342 Balancing the legitimate interest(s) 488. The final criteria for establishing whether a controller may rely on Article 6(1)(f) of the GDPR as a lawful basis for processing is a balancing exercise between the legitimate interests being pursued on the one hand and the interests or fundamental rights and freedoms of the data subject on the other. 340 Submission dated 16 March 2020, page 43. 341 Submission dated 23 July 2021, page 5. 342 Submission dated 23 July 2021, page 5. 489. In this regard, the Archbishop referred to the Article 29 Working Party Opinion 06/2014, in particular its statement that “important and compelling legitimate interests may in some cases and subject to safeguards and measures justify even significant intrusion into privacy or other significant impact on the interests or rights of the data subjects”.343 The Archbishop also noted the emphasis the Working Party gave to the role of safeguards in conducting a legitimate interests balancing exercise. 490. The Archbishop submitted that the legitimate interests pursued with respect to the Baptism Registers are “undoubtedly serious ones”. The Archbishop submitted that “[w]ithout a complete baptism register the Catholic Church would be unable to operate a key tenet of its faith, the rule that a person may only be baptised once”.344 However, the Archbishop asserted: “the content of the entry on the register does not signify that the data subject is a current member of the Roman Catholic Church but rather signifies the fact that the person was, at one point in the past, baptised as a Catholic. As such, the Archbishop submits that, if this is an infringement of the data subject’s rights and freedoms, it is a very minimal one. If it does constitute such an infringement, important safeguards are in place to protect the fundamental rights of the data subject and to ensure that this processing is a proportionate limitation of the data subject’s rights and freedoms”.345 491. The Archbishop set out the safeguards that have been put in place, which are as follows: • The Baptism Register is “private and secure” and subject to “strict rules of confidentiality”; and • A de facto defection register is maintained in the Archdiocese to “address any concern that the data subject might have that the register would be regarded as a record of current membership”. This “mitigates against any concern that a data subject may have in respect of the register being assumed to provide a record of their present-day religious status and beliefs”. The Archbishop also noted that while “this register is maintained by a different data controller (the Archbishop rather than the Parish Priest) it is a relevant factual safeguard which vindicates the data subject’s rights”.346 492. As a further safeguard the Archbishop noted that, although this is not the current practice of the parishes in the Archdiocese, the Archbishop “could recommend to Parish Priests that it would be permissible to adopt a practice whereby the register could be annotated as follows: “No longer wishes to be identified as a Roman Catholic”.347 493. On that basis, the Archbishop argued that when the “minor interest of the data subject is balanced against the significant countervailing interests at play and the important safeguards in place, it is clear that the legitimate interests test is satisfied”.348 343 Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, page 30. 344 Submissions dated 16 March 2020, page 44. 345 Submissions dated 16 March 2020, page 44. 346 Submissions dated 16 March 2020, page 44. 347 Submissions dated 16 March 2020, page 44. 348 Submissions dated 16 March 2020, page 44. 494. Further, the Archbishop referred to Recital 47 of the GDPR, which states, “[t]he interests and fundamental rights of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects do not reasonably expect further processing”. In considering whether it would be the reasonable expectation of a data subject that their personal data be processed in this manner, the Archbishop stated that: “Persons who have been baptised Catholic are usually aware of the fact, and likely too to be aware of the fact that a permanent record is made of the baptism. [The Archbishop] submits that it is widely known that details of baptisms are recorded in Parish registers. Baptismal records are often, for example, sought by those carrying out genealogical research. There is no factor that would lead a baptised person to believe that no permanent record existed. If a person is concerned about the permanent nature of the record, they may seek to be listed on the de facto defection register”.349 495. The Archbishop also submitted, “to the extent that the processing entails the processing of the personal data of children, it is important to note that baptism of a child is usually only permitted with the consent of both parents”.350 496. Finally, the Archbishop noted that, “it should be observed that the balancing analysis depends on the particular circumstances of the case at hand. The unique purpose and context of baptism registers should, for this reason, be given special attention”.351 349 Submissions dated 16 March 2020, page 45. 350 Submissions dated 16 March 2020, page 45. 351 Submissions dated 16 March 2020, page 45. Article 9(2)(d) – activities of a foundation, association or any other not-for-profit body with a religious aim 497. The Archbishop submitted that, in his view, the following processing activities in respect of the Baptism Registers would rely on Article 9(2)(d) as their legal basis: i. Collection and recording of data for the purposes of recording the baptism; ii. Storage of the Baptism Register; iii. Alteration of the Baptism Register on request of the baptised person or his/her parents (where the baptised person is a minor), or annotation with details of a person’s confirmation, marriage/annulment and ordination/laicisation (or adoption);352 iv. Retrieval, consultation and use of the register, at the request of the baptised person (or his/her parents) for the administration of other Sacraments, namely Confirmation, Marriage and Holy Orders. The Baptism Register may also be consulted in the context of annulments of marriages or laicisation of priests; and v. Disclosure of extracts (baptismal certificates) from the register by transmission upon request to individual, identified baptised persons, or authorised persons acting on their behalf, or upon inspection by [the Archbishop] on the occasion of a Parish Visitation.353 498. The Archbishop noted that he could not “provide definitive information regarding any processing activities which may or may not be undertaken by Parish Priests (who are the data controllers)”. The Archbishop further noted, “where a person no longer wishes to be identified as a member of the Catholic Church, the only processing activity likely to continue is the storage of the baptism register”. Further, “the entry in respect of that personmay be retrieved, consulted and disclosed in rare circumstances where the person concerned or his/her spouse has requested an annulment” or where the person concerned is a priest and wishes to be laicised.354 499. The Archbishop submitted that the conditions of Article 9(2)(d) of the GDPR are fulfilled by the processing in question, “in that the personal data contained in the baptism registers are processed in accordance with the legitimate activities of the Catholic Church, the data relates solely to members or former members of the Catholic Church, or to persons who have regular contact with it, and those personal data are not disclosed outside that body without the consent of the data subjects”.355 500. The Archbishop also stated that in respect of membership of the Catholic Church, “[w]hile the Roman Catholic Church does notmaintain a register ofmembers – as discussed elsewhere in this submission – it is correct to say that at the point of baptism, the baptised person is properly considered a member of the Catholic Church. As such, all baptism records relate to either members or formermembers”.356 The Archbishop also noted that Article 9(2)(d) includes former members of the body. 352 Up to 2011. 353 Submission dated 6 September 2021, page 2. 354 Submission dated 6 September 2021, pages 2-3. 355 Submissions dated 16 March 2020, page 38. 356 Submissions dated 16 March 2020, page 38. 501. When requested to outline the appropriate safeguards put in place for these processing activities as specified by Article 9(2)(d), the Archbishop stated that the Adopted Persons Baptism Register and the Clonliffe College Registers are securely stored in the Chancellery Offices, and that the parish Baptism Registers, are normally securely kept and “accessible only by the pastor and authorised Parish personnel”.357 The Archbishop submitted, “The Parish Priest is to take care that the baptism registers do not fall into unauthorised hands. The Diocesan Bishop or his delegate is to inspect the archive at the time of the visitation. Older parochial registers are also to be carefully safeguarded, in accordance with the provisions of particular law”.358 502. The Archbishop referred to section 2.11 of the Administrative Regulations, which provides that “Catholic Parish church records are private records and the public do not have an automatic right of access to them. The Parish Priest is custodian of the registers but the Archbishop dictates policy with regard to access”.359 The Archbishop also noted in section 2.11 that “[f]or entries over 100 years old, third parties may request access to specific information contained in the register”.360 For Determination - Further processing: In relation to any further processing of personal data and special category personal data of data subjects who no longer wish to have their personal data recorded in the Baptism Registers Article 9(2)(j) – Archiving purposes in the public interest, scientific or historical research purposes: 503. The Archbishop submitted that Article 6(1)(f) of the GDPR, is the legal basis upon which the parish priests and the Archbishop rely for processing personal data contained in the Baptism Registers, including further processing. 504. The Archbishop submitted that in respect of any further processing of the special category personal data contained in the Baptism Registers, he also relied on Article 9(2)(j) of the GDPR, which provides that processing of special categories of personal data is permitted where the processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject. 505. According to the Diocesan Archives’ Guidelines to Family History Research, “[d]irect access to parish registers is not permitted” and “[i]nformation from Parish Registers is only accessible up to and including 1920”.361 357 Submissions dated 16 March 2020, page 29. 358 Submissions dated 16 March 2020, page 29. 359 Submissions dated 16 March 2020, page 30. Submissions dated 15 October 2020, Schedule of Documents, Administrative Regulations, October 2017, section E1 (page 167 of the PDF submission). 360 Submissions dated 16 March 2020, page 31. 361 See https://dublindiocese.ie/wp-content/uploads/2021/10/Family-History-1.docx 506. The Archbishop submitted that, in his view, the following processing activities in respect of the Baptism Registers would rely on Article 9(2)(j) as their legal basis: I. Collection and recording of data for the purposes of recording the baptism; II. Alteration of the Baptism Registers on request of the baptised person or his/her parents (where the baptised person is aminor), or annotationwith details of a person’s confirmation, marriage/annulment and ordination/laicisation; and III. Storage of the Baptism Registers.362 507. The Archbishop submitted: “The baptism register is an important historical record, providing an invaluable record for social historians, sociologists, anthropologists, various academic researchers and genealogists. In this regard, the baptismal register states a historical fact at a point in time”.363 508. The Archbishop submitted that the GDPR allows for a number of exemptions in favour of archiving in the public interest or for historical research purposes and that the Archbishop “relies on these provisions as a legal basis for the maintenance of the baptism registers, further or in addition to the grounds set out above. The baptism registers form an important part of the Church’s wider role in maintaining records and archives”.364 509. For instance, the Diocesan Archives hold a register from St Michan’s Church, Halston Street, Dublin dating from 1726.365 Themajority of the registers in the Diocesan archives date from the nineteenth century. Certain of these registers from the 1850s are pro-forma registers, customised with detailed columns and headings unlike earlier versions. Individual Baptism Registers will generally contain entries going back a number of years. 510. The Archbishop also referred to Pontifical Commission for the Cultural Patrimony of the Church circular letter dated 2 February 1997 in which it considered the pastoral function of Church Archives. The Archbishop also noted the following passage from the article “Protection of Personal Data and Apostasy: Comparative Law Considerations”: “Baptismal registers are thus reliable records of the historic event of having been baptized and not a file, recording members who join and leave the Church”.366 362 Submissions dated 6 September 2021, page 3. 363 Letter from Mason Hayes Curran on behalf of the Archbishop to the DPC dated 16 March 2020 enclosing 16 March 2020 Submission, page 4. 364 Submissions dated 16 March 2020, page 39. 365 Submissions dated 16 March 2020, page 40. 366 ‘Protection of Personal Data and Apostasy: Comparative Law Considerations’ Montserrat Gas-Aixandri, (2015) 57 Oxford Journal of Church and State, pp. 72-89, page 4. 511. The Archbishop submitted that the purposes for processing the Baptism Registers is necessary for historical research purposes and for archiving purposes in the public interest. Regarding the latter, the Archbishop stated that he considers “that the registers maintained are a form of archiving, and that such can be considered as being in the public interest (notwithstanding the protections and limitations for the purposes of confidentiality etc which apply)”.367 512. The Archbishop referred to Recital 158 and stated, “we note that Recital 158 refers to ‘services’ which have a ‘legal obligation’ in respect of preservation etc. However, it is not apparent that this Recital was intended to limit the ambit of Article 17(3)(d). Indeed, a ‘legal obligation’ is expressly referenced in Article 17(3)(b) but not in Article 17(3)(d). Moreover, a legal obligation in this respect need not be limited to a statutory obligation, as Recital 41 makes clear”.368 513. The Archbishop further submitted: “there is no distinction to be made in respect of respect of [sic] processing necessary for archiving purposes in the public interest and processing necessary for historical purposes”.369 The Archbishop also provided the DPC with two reports outlining the value of the Baptism Registers for historical research and for archiving purposes in the public interest.370 514. The Archbishop relied on these reports to demonstrate the “public interest” element required for “archiving purposes in the public interest” and referred to in Recital 158. In respect of the “legal obligation” element referred to in Recital 158, the Archbishop submitted that this need not be limited to a statutory obligation, stating, “the canon law obligations on parish priests to preserve baptismal and other registers are set out in the Code of Canon Law”.371 515. The Archbishop also referred again to Article 44.2.5° of the Irish Constitution which provides that every religious denomination shall have the right to manage its own affairs, own, acquire and administer property, movable and immovable, and maintain institutions for religious or charitable purposes, in addition to the Charter rights, such as Article 10 which enshrines the freedom of religion, and Recital 4 of the GDPR.372 516. In respect of the principle of data minimisation, the Archbishop submitted that in relation to the register of baptism for persons who are adopted, “only the minimal information is retained for the purpose for which it is collected”. In respect of the parish Baptism Registers, the Archbishop submitted, “Parish Priests, as a matter of canon law, have no discretion regarding the informationwhich is required to be required [sic] in baptismal registers,which is in any event, minimal”.373 367 Submissions dated 16 March 2020, page 45. 368 Submissions dated 16 March, pages 45-46. 369 Submissions dated 15 October 2020, page 30. 370 ‘Value of Church Registers for Archiving Purposes in the Public Interest’ dated 14 October 2020 by John McDonough and ‘Baptismal Registers and Historical Research’ dated 14 October 2020 by Professor John McCafferty. 371 Submissions dated 15 October 2020, page 31. 372 Submissions dated 15 October 2020, page 31. 373 Submissions dated 15 October 2020, page 32. 517. The Archbishop also stated that retention of the Baptism Registers is necessary for historical research purposes and archiving purposes as, “absent such retention, there can be no guarantee that such records, and the information therein, will be available in the future.” The Archbishop referred to the letter dated 17 April 2019 from the Chairman of the National Library to the then Chancellor stating that “[t]he National Library of Ireland acknowledges and endorses the importance of the long-term preservation of records, such as church records, which are likely to be of historical research value. As you noted, the National Library has made digital copies of historical Catholic Parish records, specifically those over 100 years old, publicly available online. This has received a very positive response both from Irish citizens and the Diaspora as they are an important source for Irish family history research”.374 518. The Archbishop also noted that baptism certificates are “often used for persons seeking to establish Irish citizenship through antecedents (usually grandparents), in the absence of State records due to the fire in the Customs House in 1921, or prior to the creation of State records”.375 519. In respect of the application of the transparency principle (Article 5(1)(a) of the GDPR) to processing undertaken for the purpose of archiving in the public interest and historical research purposes, the Archbishop submitted that information regarding records held in the Diocesan Archives is available publically online376 and that it “is amatter for individual Parishes to address the transparency principle in respect of the registers held by them and which are subject to the GDPR”. In respect to the Adopted Persons Baptism Register, “the Parish of baptism will direct adopted persons applying for baptismal certificates to the Chancellery”.377 520. When requested to outline the suitable and specific measures put in place for these processing activities as specified by Article 9(2)(j) and Article 89(1), the Archbishop again referred to his previous submissions, which are as set out above. The Archbishop also noted that section 36(1)(d) of the 2018 Act states that suitable and specific measures may include “specific targeted training for those involved in processing operations”. In this regard, the Archbishop noted that he “organises data protection training days for Parish Priests and members of the parish administrative teams. It is also open to Parish Priests to organise their own training in respect of data protection matters”.378 Legal Analysis of the processing of the processing of personal data and special category personal data. First Issue for Determination whether the Archbishop may rely on legitimate interests for the processing of the Baptism Registers, in accordance with Article 6(1)(f) of the GDPR, in circumstances where the processing is necessary for the purposes of the legitimate interests pursued by the Archbishop. 374 As provided to the DPC with the 16 March 2020 submission. 375 Submissions dated 16 March 2020, page 46. 376See https://www.dublindiocese.ie/archives/ and https://www.dublindiocese.ie/guidelines-for-family-history-research/. 377 Submissions dated 15 October 2020, page 33. 378 Submissions dated 23 July 2021, page 7. 521. The first issue for determination is in relation to the processing of personal data and special category personal data of data subjects who no longer wish to have their personal data recorded in any Baptism Registers. 522. The Archbishop has submitted that the personal data of individuals who no longer wish to have their personal data recorded in Baptism Registers is processed lawfully on the basis of Article 6(1)(f) of the GDPR, which states that “[p]rocessing shall be lawful only if […] processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child”. 523. I have also considered, when assessing whether this legal basis may lawfully be relied upon by the Archbishop, recital 47 which states the following: “The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller. Such legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller. At any rate the existence of a legitimate interest would need careful assessment including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place. The interests and fundamental rights of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects do not reasonably expect further processing. Given that it is for the legislator to provide by law for the legal basis for public authorities to process personal data, that legal basis should not apply to the processing by public authorities in the performance of their tasks. The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest” (emphasis added). 524. I accept that the lawful reliance on the legal basis of legitimate interest is to be assessed based on three essential conditions, based on Article 6(1)(f) of the GDPR and those set out by the CJEU in case C-13/16 Rigas Satiksme:379 • identifying a legitimate interest which the controller or a third party pursues; • demonstrating that the intended processing of the data subject’s personal data is necessary to achieve the legitimate interest identified; and • on balancing the legitimate interest against the data subject’s interests, rights, and freedoms, the legitimate interest is not outweighed by the data subject’s interests, rights, and freedoms. 379 C-13/16 Rigas Satiksme, paragraph 28. 525. This was further considered by the DPC in its Guidance Note on Legal Bases for Processing Personal data as previously identified. 526. I will now consider each of these conditions in turn, in order to determine, whether the Archbishop may lawfully process data subjects’ personal data contained in the Baptism Registers, in circumstances where the data subjects no longer wish their personal data to be recorded in the Baptism Registers, based on the legal basis of Article 6(1)(f) of the GDPR. Identifying a Legitimate Interest 527. In order to rely on the legal basis under Article 6(1)(f) of the GDPR, a controller is required to identify a legitimate interest that is being pursued, pertaining either to itself or to a third party. Generally, a legitimate interest can be cover a wide range of situations, however it must be sufficiently articulated to allow a balancing test to be carried out against the interest and fundamental rights of the data subject.380 A legitimate interest may arise, according to recital 47, where there is a “relevant and appropriate relationship” between the data subject and the controller. 528. In his submissions, the Archbishop identified the legitimate interests for processing the personal data contained in the Baptism Registers. Firstly, he submitted: “ First, the Parish Priests of the Archdiocese of Dublin have a legitimate interest in preserving the information contained in Parish registers, because such registers (baptism, confirmation and marriage in particular) consist of a record of the administration of certain sacraments in the Church. The Archbishop also has a legitimate interest in preserving the information contained in the records held in the Chancellery Office”.381 529. The Archbishop also stated that the Roman Catholic Church “sees baptism as the first and basic sacrament of Christian initiation” which “can only be received once”. As such, “it is essential that the Roman Catholic Church maintain a record of all those persons who have been baptised”382. Therefore “a careful record is made of the administration of the sacraments of baptism, confirmation, matrimony and Holy Orders, as, from the perspective of Church teaching, these sacraments can only be administered once”. The Archbishop submitted that the Roman Catholic Church has “a particular interest in maintaining an accurate record on a permanent basis”.383 530. Secondly, the Archbishop submitted that the Baptism Register entries are used to check the sacramental status of a person prior to receiving another sacrament: “ In order to receive the sacraments of confirmation and marriage/Holy Orders, reference is alwaysmade to the entries made in the baptism register to establish (1) that the person has been baptised and (2) there is no impediment to receiving the proposed sacrament, eg it would not be possible for a man who had received the sacrament of marriage then to receive the sacrament of Holy Orders.” 380 Article 29 Working Party Opinion 06/2014 on the notion of legitimate interests of the data controller, section III.3.1. 381 Submissions dated 16 March 2020, page 34. 382 Submissions dated 16 March 2020, page 34. 383 Submissions dated 16 March 2020, pages 34-35. 531. Although the Baptism Register is not a list of members of the Catholic Church, the Archbishop submitted that it did act as a “reference point for which any other parish throughout the world can ascertain whether a person has received any of the other sacraments”. The Archbishop noted that “[t]his information is critical in terms of certain key beliefs in the Catholic faith, ie that a person can only receive the sacraments of baptism, confirmation,marriage or Holy Orders once” and that the Baptism Register acted as “a ‘gateway’ to all the records of a person’s life within the Catholic Church”.384 532. The Archbishop has also submitted that the DPC in its Annual Report of 2003 recognised the importance of the Baptism Register in case study 8, stating that it was “essential for the administration of Church affairs to maintain a registers of all the people who have been baptised”. 533. Further, the Archbishop noted that the legitimate interests outlined; (i) that it is necessary for the administration of the Church to keep a record of the sacraments, in particular baptism, received by individuals; and (ii) to ensure that certain sacraments are not administered more than once are underpinned by fundamental rights and protections under the Irish Constitution and the Charter, which among other things, protect the right of religious denominations to manage their own affairs.385 534. I accept that the interests pursued by the Archbishop in this regard are central to the proper functioning of key aspects of the Roman Catholic faith in Ireland. 535. However, I must also consider, when assessing whether a legitimate interest arises, the guidance provided by recital 47 of the GDPR. Recital 47 firstly states, “[s]uch legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller”. In the context of personal data of a data subject being recorded in Baptism Registers, I accept that such a relevant relationship arises between a data subject who has undergone certain sacraments in the Catholic Church (whether they consider themselves to be a member of the Catholic Church or not) and the Archbishop as a representative of that Church in his Archdiocese with responsibility for the proper governance of that Archdiocese. 536. Recital 47 secondly notes, “the existence of a legitimate interest would need careful assessment including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that the processing for that purpose may take place”. In the context of the recording and retention of the details of a baptism in the Baptism Registers, I am of the view that a data subject could reasonably expect the personal data to be processed for the purposes of ensuring that the data subject has been baptised and to ensure that there is no impediment to that data subject receiving a further sacrament, such as confirmation or marriage. 384 Submissions dated 16 March 2020, page 35. 385 Bunreacht na hÉireann, Articles 44.2.1, 44.2.5; Charter of Fundamental Rights Articles 22. 537. I am of the view, that it would be reasonably known among persons who have been baptised in Irish society, whether such a person actively continues to practice the Catholic faith or not, that certain sacraments may only be received once in the Catholic Church and that a record is kept of certain sacraments by the Catholic Church. 538. Further, I note the CJEU in case C-708/18 Asociaţia de Proprietari blocM5A-ScaraA386 held that a legitimate interest (in that case under Article 7(f) of Directive 95/46) pursued by a controller or by a third partymust be “present and effective as at the date of the data processing andmust not be hypothetical at that date”.387 539. In consideration of this requirement laid down by the CJEU, I am of the view that the legitimate interests pursued by the Archbishop are not hypothetical in nature, and the Archbishop has provided evidence of the process which is undertaken to verify the sacramental status of a data subject, often prior to that data subject receiving another sacrament such as that of marriage. The DPC considers that the legitimate interests asserted by the Archbishop are “present and effective” in nature during the lifetime of the data subjects whose personal data are recorded in the Baptism Registers for that reason. 540. Therefore, I am of the view that the interests submitted by the Archbishop to be legitimate interests within themeaning of Article 6(1)(f) of the GDPR are legitimate and I accept that these legitimate interests allow for the proper administration of certain sacraments of the Catholic Church and are central to the Roman Catholic faith, are sufficiently articulated and are real and present. Necessity of processing to achieve the legitimate interests 541. I must now turn to consider the second condition required in order to rely on Article 6(1)(f) to establish lawfulness of processing: that the processing of the personal data is necessary in order to achieve the legitimate interests pursued. 542. Under EU law, necessity has its own independent meaning and must be interpreted to fully reflect the objectives of data protection law, as set out in case C-524/06 Heinz Huber v Bundesrepublik Deutschland (‘Heinz Huber’),388 being the protection of the fundamental rights and freedoms of natural persons and their right to privacy with respect to the processing of personal data.389 543. I note that, in accordance with the CJEU’s judgment in C-13/16, Rigas Satiksme, a controller is required to demonstrate that the data processing does not go beyond what is “strictly necessary” for the purposes of processing.390 This requires that the Archbishop demonstrates that the processing is a reasonable and proportionate way of achieving the legitimate interests. 386 C-708/18 Asociaţia de Proprietari bloc M5A-ScaraA ECLI:EU:C:2019:1064. 387 C-708/18 Asociaţia de Proprietari bloc M5A-ScaraA, paragraph 44. 388 C-524/06 Heinz Huber, paragraph 52. 389 C-524/06 Heinz Huber refers to Article 1(1) of Directive 95/46 in paragraph 52. The equivalent provision under the GDPR is Article 1(2). 390 C-13/16, Rigas Satiksme, paragraph 30. 544. Should there be a less intrusive way to achieve the same interests, then in general, it cannot be said that the processing is necessary to achieve those interests. In cases C-92/09 and C-93/09 Scheke, Eifert and Hessen, the CJEU held that, where it was possible to “envisage measures which affect less adversely that fundamental right of natural persons and which still contribute effectively to the objectives” in question, such measures will not comply with the principle of proportionality.391 Finally, I note that in order to be considered necessary processing, no equally effective alternatives to the processing may be available. 545. I note the Archbishop has submitted that the processing of the data is necessary as: “complete and accurate records of all persons who have been baptised must be maintained because it must be possible to operate a rule that baptism may only be administered once. In the absence of such a record, it would be impossible to operate this rule, and thus a core aspect of the freedom of religious practice would be interfered with”.392 546. The Archbishop also submitted that: “[t]he only way to maintain such a record is to retain the names of all persons who have been baptised. There is no other way that the data controller could reasonably pursue this end. The legitimate interests in maintaining baptismal records cannot be achieved by any other means and thus the means – the maintaining of the original record – are the least intrusive method possible, and are necessary for the purposes of the legitimate interests”.393 547. I am in agreement with the Archbishop that the personal data processed in the Baptism Register is generally limited to what is strictly necessary in order to achieve its legitimate interests. I also accept, in accordance with the requirement of data minimisation, that the data in question is the minimum amount required to achieve the legitimate interests. 548. Further, the Archbishop has confirmed that, in instances where a baptismal record does not exist for an individual, the Archbishop may require the individual to provide sworn statements from their godparents or parents confirming that the baptism took place. In other circumstances, where the sacramental status of an individual may not be verified, after an extensive enquiry the individual may be conditionally baptised further to canon 869. 394 391 C-92/09 and C-93/09 Scheke, Eifert and Hessen, ECLI:EU:C:2010:662, paragraph 86. 392 Submissions dated 16 March 2020, page 42. 393 Submissions dated 16 March 2020, page 42. 394 Submissions dated 23 July 2021, page 5. 549. Although these are alternative measures to achieving the legitimate interests set out by the Archbishop, I consider that these could not be equally effective alternatives to the processing undertaken by recording and retaining personal data in the Baptism Registers. Given the importance of the principle in the Catholic Church that certain sacraments may only be administered once, the reliance on statements of godparents and other witnesses instead of the official record of the Church (or indeed conditionally baptising a person without any verification as to whether they have been previously baptised), does not provide the certainty and effectiveness of the recording of Baptism Registers and is clearly only suited to exceptional occasions. 550. As such, I am satisfied that the Archbishop has demonstrated that the processing of the data subject’s personal data is necessary to achieve the legitimate interests outlined. Balancing the legitimate interests against the interests or fundamental rights and freedoms of the data subject 551. Finally, I must consider whether the legitimate interests pursued by the Archbishop are not overridden by the interests, rights or fundamental freedoms of the data subjects. When undertaking this assessment a number of considerations need to be taken into account. Moreover, those interestsmust be present and effective at the date of the data processing and must not be hypothetical in nature.395 Impact of the processing 552. I note that an important consideration to take into account is the consequences for the individual by the processing of their personal data in Baptism Registers.396 The purpose is not to prevent any negative impact on the data subject, but to prevent a disproportionate impact.397 Such impact encompasses the different ways in which an individual may be affected - positively or negatively - by the processing, and should address any possible (potential or actual) positive and negative consequences of such processing.398 553. Although the Baptism Register does not act as a list of member of the Catholic Church, the Archbishop has submitted that at the point of baptism, “the baptised person is properly considered a member of the Catholic Church”.399 For various reasons, data subjects may no longer wish to be considered members of the Catholic Church. Further, I note that since 2010, a change was made to Canon law, which resulted in a data subject being unable to defect formally from the Catholic Church.400 The nature of the personal data 395 C-708/18, Asociaţia de Proprietari bloc M5A-ScaraA 11 December 2019, paragraph 44 396 See WP Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, assessing the impact of processing, page 37. 397 WP29 Opinion 06/2014 on the notion of legitimate interests, page 41 398 WP29 Opinion 06/2014 on the notion of legitimate interests, page 37 399 Submissions dated 16 March 2020, page 38. 400 Submissions dated 16 March 2020, page 21. 554. The CJEU has clarified that “account must be taken, inter alia, of the nature of the personal data at issue, in particular of the potentially sensitive nature of those data, and of the nature and specific methods of processing the data at issue, in particular of the number of persons having access to those data and the methods of accessing them”.401 555. I note that, pursuant to Article 9(1) of the GDPR, the personal data recorded in the Baptism Registers is also considered to be special category personal data as it reveals a religious belief. Special category data is considered more sensitive than other types of personal data and warrants special protection and consideration. In addition, the personal data recorded in the Baptism Records also concerns the personal data and special category data of children, who, under Recital 38 of the GDPR ‘merit specific protection’, this being within the backdrop of parental consent being obtained at the time of the baptismal event. 556. Further, I note that the processing of the personal data in the Baptism Registers is not intensive (though it is long in duration); the personal data collected and recorded is not extensive and consists of no more than is strictly necessary than what is required to pursue the legitimate interest. In addition, as outlined prior, there are strict rules on who can access this data and it is limited to select individuals.402 Reasonable expectations of the data subject 557. When balancing the interests, rights and fundamental freedoms of the data subject against the legitimate interests pursued by a controller or a third party, consideration for the reasonable expectations of the data subject is required, as set out in recital 47 of the GDPR. The DPC’s views on the reasonable expectations of the data subject were previously set out in this section. 558. The Archbishop in his submissions states that these “legitimate interests” for the purposes of data protection law are underpinned by fundamental rights protections pursuant to Article 44.2.1° and Article 44.2.5° of the Irish Constitution and Articles 10 and 22 the Charter of Fundamental Rights (the ‘Charter’). In particular, the Archbishop notes the right of freedom of religion with the right to self-determination and the right to manage their own affairs being an integral part of that right.403 559. In this regard, the rights of data subjects under data protection law should be read in conjunction with Article 10 of the Charter, which provides for the right to “freedom of thought, conscience and religion”. This includes “the freedom to change religion or belief and freedom, either alone or in community with others and in public or in private, tomanifest religion or belief, in worship, teaching, practice and observance”. This Article reflects also Article 9 of the European Convention of Human Rights (the “ECHR”). The right to freedom of religion includes the corollary of that right, the right not to belong to a religion or to practice it. The right to freedom of religion also protects the right not to manifest or reveal one’s religious beliefs. 401 C-708/18 Asociaţia de Proprietari bloc M5A-ScaraA, paragraph 57. 402 Submissions dated 16 March 2020, page 44. 403 Submissions dated 16 March 2020, pages 36 -38. 560. Article 1(2) of the GDPR provides that the “Regulation protects the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.” The data subjects in the present context have the right to freedom of thought conscience and religion, which ought to be weighed against the Archbishop’s legitimate interests in this instance. In that regard, I note that on the other hand the State also has an obligation to ensure that it does not impede the normal functioning of religious organisations. The Constitution protects the functioning of religious organisations, under Article 44.5 - “[e]very religious denomination shall have the right to manage its own affairs, own, acquire and administer property, movable and immovable, and maintain institutions for religious or charitable purposes”. The DPC must seek to balance the rights of the Catholic Church and the Archbishop against the rights of the data subjects who do not wish to belong to a religious organisation, nor wish to have their data processed by that religious organisation, nor wish to be seen to be manifesting their religious beliefs in a way that allows such a belief to be inferred by the recording and processing of their personal data. 561. Further, Article 12 of the Charter provides for the right to “freedom of association at all levels, in particular in political, trade union and civic matters, which implies the right of everyone to form and to join trade unions for the protection of his or her interests”. This right encompasses the freedom to associate with religious associations. This Article reflects Article 11 of the ECHR. The freedom of association encompasses a freedom of choice as to how an individual may wish to exercise their freedom of association. This includes the right not to join an association and the right to withdraw from an association, which is the corollary to the freedom of association and is essential for the proper exercise of the rights.404 The rights of data subjects whose personal data is recorded in the Baptism Registersmust also be weighed by the DPC against the legitimate interests of the Archbishop in this case. 562. Even in instances where the infringement of the data subject’s interests and/ or rights and fundamental freedoms occur, this does not necessarily mean that the balance falls in favour of the legitimate interests being overridden. In circumstances where there is a clear and proportionate justification for the impact on the data subject’s rights, the processing may still lawfully occur based on the legitimate interests. 563. In case C-131/12 Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD), Mario Costeja Gonzalez (‘Google Spain’)405 the CJEU considered the rights of a data subject who wished to have links to his personal data removed from a search engine against the legitimate interests of the search engine in this case. In this case the held that the application of Article 7(f) (legitimate interests under Directive 95/46) “necessitates a balancing of the opposing rights and interests concerned, in the context of which account must be taken of the significance of the data subject’s rights arising from Articles 7 and 8 of the Charter”.406 404 [See following ECHR cases (Sørensen and Rasmussen v. Denmark [GC], 2006, § 54). (Sigurður A. Sigurjónsson v. Iceland, 1993, § 35; Vörður Ólafsson v. Iceland, 2021, § 45)]] 405 ECLI:EU:C:2014:317. 406 C-131/12 Google Spain, paragraph 74. 564. The CJEU sought to balance the rights of the data subject in that case, even where such rights may be interfered with, against the legitimate interests of third party internet users and considered that such balancing would have to be done on a case-by-case basis and would depend on the nature of the personal data among other things. This was also echoed by the CJEU in C-13/16 Rigas Satiksme, wherein the CJEU stated, “as regards the condition of balancing the opposing rights and interests at issue, it depends in principle on the specific circumstances of the particular case”.407 565. The DPC finds that the Archbishop has an overriding justification for the impact on the data subject’s rights. The Archbishop’s legitimate interests represent the pursuance of central beliefs in the Catholic Church. The DPC recognises that the right to freedom of thought, conscience and religion of the Church must also be taken into account when balancing the rights of the data subjects. As the achievement of the legitimate interests, in this instance, are fundamental to the proper administration of certain sacraments, in particular baptism, in the Catholic Church, the failure of which would impact on the rights of a number of members of the Church, I am of the view that the Archbishop’s legitimate interests are not overridden by the interests, rights and fundamental freedoms of the data subjects, including those who consider themselves no longer members of the Church. The Archbishop has legitimate reasons for the impact on the data subjects’ rights, which stem from the aim of ensuring the proper administration of sacraments as a whole. Safeguards 566. The Article 29 Working Party stated in its opinion on legitimate interests, as submitted by the Archbishop, that “important and compelling legitimate interests may in some cases and subject to safeguards and measures justify even significant intrusion into privacy or other significant impact on the interests or rights of the data subjects”.408 It is accepted that adequate and sufficient safeguards can significantly reduce the impact on data subjects. I note that the Archbishop has pointed to a number of safeguards that are in place, such as the fact that the Baptism Registers are kept private and secure and subject to strict rules of confidentiality, only accessible by a very small number of authorised individuals. Further, the Archbishop has submitted that a de facto defection register is kept in order to allow those who no longer wish to have an association with the Church to have this view recorded. The Archbishop has also offered to direct the parish priests to include an annotation on the Baptism Register stated that an individual “No longer wishes to be identified as Roman Catholic”, though this is not the current practice of the Archdiocese.409 567. I am of the view that these safeguards reduce the impact on the data subject’s rights. I am of the view that an annotation on the Baptism Register itself, clearly indicating the wishes of the data subject on the baptism entry would be an appropriate method of safeguarding the data subject’s rights. 407 C-13/16 Rigas Satiksme, paragraph 31. 408 Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC, page 30. 409 Submissions dated 16 March 2020, page 44. 568. It is my view that in pursuing his legitimate interests, the Archbishop is infringing the rights and freedoms of data subjects. In such instances, a fair balance must be struck between these competing rights and interests. The DPC considers that the processing of personal data of individuals who no longer wish to have their personal data processed may impact on the data subjects’ rights such as their right to freedom of religion and freedom of association and the corollary rights. However, I am of the view that the legitimate interests of the Catholic Church in the proper administration of the sacraments and the Church as a whole, with appropriate safeguards in place to protect the personal data, overall outweighs the rights and freedoms of data subjects. The Archbishop’s legitimate interests are justified even with such an impact on the data subject as they represent central aims and beliefs in the Catholic Church. 569. It is the view of the DPC that the Archbishop may lawfully rely on legitimate interests under Article 6(1)(f) of the GDPR as a legal basis for processing the personal data of data subjects which is recorded in the Baptism Register, even in instances where a data subjectmay no longer wish to be associated with the Catholic Church. The Archbishop has: • established clear legitimate interests which are being pursued; • demonstrated the necessity of the processing to achieve these legitimate interests; and • subject to certain safeguards, the legitimate interests are not outweighed by the interests, rights and fundamental freedoms of the data subjects. Second Issue for Determination 570. The second issue for determination is whether, and to what extent the Archbishop’s interests (or those of a third party) in retaining the personal data and special category personal data are overridden by the interest or fundamental rights and freedoms of the data subjects and accordingly whether the Archbishop is entitled to rely on Article 6(1)(f) for the processing of the personal data and special category personal data. 571. As stated in the previous section, subject to safeguards, the Archbishop’s interests in retaining the personal data contained in the Baptism Registers are not overridden by the interest or fundamental rights and freedoms of the data subjects. The Archbishop is entitled to rely on Article 6(1)(f) for the processing of the personal data and special category personal data. Third Issue for Determination 572. The third issue for determination is whether the Archbishop is entitled to rely on Article 9(2)(d) of the GDPR for the processing of the special category personal data contained in the Baptism Registers, which permits processing carried out in the course of the Archbishop’s legitimate activities as a foundation, association or non-profit body with a religious aim where the processing relates solely to members or former members of the body or to persons who have regular contact with it in connection with its purposes and where the special category personal data are not disclosed outside the body without the consent of the data subjects. 573. Article 9(2)(d) of the GDPR permits processing of special category personal data which is: “carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects”. 574. Recital 51 also notes that: “[d]erogations from the general prohibition for processing such special categories of personal data should be explicitly provided, inter alia, where the data subject gives his or her explicit consent or in respect of specific needs in particular where the processing is carried out in the course of legitimate activities by certain associations or foundations the purpose of which is to permit the exercise of fundamental freedoms”. 575. The Archbishop has submitted that the processing of the special category personal data contained in the Baptism Registers, in particular the retention of such data in circumstances where the data subject no longer wishes to be recognised as a member of the Catholic Church, is in accordance with Article 9(2)(d) of the GDPR. 576. In order to assess whether the Archbishop is entitled to rely on the legal basis under Article 9(2)(d) of the GDPR, I must assess if the required criteria under Article 9(2)(d) are met: a. the personal data is processed in the course of its legitimate activities; b. by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim; c. on the condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes; and d. the personal data are not disclosed outside that bodywithout the consent of the data subjects. Criteria a: The personal data are processed in the course of its legitimate activities 577. I have previously established herein that the activities of the Catholic Church for which the Archbishop processes the personal data and special category personal data, which is contained in the Baptism Registers, are the legitimate interests of the Archbishop. 578. Further, I also note the guidance of the ICO with respect to the legitimate activities of a not-for- profit body under Article 9(2)(d). The ICO states that legitimate activities “is fairly broad, and covers most of what you do, as long as it does not stray outside the purposes and powers set out in your constitution or governing documents, and is not unlawful or unethical in any way”.410 410 ICO, Special Category data What are the conditions of processing, https://ico.org.uk/for-organisations/guide-to-data- protection/guide-to-the-general-data-protection-regulation-gdpr/special-category-data/what-are-the-conditions-for- processing/#conditions 579. I accept that these activities, relating to the recording and administering of certain sacraments in Baptism Registers are legitimate activities of the Catholic Church, being central to the key beliefs of the Church and being provided for in Canon Law which constitutes the internal rules of the Catholic Church and sets out the purposes of the Church and the powers provided to instruments of the Church to achieve this. Criteria b: By a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim 580. The Archbishop has submitted: “that the conditions required by Article 9(2)(d) in this instance are fulfilled, in that the personal data contained in the baptism registers are processed in accordance with the legitimate activities of the Catholic Church, the data relates solely to members or former members of the Catholic Church, or to persons who have regular contact with it, and those personal data are not disclosed outside that body without the consent of the data subjects”.411 581. I also note the guidance of the ICO in this regard. With respect to the bodies that may rely on Article 9(2)(d) as a legal basis for processing special category personal data, the ICO states that “[y]ou can only rely on this condition if you […] are a not-for-profit body, for example charities, clubs, political parties, churches, trade unions and other associations if they have a political, philosophical, or religious aim”412 (emphasis added). Indeed, the ICO goes on to set out the following example: “A church processes personal data of its members and supporters in order to run church activities and provide pastoral care. The church can rely on the not-for-profit condition to process the data which reveals their religious belief.”413 582. Further, in a 2016 talk given by Cardinal Stefan Wyszyński, at a Conference organised by the Polish Inspector for Personal Data Protection and published online by the EDPS (European Data Protection Supervisor), entitled “Personal Data Protection in churches and religious organisation” the Cardinal noted the following with respect to Article 9(2)(d) (which was still in draft form): “The new Regulation will maintain the existing exemption which allows churches and other bodies with a 'religious... aim' to process sensitive data: • 'in the course of its legitimate activities...'; • '...with appropriate safeguards'; 411 Submissions dated 16 March 2020, page 38. 412 ICO, Special Category data What are the conditions of processing, https://ico.org.uk/for-organisations/guide-to-data- protection/guide-to-the-general-data-protection-regulation-gdpr/special-category-data/what-are-the-conditions-for- processing/#conditions. 413 Ibid. • '...on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes'; and • on condition that 'the data are not disclosed outside that body without the consent of the data subject'”.414 583. In consideration of the above, I am satisfied that Article 9(2)(d) is intended to cover religious organisations that constitute not-for-profit bodies. I accept that the Archbishop is a member of a not-for-profit body, with a religious aim, that being the Archdiocese of Dublin. 414https://edps.europa.eu/sites/edp/files/publication/16-02-25_personal_data_protection_church_warsaw_en.pdf. Criteria c: On the condition that the processing relates solely to themembers or to former members of the body or to persons who have regular contact with it in connection with its purposes 584. The processing in question with respect to the Baptism Registers relates to persons who have undertaken what is considered the “gateway” sacrament within the Catholic Church415. While the Archbishop submits that the Baptism Registers do not constitute a list of members of the Church and nor is a register of members maintained for that intention, the Archbishop has noted that a “baptised person is properly considered a member of the Catholic Church”. As such “all baptism records relate either to members or former members”.416 585. I accept that in principle, any individual who has undergone baptism in the Catholic Church becomes a member of the Catholic Church. If subsequently, that individual no longer wishes to be amember of the Church; regardless of defection, that individual would be a formermember of the Church. 586. Therefore, I am satisfied that the processing of the special category personal data in the Baptism Registers relates only to persons who may properly be considered to be members or former members of the Church. Criteria d: The personal data are not disclosed outside that body without the consent of the data subjects: 587. Article 9(2)(d) also requires that personal data processed by the not-for-profit body not be disclosed outside that body without the consent of the data subjects. I note that the Baptism Registers are generally subject to strict confidentiality even within the Church itself and are only disclosed outside the Church after 100 years have passed.417 The personal data in the Baptism Registers may on limited occasions be disclosed within the organisation, either by the Archbishop seeking to instruct the parish priest to make a Special Annotation for example, or by a parish priest seeking advice from the Archbishop, via the Chancellery. I also note that, on occasion, a parent or guardian may request a baptismal certificate on behalf of an individual who had been baptised. This would be in situations where that individual is unable to consent on their own behalf, due to their age. I have not been provided with any evidence suggesting that the personal data contained in the Baptism Registers is disclosed outside of the Church without the consent of those data subjects. 588. Based on the above considerations, I am satisfied that the Archbishop may rely on the legal basis under Article 9(2)(d) of the GDPR for the processing of data subjects’ special category personal data during the course of their lifetime, being members or former members of a not- for-profit body with a religious aim. 415 Submissions dated 16 March 2020, page 26. 416 Submissions dated 16 March 2020, page 38. 417 Submissions dated 15 October 2020, Schedule of Documents, Dublin Diocesan Archives (IE/DDA), section 2.5 (page 243 of the PDF submission). Fourth Issue for Determination 589. The fourth issue for determination is whether the Archbishop, in processing the special category personal data in accordance with Article 9(2)(d) of the GDPR, put in place the required appropriate safeguards for such processing under Article 9(2)(d) 590. I have previously noted that the Archbishop has referred to a number of safeguards that are in place for the processing of the Baptism Registers. This includes the fact that the Baptism Registers are kept securely in the parishes, or in the Archbishop’s House and are confidential, only accessible by a very small number of authorised individuals. Further, the Archbishop has submitted that a de facto defection register is kept in order to allow those who no longer wish to have an association with the Church to have this view recorded. The Archbishop has also offered to direct the parish priests to include an annotation on the Baptism Register stated that an individual “No longer wishes to be identified as Roman Catholic”, though this is not the current practice of the Archdiocese.418 591. As previously stated, I am not of the view that the De Facto Defection Register is an appropriate safeguard. However, I am satisfied that the other safeguards put in place by the Archbishop are appropriate to safeguard the rights and fundamental freedoms of data subjects. 592. Based on the above considerations, I am satisfied that the Archbishop , in processing the special category personal data in accordance with Article 9(2)(d) of the GDPR, has in place the required appropriate safeguards for such processing under Article 9(2)(d). Fifth issue for Determination 593. The fifth issue for determination is in assessing the legal basis relied on by the Archbishop, whether the Archbishop is compliant with the principle of purpose limitation under Article 5(1)(b) of the GDPR and the principle of lawfulness, fairness and transparency under Article 5(1)(a) of the GDPR. 594. Regarding processing (as opposed to further processing) and the principle of ‘purpose limitation’, Article 5(1)(b) of the GDPR provides that the personal data shall be ‘collected for specified, explicit and legitimate purposes.’ Therefore, for compliance with the principle of ‘purpose limitation’ a data controller must only process data for specified, explicit and legitimate purposes. 595. With regard to the Baptism Registers as set out previously, the Archbishop has submitted it is essential for the administration of the affairs of the Catholic Church to maintain a register of all people who have been baptised in the Church. In addition, baptism is a sacrament, which can only be administered once and is the gateway to all other sacraments. At baptism, the personal data collected contains set information as set out at paragraph 38 of this Decision which is personal data required for the purposes of recording the fact that the individual was baptised. 418 Submissions dated 16 March, page 44. 596. It is the view of the DPC that the data which is processed (as opposed to further processed), in the baptism registers is for a specified, explicit and legitimate purpose in line with Article 5(1)(b). 597. Regarding processing (as opposed to further processing) and the requirements under Article 5(1)(a) of the GDPR, that personal data must be processed lawfully, fairly and transparently, it appears to the DPC that the personal data contained in the Baptism Registers, is processed lawfully under Article 6(1)(f) of the GDPR and this analysis is set out above which includes appropriate safeguards being in place. 598. Regarding the ‘fair’ component of Article 5(1)(a) of the GDPR, I am of the view that the data is processed fairly insofar as the data being processed is not processed by deception or in the absence of the data subject’s knowledge (or legal guardian’s knowledge) and is relevant to an event that factually occurred. 599. Regarding the ‘transparency’ component of Article 5(1)(a) of the GDPR, Recital 39 of the GDPR states ‘[i]t should be transparent to natural persons that personal data concerning them are collected, used, consulted or otherwise processed and to what extent the personal data are or will be processed.’ The principle of transparency requires that any information and communication relating to the processing of those personal data be easily accessible and easy to understand, and that clear and plain language be used.’ 600. In relation to the transparency principle in respect of processing undertaken for the purposes of archiving in the public interest and for historical research purposes, the Archbishop stated: “It is a matter for individual Parishes to address the transparency principle on respect of the registers held by them and which are subject to the GDPR. However, in relation to the register of baptisms of persons who are adopted, the parish of baptism will direct adopted persons applying for baptismal certificated to the Chancellery”.419 601. On the basis of the foregoing, I am of the view that the Archbishop has infringed the transparency principle under Article 5(1)(a) of the GDPR, in circumstances where (1) the Archbishop is of the view that he is not a data controller in the first instance and on that basis it is a matter more appropriate for the Parish Priest as data controller and (2) the Archbishop has not provided the DPCwith any evidence as to how he is in compliance with the transparency principle. 419 Submissions dated 15 October 2020, page 33. Legal Analysis: Further Processing 602. Regarding further processing of personal data and special category data of data subjects who no longer wish to have their personal data recorded in the Baptism Registers, the eight separate issues for determination are set out above in this Decision. Further processing is processing for a purpose other than that for which the personal data have been collected. Article 5(1)(b) states that “further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes.” Reliance is placed on Article 6(1)(f) and Article 9(2)(j) of the GDPR for such further processing by the Archbishop within the context of ‘[A]rchiving purposes in the public interest and historical research purposes’. 603. Article 9(2)(j) states: “processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union orMember State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.” (Emphasis added). Article 89(1) provides that such processing for archiving purposes in the public interest or historical research “shall be subject to appropriate safeguards”. This is explained further in Recital 156 of the GDPR. 604. In the first instance, personal data is being collected and processed by the Church primarily to document and record the administration of the sacrament of baptism, which is an initiation into the Catholic faith; as set out previously, this is the basis upon which other sacraments can be administered and without which other sacraments cannot be administered. Such administration is “critical in terms of certain key beliefs in the Catholic faith”420 and is a key tenet in the administration of the Catholic Church. 605. The Baptism Records as a matter of course are essentially required for the lifetime of an individual as there is no time frame within which an individual receives sacraments, and I have set out that it is of the view that the Archbishop has a lawful basis for such processing under Article 9(2)(d) of the GDPR which essentially extends for the lifetime of a data subject. 420 Submissions dated 16 March 2020, page 35 606. The Archbishop, in addition, now relies on Article 9(2)(j) for the further processing of the same personal data-set for archiving in the public interest and for historical research purposes as he submits that the “baptism registers form an important part of the Church’s wider role in maintaining records and archives” and that the “Baptism Registers record the historical fact of baptisms having taken place. Over time, these registers assume a different importance becoming a unique archival and/or historic record of enduring value. Baptismal records are often, for example, sought by those carrying out genealogical research.”421 This appears to be ancillary to the original purpose of the processing. The archiving processing only arises by virtue of the initial existence of the Baptism Registers. 607. The Archbishop submits that the “registers maintained are a form of archiving”’422 and that he is aware “that baptism certificates are often used for persons seeking to establish Irish citizenship through antecedents (usually grandparents), in the absence of State records due to the fire in the Customs House in 1921, or prior to the creation of State records”’.423 The historic Catholic parish records shared with the National Library during the 1940s/1950s had a “cut-off date of 1880” for reasons of confidentiality.424 608. In addition, the Archbishop provides a comprehensive summary regarding the historic archiving of church records and states that the “Diocesan Archives hold a register from St. Michan’s Church, Halston Street, Dublin, dating from 1726. However, the vast majority of the registers in the Diocesan archives date from the 19th century. Those from the mid-1850s are pro-forma registers, customised with detailed columns and headings unlike earlier versions”. 425 609. The Dublin Diocesan Archive426 states that the “vast bulk of its holdings are confined to the nineteenth and twentieth centuries, with the Archives processing only a small amount of material covering the reigns of twelve Archbishops from 1600-1770”. It further states that it holds “the papers of eleven successive archbishops of Dublin covering the period 1770 to 2004” “eight of which are available to researchers’. The reign of the eight Archbishops referred to date from 1770 to 1972. For Family History Research purposes, it states “information from Parish Registers is only accessible up to and including 1920”. 610. Recital 158 of the GDPR provides that “public authorities or public or private bodies that hold records of public interest should be services which, pursuant to Union orMember State law, have a legal obligation to acquire…..” (Emphasis added). It appears therefore that in order for a data controller to rely on archiving in the public interests, the legal obligation to process such data must be set out in law. 611. As set out previously, the Archbishop submitted that the “legal obligation” referred to in Recital 158 need not be limited to a statutory obligation stating “the canon law obligations on parish priests to preserve baptismal and other registers are set out under the Code of Canon Law”. 421 Submissions dated 16 March 2020, page 52. 422 Submissions dated 16 March 2020, page 45. 423 Submissions dated 16 March 2020, page 46. 424 Submissions dated 15 October 2020, page 19. 425 Submissions dated 16 March 2020, page 40. 426 Archives | Archdiocese of Dublin (dublindiocese.ie); https://dublindiocese.ie/archives/ 612. Recital 41 states: “Where this Regulation refers to a legal basis or a legislative measure, this does not necessarily require a legislative act adopted by a parliament, without prejudice to requirements pursuant to the constitutional order of the Member State concerned. However, such a legal basis or legislative measure should be clear and precise and its application should be foreseeable to persons subject to it, in accordance with the case- law of the Court of Justice of the European Union (the ‘Court of Justice’) and the European Court of Human Rights’”. (Emphasis added) 613. As set out at previously, the position under Canon Law is not determinative of the position under Irish or EU law. Canon Law is an internal body of law, which governs the internal operations of the Catholic Church. Recital 41 clarifies that some form of a legal basis is required which must be clear, concise and foreseeable to individuals and in line with the case law of the CJEU and the ECtHR. For the purposes of archiving in the public interest, there must be a legal obligation for the Archbishop to engage in such archiving. 614. Article 91 of the GDPR states: “(1) Where a Member State, churches and religious associations or communities apply, at the time of entry into force of this Regulation, comprehensive rules relating to the protection of natural persons with regard to processing, such rules may continue to apply, provided that they are brought into line with this Regulation. (2) Churches and religions associations which apply comprehensive rules in accordance with paragraph 1 of this Article shall be subject to the supervision of an independent supervisory authority, which may be specific, provided that it fulfils the conditions laid down in Chapter VI of this Regulation”. 615. I am not aware of any set of comprehensive data protection rules as referred to in Article 91 at domestic level in this jurisdiction which relates to the protection of natural persons with regard to such processing to permit any form of a derogation. Further, there were no submissions made by the Archbishop on this point. In any event, Article 91(1) clearly sets out that such rules could only continue to apply on condition they complied with the GDPR. 616. I note the Archbishop’s reference to Article 44.2.5 of Bunreacht na hÉireann and the right of religious denominations to manage their own affairs. In Jehovan Todistajat (Case C-25/17) at paragraph 74, the CJEU held that: “The obligation for every person to comply with the rules of EU law on the protection of personal data cannot be regarded as an interference in the organisational autonomy of those communities (see, to that effect, judgment of 17 April 2018, Egenberger, C‐414/16, EU:C:2018:257, paragraph 58).”427 427 C-25/17 Jehovan Todistajat, EU:C:2018:551, paragraph 74. 617. Based on the foregoing, the GDPR does not interfere with nor can it be construed as interfering with the autonomy of any religious denomination, including the Catholic Church, from managing its own affairs. Article 91 of the GDPR indicates that churches, religious associations or communities must operate within the parameters of data protection law. 618. While I accept for present purposes that the legal obligation for archiving in the public interest need not necessarily be limited to a statutory obligation (for example, the legal obligation could be set out in common law), Article 9(2)(j) is underpinned by a legal obligation being placed on the data controller in the first instance, which it is not presently. It is not sufficient for the purposes of data protection law for a data controller to rely on its own internal set of rules for the purposes of Article 9(2)(j) of the GDPR. 619. I note that the Diocesan Archives holds various historic registers dating from 1726. In relation to further processing for the purposes of historical research, I am of the view, that insofar as the data subjects named in those historic registers are deceased,428 the GDPR does not apply. Insofar as there may be some data subjects named in those registers who are still alive, I am of the view that their personal data is lawfully processed in the first instance under Articles 6(1)(f) and 9(2)(d) of the GDPR for their lifetime which is the primary purpose of the processing of that data and not for an ancillary or further processing function. 620. Based on the foregoing, it is the view of the DPC that it is not necessary to consider or analyse further the other elements contained within the provisions of Article 9(2)(j) of the GDPR that were set out in the Issues Paper. Namely, whether the processing is necessary, the public interest element, the proportionality of the processing, the right to data protection or the safeguards that ought to be in place and on that basis, within the context of this Inquiry, the remaining issues for determination as set out in the Issues paper, are now moot. 428 Article 4(1) of the GDPR states that the Regulation applies to the personal data of ‘natural persons’. Recital 27 further clarifies that the GDPR ‘does not apply to the personal data of deceased persons. Member States may provide for rules regarding the processing of personal data of deceased persons’. Findings 621. Therefore, I find that: a. The Archbishop may lawfully rely on legitimate interests under Article 6(1)(f) of the GDPR as a legal basis for the processing of personal data of data subjects which is recorded in the Baptism Register, even in such instances where a data subject may no longer wish to be associated with the Catholic Church; b. Subject to safeguards, the Archbishop’s interests in retaining the personal data contained in the Baptism Registers are not overridden by the interest or fundamental rights and freedoms of the data subjects; c. The Archbishop may rely on the legal basis under Article 9(2)(d) of the GDPR for the processing of data subjects’ special category personal data during the course of their lifetime, being members or former members of a not-for-profit with a religious aim; d. The Archbishop, in processing the special category personal data in accordance with Article 9(2)(d) of the GDPR, has in place the required appropriate safeguards for such processing under Article 9(2)(d) e. The Archbishop cannot lawfully rely upon Article 9(2)(j) of the GDPR for the purposes of further processing the personal data and special category data of those named in the Baptism Registers, the subject of this Inquiry. 622. As it has now been determined that the Archbishop is the data controller for the processing activities the subject of this Inquiry. He must now ensure compliance with Article 5(1) of the GDPR. In particular, as part of his compliance under Article 5(1)(a) of the GDPR vis-à-vis transparency of processing (and having regard to the provisions of Articles 12 to 14 of the GDPR), the Archbishop should now make clear that all personal data collected and recorded and otherwise processed for the purposes of the administration of sacraments, is retained for the lifetime of that individual. d) RIGHT OF RECTIFICATION Issues for determination 623. In relation to the Archbishop’s compliance with the data subject right under Article 16 of the GDPR, the following issues arise for determination, as set out in the Issues Paper: a. whether a data subject has the right to obtain from the Archbishop the rectification of inaccurate personal data concerning him or her; b. whether the recording of a data subject’s sacrament of baptism in the Baptism Registers, in circumstances where the data subject no longer consider themselves to be a member of the Catholic Church, constitutes inaccurate or incomplete personal data within themeaning of Article 16 of the GDPR, with reference to the Archbishop’s compliance with the principle of accuracy under Article 5(1)(d) of the GDPR in this regard; c. whether data subjects who no longer consider themselves to be members of the Catholic Church have the right to obtain rectification of their sacramental status or their status as members of the Catholic Church in the church records contained in the Baptism Registers or where the personal data is found to be incomplete, have the right to have this personal data completed, including by means of providing a supplementary statement; and; d. whether, in circumstances where a right to rectification exists, the data subjects’ rights may be restricted by the Archbishop, pursuant to Section 61(1) of the 2018 Act, where the processing is for archiving purposes in the public interest, or by section 61(2) of the 2018 Act, where the processing is for historical research purposes and the exercise of the right would be likely to render impossible or seriously impair, the achievement of these purposes and the restriction is necessary for the fulfilment of those purposes. 624. The Baptism Registers contain a record of individuals who have undergone the sacrament of baptism within the Catholic Church in the Archdiocese, which is central to the administration of the church. Under canon 535 §1, the Baptism Registers (along with all parochial registers) are to be “accurately inscribed and carefully preserved” by the parish priest. The parish priest in certain circumstances may amend parish Baptism Registers. As previously set out, the Guidelines state at section 1.12 that “[f]acts cannot be changed. Errors can be corrected when proof is provided. Some emendations however are possible. For example, sometimes people adopt a new name for themselves or more especially for their children […] any alteration to the Baptismal Register must be authorised through the Chancellery”429. 429 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, section 1.12 (page 12 of the PDF submission). 625. As stated, such amendments require input from the Chancellery, as set out in the Guidelines at section 4.5: “the express permission of the Chancellery is required before any alteration or emendation may be made in an entry in any such parochial register”430. 626. Though this Inquiry is an own-volition Inquiry, certain of the complaints received by the DPC from data subjects prior to the commencement of the Inquiry stated that they no longer consider themselves members of the Catholic Church. It now falls to me to determine whether a church record, which continues to list these data subjects and their sacramental status in the Catholic Church, is inaccurate or incomplete in that context, and whether a right to obtain rectification may arise in favour of these data subjects should they so wish to request rectification. Relevant Provisions 627. Article 16 of the GDPR states that data subjects “shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement”. 628. Article 19 of the GDPR also requires that the “controller shall communicate any rectification or erasure of personal data or restriction of processing, carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data may have been disclosed, unless this proves impossible or involves disproportionate effort”. 629. Article 5(1)(d) of the GDPR requires that personal data be “accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay” (otherwise known as the principle of accuracy). 630. Recital 39 of the GDPR also states, “[e]very reasonable step should be taken to ensure that personal data which are inaccurate are rectified or deleted”. 631. Recital 65 of the GDPR also states that “[a] data subject should have the right to have personal data concerning him or her rectified and a ‘right to be forgotten’ where the retention of such data infringes this Regulation or Union or Member State law to which the controller is subject.” 632. Section 61 the 2018 Act restricts the exercise of certain data subject rights, including rights under Article 16, in certain instances. Section 61(1) restricts data subject rights where processing of data is for archiving purposes in the public interest and section 61(2) of the 2018 Act restricts data subject rights where processing of data is for scientific or historical research purposes or statistical purposes to the extent that: (a) the exercise of any of those rights would be likely to render impossible, or seriously impair, the achievement of those purposes, and (b) such restriction is necessary for the fulfilment of those purposes. 430 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, section 1.5 (page 23 of the PDF submission). Relevant Case Law 633. In the judgment of the CJEU in C-434/16 Nowak v Data Protection Commissioner,431 the CJEU considered the right of rectification within the context of Directive 95/46/EC. The CJEU stated, in consideration of whether an exam script constituted personal data, and if so whether the exam answers and the comments by the examiners could be the subject of the right of access and the right of rectification, that: “It is apparent from Article 6(1)(d) of Directive 95/46 that the assessment of whether personal data is accurate and complete must be made in the light of the purpose for which that data was collected. That purpose consists, as far as the answers submitted by an examination candidate are concerned, in being able to evaluate the level of knowledge and competence of that candidate at the time of the examination. That level is revealed precisely by any errors in those answers. Consequently, such errors do not represent inaccuracy, within the meaning of Directive 95/46, which would give rise to a right of rectification under Article 12(b) of that directive. On the other hand, it is possible that there might be situations where the answers of an examination candidate and the examiner’s comments with respect to those answers prove to be inaccurate, within the meaning of Article 6(1)(d) of Directive 95/46, for example due to the fact that, by mistake, the examination scripts were mixed up in such a way that the answers of another candidate were ascribed to the candidate concerned, or that some of the cover sheets containing the answers of that candidate are lost, so that those answers are incomplete, or that any comments made by an examiner do not accurately record the examiner’s evaluation of the answers of the candidate concerned”.432 431 C-434/16 Nowak v Data Protection Commissioner ECLI:EU:C:2017:994. 432 C-434/16 Nowak v Data Protection Commissioner, paragraphs 53-54. Archbishop’s Submissions 634. The Archbishop submitted that baptism records are not inaccurate (in the instance where an individual no longer considers themselves to be a member of the Catholic Church), stating that the Baptism Registers “are an accurate record of a particular event having occurred at a certain time in the past”. In general, the Archbishop noted that if there were an inaccuracy in the record “such as an incorrect spelling of a name” itwould be possible to correct such as an inaccuracy.433 635. The Archbishop submitted that the Baptism Registers should not be mischaracterised as a “list of current members of the Catholic Church”. Instead, the Baptism Registers “sets out a person’s status in respect of certain sacraments, which can be administered only once in a person’s lifetime. As such, the baptism registermerely indicates a person’s status as baptised, and has no bearing on their status as regards adherence to the beliefs of, or communion with, the Catholic Church”.434 636. As such, the Archbishop expressed the view that “unless it has been demonstrated that a factual inaccuracy exists within the register the Archbishop submits that the right provided for in Article 16 does not apply”.435 637. The Archbishop also noted that Article 16 provides data subjects with the right to have incomplete personal data completed. In this regard, the Archbishop stated that “the purposes of the processing is to record a person’s status in respect of certain sacraments. As long as the registers have beenmaintained and are up-to-date, it cannot be said that the information in this regard is “incomplete”, so again, the right provided for in Article 16 does not apply”.436 638. The Archbishop also stated in this regard that, although it is not understood to be the current practice in the parishes of the Archdiocese, “the Archbishop could indicate to Parish Priests that it would be permissible pursuant to canon law to adopt a practice whereby the register could be annotated as follows: “No longer wishes to be identified as a Roman Catholic”. However, the Archbishopwished to stress that it is not accepted that this is orwould be necessary (to facilitate data subject rights) and that “the adoption of this practice would ultimately be a matter for the parish priest as the data controller”.437 639. Finally, the Archbishop pointed to section 61(2) of the 2018 Act, which provides that where the processing of personal data is for historical research purposes, the rights of a data subject under Article 16 are restricted to the extent that: “the exercise of any of that right would be likely to render impossible, or seriously impair, the achievement of those purposes, and such restriction is necessary for the fulfilment of those purposes”.438 433 Submissions dated 16 March 2020, page 48. 434 Submissions dated 16 March 2020, page 48 435 Submissions dated 16 March 2020, page 48 436 Submissions dated 16 March 2020, page 48 437 Submissions dated 16 March 2020, page 49. 438 Submissions dated 16 March 2020, page 49. Legal Analysis 640. I have made the finding above that the personal data and the special category personal data held in the Baptism Register falls within the material scope of Article 2(1) of the GDPR. This is on the basis that the Baptism Registers form part of a filing system (as defined under Article 4(6) of the GDPR) or are intended to form part of a filing system. 641. I have found that the Archbishop is the sole controller of the personal data and special category personal data contained in the Parish Baptism Registers for the processing activities of retention, special annotation and alteration and the sole controller for all processing activities with respect to the Clonliffe College Registers and the Adopted Persons Baptism Registers. In addition, I made the finding that the Archbishop’s lawful basis for the processing of such personal data is pursuant to Article 6(1)(f) and Article 9(2)(d) of the GDPR. Further, I made the finding that processingwas not lawful under Article 9(2)(j) of the GDPR for archiving in the public interest and/or for historical research purposes. 642. On the basis of these findings, I must now consider generally whether the right to obtain rectification under Article 16 of the GDPR applies to the personal data and special category personal data for which the Archbishop is the controller and which falls within the material scope of the GDPR. Article 16 of the GDPR provides for two things: firstly, the right of the data subject to have factually inaccurate personal data rectified and secondly the right to have incomplete personal data “completed” including by way of a supplemental statement; the latter must take into account the purposes of processing. For the purposes of Baptism Records, Imust turn my consideration to whether the data is inaccurate or is it incomplete. Issue 1 for Determination: whether a data subject has the right to obtain from the Archbishop the rectification of inaccurate personal data concerning him or her under Article 16 of the GDPR. 643. It is important to note that the right to rectification is not an absolute right and it depends on the circumstances of the case. An assessment must be made in each instance as to whether personal data is accurate and complete and this assessment must be made in light of the purpose for which that data was collected and processed, according to the CJEU in Nowak.439 Although this case considered the relevant issues under Directive 95/46, the principle of accuracy under the GDPR has remained largely the same. 644. As a controller, the Archbishop is under an obligation to comply with the principle of accuracy under Article 5(1)(d) of the GDPR, requiring the Archbishop to take every reasonable step “to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay”. Compliance with this obligation must be demonstrable in accordance with the principle of accountability under Article 5(2), which states that a controller “shall be responsible for, and be able to demonstrate compliance with, paragraph 1”. 439 C-434/16 Nowak v DPC, paragraph 53. 645. Further, Article 12(2) of the GDPR places an obligation on a controller to “facilitate the exercise of data subject rights under Articles 15 to 22”. Article 12(3) of the GDPR also requires that a controller “shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request”. 646. In circumstances where a controller does not take action on a request, Article 12(4) of the GDPR requires that the controller: “shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy”. 647. Further to the above provisions, the Archbishop as a controller is under an obligation to facilitate the exercise of data subject rights under Articles 15 to 22 in respect of the personal data and special category personal data for which he acts as a controller and which falls within the material scope of the GDPR. The right to rectification under Article 16 is encompassed in the controller obligations set out in Article 12. 648. As such, it is my view that a request by a data subject regarding the exercise of their right to rectification under Article 16 of the GDPR must be facilitated by the Archbishop in line with the provisions and requirements of Article 16 and as mandated under Article 12(2) of the GDPR which states “The controller shall facilitate the exercise of data subject rights under Articles 15 to 22.” Issue 2 for Determination whether the recording of a data subject’s sacrament of baptism in the Baptism Registers, in circumstances where the data subject no longer consider themselves to be a member of the Catholic Church, constitutes inaccurate or incomplete personal datawithin themeaning of Article 16 of the GDPR, with reference to the Archbishop’s compliance with the principle of accuracy under Article 5(1)(d) of the GDPR in this regard. 649. The Archbishop has indicated that rectification of the Baptism Registers already occurs in some instances. The Baptism Registers (along with all parochial registers) are to be “accurately inscribed and carefully preserved” by the parish priest in accordance with canon 535 §1. Parish priests are only permitted to amend the registers in certain circumstances as set out in the Guidelines. Documentary evidence is generally required to ground such a request for an Alteration. In particular, the Guidelines state at section 1.12 that “[f]acts cannot be changed. Errors can be corrected when proof is provided. Some emendations, however are possible. For example, sometimes people adopt a new name for themselves or more especially for their children.” This therefore relates to the rectification of data that is inaccurate as a matter of fact under Article 16 of the GDPR. 650. The evidence provided to the DPC indicates that where an Alteration is made to an entry in the Baptism Register, the incorrect or inaccurate personal data is not deleted, but a line is drawn through it and the new information is inserted and a note is added with a direction to include the alteration in any future baptism certificates issued.440 440 Submissions dated 15 October 2020, Schedule of Documents, copy of letter, (page 194 of the PDF submission). 651. The GDPR does not define the term “accurate” or “inaccurate”’. While not referring to the GDPR, section 92(17) of the 2018 Act states that, for the purposes of transposing the right of rectification under the Law Enforcement Directive,441 personal data are inaccurate if “(a) they are incorrect or misleading as to any matter of fact”, or (b) they are incomplete in a material manner”. Further, though less persuasive value from a European Law perspective since the exit of the United Kingdom from the European Union, the UK Data Protection Act 2018 defines “inaccurate” in relation to personal data as “incorrect or misleading as to any matter of fact”.442 652. The concept of accuracy is to be interpreted in light of Article 5(1)(d) of the GDPR. Article 5(1)(d) states that “every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay” (emphasis added). 653. It is the view of the DPC that, in principle, the correction of factually incorrect data as submitted by the Archbishop is sufficient for compliance with Article 16 of the GDPR having regard to the factual inaccuracy of the original recording and processing of the personal data and special category data. 654. In the context of this Inquiry, I must consider whether the recording and thus processing of personal data and special category data is inaccurate or incomplete in circumstances where a data subject no longer wishes to be amember of the Catholic Church. As set out previously, the issue of a formal/defacto defection from the Catholic Church is not a matter for the DPC; the issue for the DPC relates to the rectification of personal data and special category data contained within the Baptism Registers for such individuals. This issue for determination regarding rectification within this context must be considered within the parameters as to whether it relates to (a) the inaccuracy of the factual data that is recorded or (b) whether the factual data is incomplete taking into account the purposes of processing. 655. The Archbishop submitted that certain sacramental registers held in the Archdiocese consist of a record of the administration of certain sacraments in the Church.443 The Archbishop also submitted that baptism can only be received once and as such, “it is essential that the Roman Catholic Church maintain a record of all those persons who have been baptised”.444 The Archbishop further submitted that the purposes of the processing of the Baptism Register is to be assured that certain sacraments have been administered once only in a person’s lifetime (baptism, confirmation,marriage and holy orders) by recording the baptism of an individual and annotating any future sacraments of confirmation, marriage or holy orders.445 656. The Archbishop has submitted that the Baptism Registers record the occurrence of an event, that of the administration of the sacrament of baptism. The Archbishop stated that the Baptism Registers “are an accurate record of particular event having occurred at a certain time in the past”. However, the Archbishop also submitted that if an inaccuracy exists in that record, such as the spelling of a name, such an inaccuracy would be corrected. 441 Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016. 442 UK Data Protection Act 2018, section 205. 443 Submissions dated 16 March 2020, pages 34-35. 444 Submissions dated 16 March 2020, page 34. 445 Submissions dated 16 March 2020, page 35. 657. A question arises which is whether the Baptism Registers merely record the event of baptism (and certain further sacraments), and are therefore not inaccurate even where a data subject is no longer a member of the Catholic Church, or whether the Baptism Registers effectively operate as a list of the members of the Catholic Church. 658. The Archbishop submitted that in respect of membership of the Catholic Church, “[w]hile the Roman Catholic Church does not maintain a register of members […] it is correct to say that at the point of baptism, the baptised person is properly considered a member of the Catholic Church”. 446 However, the Archbishop also submitted that the content of the entry on the register does not signify that the data subject is a currentmember of the Roman Catholic Church but rather signifies the fact that the person was, at one point in the past, baptised as a Catholic.447 659. I note the Archbishop’s reference to the past decision ofmy predecessor as outlined in the Data Protection Commissioner’s Annual Report 2003. The former Commissioner, in relation to Baptism Registers concluded that they were “a factual record of an event that happened”.448 Although Baptism Registers are a factual record of an event that happened, it must be noted that case study was considered under the Data Protection Acts, 1988-2003, the complainant’s baptismal records were never located and the complainant did not pursue the matter beyond the initial stages of complaint-handling; therefore the matter did not progress any further. 660. Based on the purpose for which the Archbishop and the parish priests retain the Baptism Registers, which is to ensure the proper administration of certain sacraments of the Catholic Church (in particular that individuals may only undergo these once in their lifetime), it is my view that the Baptism Registers are intended to record the event of baptism (and any further sacraments which are annotated). 661. This is as opposed to the Baptism Registers acting as a list of members of the Catholic Church. Although the Archbishop stated that a person may be called a member of the Catholic Church once they are baptised, there is no evidence to suggest that the Catholic Church records and maintains a list of its current members. The Archbishop’s submissions have consistently set out that the Baptism Registers are to ensure it has a clear record of a person’s sacramental status within the Church. 662. The Archbishop has recognised that a number of people no longer wish to be considered members of the Catholic Church and this has been recorded in the Defection Registers. In this regard, the Archbishop has stated that the purposes of the de facto defection register is to “address any concern that the data subject might have that the [baptism] register would be regarded as a record of current membership”. This “mitigates against any concern that a data subject may have in respect of the register being assumed to provide a record of their present- day religious status and beliefs”449. 446 Submissions dated 16 March 2020, page 38. 447 Submissions dated 16 March 2020, page 44. 448 DPC Annual Report 2003, case study 8, page 37. 449 Submissions dated 16 March 2020, page 44. 663. The maintenance of a de facto defection register demonstrates that the Archbishop is open to recording an individual’s views on their membership in the Catholic Church if they so wish. However, the recording of sacraments in the Baptism Register has the main purpose of documenting the occurrence of particular events, namely, the administration of sacraments, to ensure that the same sacrament is not re-administered to the same person. 664. In considering whether the Baptism Register (and subsequent annotations) may be inaccurate in the context of the purposes forwhich it is processed, in accordance with Article 5(1)(d), I have noted themain purpose for the recording of sacraments in the Baptism Register is documenting the occurrence of an event. As the Baptism Register is a factual record of an event that occurred, it is important to note that any exercise of the right to rectification does not alter the fact that the event took place. The exercise of the right to rectification regarding inaccurate records is to rectify the inaccurate data surrounding the processing of that data which recorded that factual event in the first instance. 665. Within the context of individuals who no longer wish to be a considered a member of or associated with the Catholic Church, I am of the view that this does not give rise to a right to rectification as the event, which is recorded in the Baptism Register, still occurred and from a data processing perspective, remains factually accurate. 666. I am therefore of the view that the recording of a data subject’s sacrament of baptism in the Baptism Register, in circumstances where the data subject no longer considers themselves to be a member of the catholic Church, does not constitute inaccurate personal data within the meaning of Article 16 of the GDPR. This view is ascertained with reference to the Archbishop’s compliance with the principle of accuracy under Article 5(1)(d) of the GDPR and on the assumption that all recorded details accurately reflect the event. 667. I wish to note that, in circumstances where the Archbishop assesses a request for rectification under Article 16 of the GDPR, and concludes that no factual inaccuracy arises with the recorded data, he must still comply with his obligations under Article 12(3) and or Article 12(4) of the GDPR, in order to properly facilitate the exercise of data subject rights (which aremore broadly contained under Articles 15 to 22 of the GDPR). The Archbishop is obliged to ensure that any communicationwith data subjects under Articles 15 to 22 is in a concise, transparent, intelligible form in accordance with Article 12(1) of the GDPR. The issue of records being “incomplete” is considered under the next section. Issue 3 for Determination - whether data subjects who no longer consider themselves to be members of the Catholic Church have the right to obtain rectification of their sacramental status or their status as members of the Catholic Church in the church records contained in the Baptism Registers or where the personal data is found to be incomplete, have the right to have this personal data completed, including by means of providing a supplementary statement. 668. I formed the view above that in circumstances where the data subject no longer considers themselves to be a member of the Catholic Church that the recording of a data subject’s sacrament of baptism in the Baptism Register does not constitute inaccurate personal data within the meaning of Article 16 of the GDPR, with reference to the Archbishop’s compliance with the principle of accuracy under Article 5(1) of the GDPR. As a consequence of same, the DPC forms the view that individuals who no longer consider themselves to be members of the Catholic Church do not have the right to obtain rectification of their sacramental status or their status as members of the Catholic Church, as the recording and processing of the data is not inaccurate as amatter of fact in the first instance; this is also on the assumption that all recorded details accurately reflect the event. 669. I now must consider whether, in circumstances where the personal data and special category data, contained in the Baptism Registers of data subjects who no longer consider themselves to be members of the Catholic Church, may be considered to be incomplete, and if so, whether those data subjects may have a right to have this personal data completed by means of providing a supplementary statement. 670. In his submissions, the Archbishop referenced the DPC Annual Report of 2003.450 The Church in the instance of that case study had offered to make a note in the data subject’s record of baptism in circumstances where they wished for their baptism record to be deleted in that “the person no longer wished to be associatedwith the Catholic church or to be classed as a Catholic”. This approach was considered by my predecessor at the time to be “appropriate and considerate”. 671. The Archbishop has also submitted that he could recommend to parish priests that it would be permissible to adopt a practice whereby the Baptism Register is annotated, in circumstances where individuals no longer consider themselves a member of the Catholic Church. The annotation would read “No longer wishes to be identified as a Roman Catholic”. 672. This would, in effect act as a supplementary statement in circumstances where the personal data and special category personal data is assessed to be incomplete with regard to the data subject’s sacramental status within the Catholic Church. i.e., the failure to record a data subject’s wish not to be recognised as amember of the Catholic Church. I wish to note however, the Archbishop has not accepted that such a supplementary statement would be necessary to rectify incomplete personal data and special category personal data in this context, only that it might service to facilitate the concerns of data subjects in this regard. 673. From 1983 to 2010 in the Code of Canon law, a formal act of defection from the Catholic Church was recognised. Up until 2009, it was possible to defect formally from the Catholic Church by way of a notification to the Chancellery. 450 DPC Annual Report 2003, case study 8, page 37. 674. From 2010 onwards, following the issue of the document Omnium inMentem by Pope Benedict XVI in 2009, formal defection was no longer possible. Individuals may still indicate to the Archbishop that they do not wish to be considered members of the Catholic Church and that they have defected from the Church in practice. In that instance, their details will be recorded in the De Facto Defection Register, which is maintained by the Archdiocese of Dublin for this purpose. No record of the individual’s de facto defection is recorded in the Baptism Registers. 675. This Decision considered the rights of data subjects vis-à-vis Article 10 of the Charter of Fundamental Rights (right to freedom of thought, conscience and religion) and Article 9 of the ECHR which considers the right to freedom of religion and the corollary of that right, the right not to belong to a religion or practice it. Article 12 of the Charter also provides for the right to freedom of association including the freedom to associate with religions associations. The corollary of the right to associate is the right to dis-associate. As set out previously, the defection from the Catholic Church is not a data protection matter, but examining the lawfulness of processing of personal data is within the remit of the DPC, which includes the processing of personal data of those who wish to leave or formally defect from the Catholic Church. 676. In this Decision, the DPC analysed the balancing test for the purposes of Article 6(1)(f) of the GDPR, which concerns the lawfulness of processing by the Catholic Church for members and former members. Article 1(2) of the GDPR states that “This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data” [emphasis added]. I am satisfied that the inclusion of a supplemental statement on the Baptism Register supports the interests, rights and freedoms of those data subjects who no longer wish to be associated with the Catholic Church. 677. Further, I am of the view, that the insertion of a supplemental statement enhances the balancing exercise under Article 6(1)(f) of the GDPR insofar as it goes towards vindicating data subjects’ rights vis-à-vis their status/sacramental status while simultaneously the supplemental status does not impose on the legitimate interests of the Church. 678. This arises in particular in circumstances where the Archbishop has submitted that he could recommend to parish priests that it would be permissible to adopt a practice whereby the Baptism Register is annotated with “No longer wishes to be identified as a Roman Catholic”. However, it is my view that in circumstances where a data subject no longer wishes to be a member of the Catholic Church, the data subject does not have a right to have a supplementary statement added to the entry in the Baptism Register. This follows as a logical conclusion from the finding that the Baptism Register is held for the purpose of recording the event of a baptism and is not processed as some form of a register of membership. 679. I consider the inclusion of a supplementary statement beneficial, but not a necessary element of data accuracy, having regard to the purposes for which the personal data on that register is processed. It is not necessary to insert supplemental statements into the records of baptisms to vindicate the rights of data subjects who subsequently wish to leave the Catholic Church. 680. The Baptism Register is intended as a record of an individual’s sacramental status. The Archbishop has described the Baptism Register as “of particular importance as it is considered to be the “gateway” to all of the records of a person’s life within the Catholic Church”. The Archbishop has submitted any further changes regarding the sacraments that a person has received are to be annotated in the Baptism Register. 681. While I acknowledge that registration in the De Facto Defection Register does not change the canonical status of a person, unlike registration in the formal defection register in the past, or the sacramental status of a person (not being equivalent to undertaking a sacrament), it is my view that being registered in the de facto defection register can be a record of a “person’s life within the Catholic Church”. However, I do not see this De Facto Defection Register as forming a necessary processing operation under the GDPR. The current entries on that De Facto Defection Register were made with the consent of the data subjects affected, however the Archbishop does not hold this register out to be a definitive list of all non-practising exmembers of the Catholic Church. 682. I am of the view that in the circumstances where the recording and processing of the sacramental status of a person in the Baptism Register is considered to be personal data and special category data, and is within the material scope of the GDPR, the recording of the sacramental status of the personmay be complete in relation to its purpose, even where it fails to reflect the current status of the individual’s relationship to those sacraments. 683. The fact that that Baptism Register records fail to indicate the status and relationship of the data subject vis-à-vis the Church does not amount to an infringement of the accuracy principle set out in Article 5(1)(d) GDPR. 684. Therefore, while a supplemental statement could be a pragmatic solution to provide clarity as to the factual position of an individual vis-à-vis their canonical status, it is not necessary as the basic facts recorded remain accurate in and of themselves. Issue 4 for Determination: whether, in circumstances where a right to rectification exists, the data subjects’ rights may be restricted by the Archbishop, pursuant to Section 61(1) of the 2018 Act, where the processing is for archiving purposes in the public interest, or by section 61(2) of the 2018 Act,where the processing is for historical research purposes and the exercise of the right would be likely to render impossible or seriously impair, the achievement of these purposes and the restriction is necessary for the fulfilment of those purposes. 685. As set out under the section on Legal Bases, the DPC formed the view that there is no legal underpinning for the Archbishop to rely upon Article 9(2)(j) of the GDPR as a lawful basis for the processing (or further processing) of personal data for the purposes of archiving in the public interest or for historical research purposes. Under those circumstances, I am of the view that it is not necessary to consider the issue as set out in the preceding paragraph. Findings 686. I find that: a. Data subjects may exercise the right to request rectification, in accordance with Article 16, of the personal data contained in the Baptism Registers. The Archbishop must assess each request on a case-by-case basis to assess on its own merit whether an inaccuracy arises as to a matter of fact or whether the personal data is incomplete; b. In circumstances where a data subject no longer wishes to be a member of the Catholic Church, the personal data and special category personal data contained in the Baptism Register is unlikely to be inaccurate, as it records a particular event, which occurred at a point in time: the receiving of the sacrament of baptism. In such circumstances the Archbishop will be required to undertake an individual assessment of the request for rectification and must comply with his obligations under Article 12(3) and Article 12(4) in order to facilitate the data subject’s rights under Articles 15 to 22 of the GDPR; c. That Baptism Register does not reflect the data subject’s membership of the Church. The ongoing processing of personal data in the Baptism Register does not infringe Article 5(1)(d) GDPR. In such circumstances,where a data subject notifies the Archbishop of their wish to leave the Catholic Church, a supplementary statement may be added by the Archbishop to the Baptism Register entry stating “No longer wishes to be identified as a Roman Catholic”, however this is not necessary as a matter of data protection law. d. Any amendment made to the hard copy authoritative Baptism Registers ought to be reflected in any copymade of the Registers, whether in electronic form, indexed registers or otherwise. e) RIGHT OF ERASURE Issues for determination 687. In relation to the Archbishop’s compliance with data subject rights under Article 17 of the GDPR, the following issues arise for determination: a) whether a data subject has the right to obtain from the Archbishop the erasure of personal data concerning him or her, in circumstanceswhere one of the grounds listed under Article 17(1)(a)-(f) of the GDPR applies; b) whether data subjects who no longer consider themselves to be members of the Catholic Church have the right to obtain erasure of their personal data in the Baptism Registers under the grounds set out at Article 17(1)(a)-(f) of the GDPR; and c) whether, a data subject’s right to erasure may be lawfully dis-applied by the Archbishop to the extent that processing is necessary: a. for exercising the right to freedom of expression and information, pursuant to Article 17(3)(a) of the GDPR; b. archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), pursuant to Article 17(3)(d) of the GDPR; and c. for exercising the right to freedom of religion. Relevant Provisions 688. Article 17(1) of the GDPR states that data subjects “shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing; c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2); d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject; f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1). 689. The right to obtain erasure under one of these grounds shall not apply, according to Article 17(3) of the GDPR, to the extent that processing is necessary: a) for exercising the right of freedom of expression and information; b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3); d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or e) for the establishment, exercise or defence of legal claims. 690. Article 19 of the GDPR requires that the “controller shall communicate any rectification or erasure of personal data or restriction of processing, carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data may have been disclosed, unless this proves impossible or involves disproportionate effort”. 691. Article 21(1) provides: “The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims”. 692. Recital 65 states: “In particular, a data subject should have the right to have his or her personal data erased and no longer processed where the personal data are no longer necessary in relation to the purposes for which they are collected or otherwise processed, where a data subject has withdrawn his or her consent or objects to the processing of personal data concerning him or her, or where the processing of his or her personal data does not otherwise comply with this Regulation. That right is relevant in particular where the data subject has given his or her consent as a child and is not fully aware of the risks involved by the processing, and later wants to remove such personal data, especially on the internet. The data subject should be able to exercise that right notwithstanding the fact that he or she is no longer a child.” 693. Recital 69 requires that “ personal data might lawfully be processed because processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or on grounds of the legitimate interests of a controller or a third party, a data subject should, nevertheless, be entitled to object to the processing of any personal data relating to his or her particular situation. It should be for the controller to demonstrate that its compelling legitimate interest overrides the interests or the fundamental rights and freedoms of the data subject.” Relevant Background: Baptism Registers 694. The Baptism Registers contain a record of individuals who have undergone the sacrament of baptism within the Catholic Church in Ireland, which is central to the administration of the Church. Under canon 535 §1, the Baptism Registers (along with all parochial registers) are to be “accurately inscribed and carefully preserved” by the parish priest. 695. The Guidelines, at Appendix 3, state that “[t]he handwritten registers are considered the only authentic copy of sacramental records. […]The manual register must always be consulted when issuing a certificate. The handwritten registersmust bemaintained and the registers themselves are never to be destroyed or discarded”.451 696. Though this is an own-volition Inquiry, certain of the complaints received by the DPC from data subjects prior to the commencement of this Inquiry stated that they wished to have their personal data erased from Church records, including Baptism Registers, in circumstances where they no longer consider themselves to be members of the Catholic Church. The DPC seeks to ascertain whether a right to obtain erasure arises in this context. 697. It is noted that should the right to erasure be considered to exist within the context of the Baptism Registers, the only data that could be erased would be the personal data of the individual who made the request. The remainder of the data would not be erased under such a request as that refers to the personal data of others for example, the names of parents or godparents. 451 Submissions dated 15 October 2020, Schedule of Documents, Directives and Guidelines for Sacramental and Pastoral Practice, Draft, The Chancellery, 2011, Appendix 3, (page 27 of the PDF submission). Archbishop’s Submissions 698. In considering whether a right to obtain erasure arises with respect to the Baptism Registers, the Archbishop submitted that the right to erasure only arises where one of six conditions or grounds under Article 17(1) have been fulfilled. With respect to Article 17(1)(a) – (f), the Archbishop submitted that these grounds do not apply for the reasons as set out hereunder: • Article 17(1)(a) – the Archbishop submitted that this ground does not apply, as set out in previous responses regarding the legal bases for processing, because the processing continues to be necessary.452 • Article 17(1)(b) – the Archbishop submitted that he “does not rely on consent as basis for processing personal data” in the Baptism Registers, and accordingly this ground does not apply.453 • Article 17(1)(c) – the Archbishop submitted that this ground is “based on an invocation of the right to object in Article 21 when processing is based on Article 6(1)(f).454 However, the Archbishop submits that compelling legitimate grounds for the processing have been demonstrated which override the interests, rights and freedoms of the data subject, with the result that Article 17(1)(c) is inapplicable”.455 699. In response to queries regarding the interests or fundamental rights and freedoms of data subjects the Archbishop considered in this context, as against the compelling legitimate grounds for the processing, and submitted that “[i]n respect of Parish baptismal registers, again, it is the Archbishop’s submission that hard copy, unindexed baptismal registers fall outside the scope of the GDPR. Insofar as any electronic or indexed hard copy registers are held by individual Parish Priests, it would be a matter for that Parish Priest to carry out the balancing test in respect of the individuals concerned”.456 700. The Archbishop further submitted that the retention of personal data by the parishes of church records “is unlikely to cause a barrier to individuals accessing services or opportunities, physical harm, financial loss, identity theft, fraud, or any other significant economic or social disadvantage (such as discrimination, loss of confidentiality or reputational damage). The Parishes do not derive any economic benefit from the retention of the personal data, nor is it used for any other purpose; other than at some future point being relevant to historical or public interest research”.457 452 Submissions dated 16 March 2020, page 49. 453 Submissions dated 16 March 2020, page 50. 454 Submissions dated 16 March 2020, page 50, footnote 72 states: “or Article 6(1)(e) which is not relevant in this context.” 455 Submissions dated 16 March 2020, page 50. 456 Submissions dated 15 October 2020, page 27. 457 Submissions dated 15 October 2020, page 27. 701. In respect of the rights of data subjects, which are to be considered in this context, the Archbishop listed the following European Convention on Human Rights (the ‘ECHR’) and Charter rights: • Article 8 ECHR – Right to respect for private and family life; • Article 9 ECHR/Article 10 Charter - Freedom of thought, conscience and religion; and • Article 8 Charter – Protection of Personal Data. 702. With respect to the Adopted Persons Baptism Register, the Archbishop submitted, “this register exists to protect the delicate balance between the legal obligation not to make traceable the connection between an adopted person and their birth parents, the right to privacy of the birth parents and the right of those persons to know more information about their family history. It is submitted that this is a complex area, in which attempts have been made to legislate further and to bring clarity to the position”.458 703. With respect to the compelling legitimate grounds for the processing considered by the Archbishop, the Archbishop referred to his previous submissions. With respect to the factors that were taken into account in deciding that the compelling legitimate interests pursued by the data controller would override the interests or fundamental rights and freedoms of the data subject, the Archbishop submitted that in relation to the parish Baptism Registers, “any potential impacts appear to be minimal. The information concerned is stored confidentially, it is not accessible to the public, it is not used for any profit-making purpose, but rather to record a person’s status in respect of sacraments administered within the Church”.459 704. The Archbishop submitted that the Article 17(1)(d) ground does not apply, as set out in previous responses regarding the legal bases for processing.460 705. The Archbishop submitted that Article 17(1)(e) and Article 17(1)(f) grounds are “not relevant and do not apply in this context”.461 706. The Archbishop further submitted that, even where a request from a data subject to obtain erasure is received “the processing of the personal data continues to be necessary for the purposes for which it was collected” as it is “essential for the administration of the affairs of the Catholic Church to maintain a register of all people who have been baptised in the Church. It is a factual record of an event that happened”462 and noted again that this positionwas recognised by the Data Protection Commissioner in his 2003 Annual Report. 458 Submissions dated 15 October 2020, page 28. 459 Submissions dated 15 October 2020, page 29. 460 Submissions dated 16 March 2020, page 50. 461 Submissions dated 16 March 2020, page 50. 462 Submissions dated 16 March 2020, page 50. 707. The Archbishop also noted that: “Moreover, also relevant in this regard is the right of every religious denomination “to manage its own affairs”, which has specific constitutional status under Art. 44.2.5°. It is not accepted that it has been shown that the displacement of this important right would be “necessitated by the obligations of membership of the European Union” for the purposes of Article 29.4.6 of the Constitution”.463 708. The Archbishop again stated that although it is not accepted that any such action would be necessary, it may be permissible for parishes to annotate the Baptism Registers with a statement such as “No longer wishes to be identified as a Roman Catholic” to address any concerns the DPC may have, as an alternative to erasure464. In this regard, the Archbishop also referred to the European Court of Human Rights judgment ofWegrzynowski and Smolczewski v Poland465, in particular paragraphs 65 and 66, and The EU General Data Protection Regulation edited by Kuner et al466. The Archbishop also noted again that the Data Protection Commissioner in Case Study 8 of his 2003 Annual Report also had regard to an offer of an annotation made by a parish priest. 709. Finally, the Archbishop submitted that even if one of the grounds or conditions under Article 17(1) were met, an exemption to the right of erasure under Article 17(3) of the GDPR would apply. Article 17(3) 710. The Archbishop confirmed that he considered it necessary, pursuant to Article 17(3)(d), to process church records held in church registers for archiving purposes in the public interest and for historical research purposes. 711. With respect to processing for archiving purposes in the public interest, the Archbishop referred to his previous responses in respect to Article 9(2)(j). The Archbishop submitted, “The Baptism Registers record the historical fact of baptisms having taken place. Over time, these registers assume a different importance becoming a unique archival and/or historic record of enduring value. Baptismal records are often, for example, sought by those carrying out genealogical research”.467 463 Submissions dated 16 March 2020, page 50. 464 Submissions dated 16 March 2020, page 50. 465 Application No. 33846/07, 16 July 2013. 466 Page 479 and pages 1260-61. 467 Submissions dated 16 March 2020, page 52. 712. With respect to processing for historical research purposes, the Archbishop noted that although the meaning of the term historical research is not set out, is does include “both historical research and research for genealogical purposes, as is clear from Recital 160”.468. The Archbishop also noted, “Baptism Registers record the historical fact of baptisms having taken place. Over time, these registers assume a different importance becoming a unique archival and/or historic record of enduring value”.469 713. In respect of the safeguards in accordance with Article 89(1) that have been put in place in order to safeguard the rights and freedoms of the data subject, the Archbishop submitted that the “baptism registers are subject to strict confidentiality requirements”. In addition, the Archbishop noted that if “a person wishes to leave the Church, and to have this fact acknowledged and recorded, a register for those who wish their de facto defection from the Church to be recorded is now maintained by the Chancellery Office on behalf of the Archbishop”.470 714. In response to why the Archbishop is of the view that granting the right to erasure would likely render impossible or seriously impair the achievement of the objectives of that processing, the Archbishop stated that: “In order for historical research and/or archiving in the public interest to be properly conducted it is necessary for records to be full and complete. Deletions of various of the records would leave ‘gaps’ for the future historian or researcher, which would seriously impair their research. The relevant archive would become known as being incomplete and limited. Also important in this regard is the unique nature of a baptismal record. It contains information that would not be replicated in State archives for example. Moreover, as already noted, baptismal records are often consulted by genealogical researchers”.471 715. The Archbishop also submitted that the exemption under Article 17(3)(a) applies, which refers to processing which is necessary for exercising the right of freedom of expression and information, in particular in relation to Church members in the Archdiocese. As submitted by the Archbishop: “in order to receive the sacraments of confirmation and marriage/Holy Orders, reference is always made to the entries made in the baptism register to establish (1) that the person has been baptised and (2) there is no impediment to receiving the proposed sacrament […] Erasure of records or of entries on records risks significantly undermining these important considerations, e.g. if someone were to seek and obtain erasure of a baptismal register which indicated that the person was married, and later, subsequent to such erasure, sought receive the sacrament of Holy Orders, or conceivably even the sacrament of marriage again. 468 Submissions dated 16 March 2020, page 52. 469 Submissions dated 16 March 2020, page 52. 470 Submissions dated 16 March 2020, page 53. 471 Submissions dated 16 March 2020, page 53. In that respect, it is noted that certain case law has interpreted the concept of freedom of expression as extending to expressive association, and thus it is submitted that the concept of expression is capable to extending to protect the associative interest in denominational rules and governance (quite apart from being this protected under Art. 44.2.5) Accordingly Art. 17(3)(a) is engaged”.472 Electronic Copies of the Baptism Registers and the Right to Obtain Erasure 716. The Archbishop has previously submitted that the “hard copy, bound volume is the only authentic, authoritative register”.473 The manual Baptism Register must always be consulted when issuing a baptismal certificate.474 The Archbishop has also submitted that certain electronic records of registers may be kept within parishes, such as scanned copies of the manual registers or information from the registers contained in electronic database systems.475 717. The Archbishop submitted that in relation to these electronic records “[f]rom a canon law perspective, there is no difficulty with the permanent erasure of any electronically-held records of baptism or other sacraments, as any electronically held version is not authoritative”.476 Legal Analysis 718. I havemade a finding above that the personal data and special category data held in the Baptism Registers falls within thematerial scope of Article 2(1) of the GDPR; I have alsomade the finding in this Decision that the Archbishop is the data controller in respect of all processing activities of the personal data and special category data contained in the Baptism Registers, the subject of this Inquiry. 719. It is also important for data subjects to note that their personal data is not just processed on the legal basis of their consent. Article 6(1) of the GDPR provides that personal data can be lawfully processed by data controllers on the basis of one of six grounds as set out under this Article and the consent of the data subject is only one such basis. In addition, although Article 9 (1) of the GDPR prohibits the processing of special category personal data (such as religious beliefs), Article 9(2) of the GDPR provides a list of exceptions to that prohibition and the explicit consent of the data subject is only one such exception. As set out previously in this Decision, I am satisfied that the Catholic Church lawfully processes the personal data and special category data contained within the Baptism Registers under Article 6(1)(f) and Article 9(2)(d) of the GDPR. 472 Submissions dated 16 March 2020, page 54. 473 Submissions dated 16 March 2020, page 31. 474 Submissions dated 16 March 2020, page 31. 475 Submissions dated 16 March 2020, page 12. 476 Submissions dated 16 March 2020, page 32. 720. In the normal course of events, data subjects first exercise their data protection rights as against the data controller, with recourse to the DPC should an issue arise. Article 12(2) of the GDPR states that the “controller shall facilitate the exercise of data subject rights under Articles 15 to 22”. Article 12(3) of the GDPR provides that the “controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request”. Provision is made for an extension of time for up to two further months in limited circumstances and the data subject must be notified if an extension of time is required prior to the expiry of the one-month time frame, setting out the reasons for the delay. 721. In order for the right to erasure to apply, one of the conditions as set under Article 17(1) must apply. In addition, under Article 17(3), data controllers can lawfully refuse an erasure request. It is worth noting at this point that data protection rights are not absolute rights. 722. The personal data contained within the Baptism Registers is collected in the first instance to record the fact that a baptism has taken place which is the first sacrament an individual receives when entering into the Catholic faith. The Archbishop has submitted that the recording of this event is necessary for the purposes of the administration of Church affairs and for the administration of the sacraments, some of which can only be received once and none of which can be received unless that individual is baptised in the first instance. The personal data contained within the Baptism Registers is therefore the reference point for both. The Archbishop has also submitted that the recording and processing of the personal data in the Baptism Registers is necessary for the purposes of pursuing the Church’s legitimate interest and there is no other less intrusive way in which the objectives of the Church can be achieved. 723. The DPC received complaints from numerous individuals who wish to exercise their right to erasure and have their personal data removed from the Baptism Registers. A number of these complainants also wish to defect from or leave the Catholic Church. As set out previously in this Decision, the process of defection from the Catholic Church is not a matter with which the DPC can assist; that is a matter between the Catholic Church and the individual complainants. The DPC’s jurisdiction is limited in that its parameters in this Inquiry are defined, not by how an individual can or should be permitted to defect from or leave an organisation such as the Church, but by the lawfulness of the processing of personal data that is taking place and the exercise of data subjects’ rights as set out in data protection law. Although the act of a defection from the Catholic Church and the erasure of an individual’s personal data from the Baptism Registers are somewhat interlinked, for the purposes of data protection law they are two entirely different issues. 724. However, I note that certain data subjects who no longer wish to have their personal data contained in the Baptism Registers may have subjective reasons in seeking to have it removed, which stem from their personal relationship with the Catholic Church and the ongoing processing may cause distress for such data subjects. 725. In relation to the Archbishop’s compliance with the data subject right under Article 17 of the GDPR I need to consider whether a data subject has the right to obtain from the Archbishop the erasure of personal data concerning him or her, in circumstances where one of the grounds listed under Article 17(1)(a)-(f) of the GDPR applies. 726. Based on the foregoing, I will now proceed to consider each ground under Article 17(1) of the GDPR and consider its applicability within the parameters of this Inquiry. Article 17(1)(a) 727. Article 17(1)(a) provides that the data subject has the right to obtain the erasure of personal data and the controller shall be obliged to erase the personal data where “the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed”. 728. If an individual wishes to exercise their right to erasure under Article 17(1)(a) of the GDPR, on the basis that the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, it will be incumbent at that stage for the data controller to identify and demonstrate that the processing remains necessary, and that there is no alternative option available to achieve the objective of the data controller. 729. Article 17(1)(a) of the GDPR does not state that a balancing exercisemust be undertaken similar to that of Article 6(1)(f) of the GDPR, it simply states that the data must be erased unless the processing of the data is still necessary. If it is still necessary to process the data, then there is no erasure of the data. 730. The submissions of the Archbishop regarding the significance and importance of the Baptism Registers in the administration of the Church have been set out above. The Guidelines establish that these Registers are the only authentic copy of sacramental records, which must be always maintained and never destroyed. This position has been elaborated upon in the Archbishop’s submission, which have been referenced throughout this Decision. Under such circumstances, the Archbishop submits that, in the furtherance of the administration of the Church and for the correct administration of the sacraments, the processing continues to be necessary. 731. As set out previously in this Decision, the Archbishop submitted “[w]ithout a complete baptism register the Catholic Church would be unable to operate a key tenet of its faith, the rule that a person may only be baptised once.” This essentially means that the need for the processing of the personal data for those who have been baptised into the Catholic faith will remain intact for their lifetime simply because, at any stage in one’s life, a sacrament may be administered (or an annulment may be permitted) and the Baptism Register will need to be noted accordingly. There is essentially no expiry date for the administration of sacraments for the life of an individual baptised into the Catholic faith. 732. If it is the case that the data controller is of the view that the processing of personal data continues to be necessary, the data controller is obliged to inform the data subject as to how this is so. The element of “necessity” must also be grounded on a lawful basis under Articles 6(1) and 9(2) of the GDPR, as there is a continuation of processing of personal data. At all times, the processing of personal data must have a lawful basis. 733. I note that some complainants wish to leave or defect from the Catholic Church and want to exercise their right to erasure of their personal data contained within the Baptism Registers. As set out previously in this Decision, the act of leaving the Catholic Church and the exercise of the right to erasure, while intertwined, are separate issues for the purposes of data protection law and the DPC cannot make a finding or determination on an individual’s wish to defect from or leave the Catholic Church and can only consider the processing of the personal data contained within the Baptism Registers. 734. I note that in response to some of the complainants who wished to have their data erased from the Baptism Registers, reliance was being placed on the fact that the registers are of archival and historical value and therefore the data could not be erased as its ongoing processing was necessary for such purposes. It has been set out above, that I have formed the view that the Archbishop cannot rely on Article 9(2)(j) of the GDPR, as there is no legal basis underpinning this processing as required. 735. As set out above, for the right to erasure to apply under Article 17(1)(a) of the GDPR, the personal data must be no longer necessary in relation to the purposes for which they were collected or otherwise processed. It is clear from the submissions of the Archbishop that once a decision has beenmade to enter into the Catholic faith, the record and processing of personal data surrounding that sacramental event remains necessary for the lifetime of that person, as it is a necessary record for the administration of the Church and the administration of subsequent sacraments. 736. It appears therefore to me that the absence or non-availability of this record would hinder the Catholic Church in the furtherance of its objectives as set out. The retention of the personal data and special category personal data remains necessary for the purposes for which it was collected by the Catholic Church in terms of the administration of Church affairs, for the lifetime of the data subject. The determination vis-à-vis Article 17(1)(a) 737. Based on the foregoing, I am of the view that a data subject does not have the right under Article 17(1)(a) of the GDPR to obtain from the Archbishop the erasure of personal data concerning him or her. Article 17(1)(b) 738. Article 17(1)(b) provides that the data subject has the right to obtain the erasure of personal data and the controller shall be obliged to erase the personal data where “the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing”. 739. Article 17(1)(b) of the GDPR and the withdrawal of consent is contingent on the processing of the personal data in question being processed in the first instance on the basis of consent under Article 6(1)(a) and Article 9(2)(a) of the GDPR. As set out under the section on Legal Bases of this Decision, the Archbishop is relying on Article 6(1)(f) and Article 9(2)(d) of the GDPR for the processing of personal data contained within the Baptism Registers. Although further reliance has been placed on Article 9(2)(j) of the GDPR by the Archbishop, I am of the view that the Archbishop cannot rely on this provision for the processing of personal data contained within the Baptism Registers. The determination vis-à-vis Article 17(1)(b) 740. Based on the foregoing, I am of the view that the personal data contained within the Baptism Registers was not and is not processed on the legal basis of consent under Article 6(1)(a) and explicit consent under Article 9(2)(a) of the GDPR. Therefore, data subjects cannot rely on withdrawal of consent pursuant to Article 17(1)(b) of the GDPR for the erasure of the personal data processed in the Baptism Registers. This applies in circumstances where the individual is a current member of the Catholic Church or whether they no longer consider themselves a member of the Catholic Church. Article 17(1)(c) 741. Article 17(1)(c) provides that the data subject has the right to obtain the erasure of personal data and the controller shall be obliged to erase the personal data where: “the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2)”. 742. Article 21(1) provides that: “The data subject shall have the right to object, on the grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.” 743. The foregoing provisions identify that for Article 17(1)(c) of the GDPR to apply, Article 21 must be invoked by an individual in the exercise of their right to erasure and that the processing of the personal data by the data controller must be under either Article 6(1)(e) or 6(1)(f). The Archbishop relies on Article 6(1)(f) of the GDPR for such processing so therefore, once Article 21 is invoked, the other component elements of Article 17(1)(c) and Article 21 must be considered. 744. Of relevance are Recitals 65 and 69 of the GDPR. Recital 65 states that a “data subject should have the right to have personal data concerning him or her rectified and a ‘right to be forgotten’ where the retention of such data infringes this Regulation or Union or Member State law to which the controller is subject.” In other words, it considers that the right to erasure arises where the processing is unlawful. Recital 69 states, “[w]here personal data might lawfully be processed because performance is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or on grounds of the legitimate interests of a controller or a third party, data subject should, nevertheless, be entitled to object to the processing of any personal data relating to his or her particular situation.” In other words, the processing is lawful in the first instance and there is an objection to the processing that requires a balancing exercise. 745. Article 21(1) of the GDPR provides that the data controller must demonstrate “compelling legitimate grounds” which override the rights and freedoms of the data subject, failure of which requires the erasure of the data by the data controller. Therefore, not only does the data controller need to identify that he has a legitimate interest, which overrides the rights and freedoms of the data subject, he must demonstrate that the legitimate interest is one that is “compelling”. 746. WP29 Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/67, adopted on 6 February 2018 and endorsed by the EDPB state: “It is clear from the wording of Article 21 that the balancing test is different from that found in Article 6(1)(f). In other words, it is not sufficient for a controller to just demonstrate that their earlier legitimate interest analysis was correct. This balancing test requires the legitimate interest to be compelling, implying a higher threshold for overriding objections”.477 [Emphasis added] 747. The foregoing demonstrates that the burden is on the data controller to identify that not only do they have a legitimate interest which overrides the fundamental interests and freedoms of the data subjects, but that it is one that is compelling, with a higher standard than under Article 6(1)(f) of the GDPR and this should be made clear to any data subject who wishes to exercise their right on these grounds. 748. The Archbishop states that: “Article 17(1)(c) is based on an invocation of the right to object in Article 21 when processing is based on Article 6(1)(f). However, the Archbishop submits that compelling legitimate grounds for the processing have been demonstrated which override the interests, rights and freedoms of the data subject, with the result that Article 17(1)(c) is inapplicable”.478 477 WP29, Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679, last revised and adopted on 6 February 2018, page 19; These Guidelines have been endorsed by the EDPB: https://edpb.europa.eu/our-work-tools/general-guidance/endorsed-wp29-guidelines_en 478 Submissions dated the 16 March 2020, page 50 749. He further states that the processing of the personal data contained within the Baptism Registers: “is essential for the administration of the affairs of the Catholic Church to maintain a register of all people who have been baptised in the Church. It is a factual record of an event that happened. This position was recognised by the Irish Data Protection Commissioner in 2003”.479 750. When specifically asked to identify “‘the compelling legitimate grounds for the processing considered by the Archbishop”, the Archbishop referred the DPC to their previous submissions.480 Those submissions relate to the elements of Article 6(1)(f) and Article 9. In that regard the Archbishop sets out the legitimate interests for the processing of personal data in the Baptism Registers which are, amongst other things, that Baptism Registers (and others) consist of a record of the administration of certain sacraments in the Church; that baptism is the first and basic sacrament of Christian initiation which can only be received once and therefore it is essential that a record of same bemaintained; the Baptism Register is of particular importance as it is the “gateway” to all the records of a person’s life within the Catholic Church; the Register has space for the recording of other sacraments that can also only be administered once; that the information contained within the Baptism Registers is “critical” in terms of certain key beliefs in the Catholic faith; that the importance of the permanency of the record was recognised by the Data Protection Commissioner in his Annual Report in 2003; that these legitimate interests are underpinned by fundamental rights protections under the Irish Constitution and the Charter of Fundamental Rights of the European Union; the Baptism Registers are central to the management of the affairs of the Church. In relation to Article 9(2)(d) of the GDPR, the Archbishop submits that the personal data contained in the Baptism Registers are processed in accordance with the legitimate activities of the Catholic Church.481 751. When specifically asked to identify the factors which led to the decision that the compelling legitimate interests pursued by the Data Controller would override those interests or fundamental rights and freedoms of the Data Subject, the Archbishop stated: “it is noted that the collection and retention of information regarding individuals in the Formal Defection register and de facto defection registers is at the request of the individuals themselves. It is submitted that a request for retention is implicit in a request for entry into the register. It is therefore considered that any impact on the interests or fundamental rights and freedoms of those individuals is either minimal, or non-existent. 479 Submissions dated the 16 March 2020, page 50 480 Submissions dated the 15 October 2020, page 28. 481 Submissions dated 16 March 2020, pages 33- 42. In relation to Parish baptismal registers, the Archbishop would also note that any potential impacts appear to be minimal. The information concerned is stored confidentially, is not accessible to the public, is not used for any profit-making purpose, but rather to record a person’s status in respect of certain sacraments administeredwithin the Church.”482 752. It is my view that any exercise of the right to erasure under Article 17(1)(c) of the GDPR must be accompanied by the right to object under Article 21 of the GDPR where the burden of proof regarding the compellability of the legitimate interests (under Article 21(1)) must be borne by the data controller. Having regard to the analysis of the legitimate interests of the Archbishop considered in the section analysing Article 6(1)(f) above, I am of the view that the legitimate interests of the Archbishop when considered in the circumstances of these particular requests collectively also constitute “compelling”’ legitimate grounds for the purposes of Article 21(1) of the GDPR. In this regard, I have taken into account the higher threshold for “legitimate grounds” as envisaged by the WP 2018 Guidelines (endorsed by the EDPB and referred to above). This applies in circumstances where the individual is a current member of the Catholic Church or whether they no longer consider themselves a member of the Catholic Church. Article 17(1)(d) 753. Article 17(1)(d) provides that the data subject has the right to obtain the erasure of personal data and the controller shall be obliged to erase the personal data where “the personal data have been unlawfully processed”. 754. For an individual to exercise their right to erasure under Article 17(1)(d) of the GDPR, the personal datamust have been unlawfully processed. A data controller unlawfully processes data when it is processed in the absence of a legal basis under Article 6(1) of the GDPR and or fails to fall one of the exceptions under Article 9(2) of the GDPR in the case of special category data. 755. Under the section on Legal Basis, this Decision analysed the lawful bases for the processing of the personal data and special category data. Set out therein are my findings which are that the processing of personal data containedwithin the Baptism Registers is lawful under Article 6(1)(f) of the GDPR and Article 9(2)(d) of the GDPR. I alsomade a finding that the Archbishop could not rely on Article 9(2)(j) of the GDPR for the purposes of processing or further processing the personal data and special category data of those named in the Baptism Registers, the subject of this Inquiry. The determination vis-à-vis Article 17(1)(d) 756. Based on the foregoing, it is the view of the DPC that as the personal data contained within the Baptism Register is lawfully processed, data subjects cannot rely on Article 17(1)(d) of the GDPR for the erasure of the personal data processed in the Baptism Registers. 482 Submissions dated 15 October 2020, page 29. 757. As set out above, the processing/recording of personal data surrounding sacramental events is a necessary record for the administration of the Church. It appears to me that the absence or non-availability of this record would hinder the Catholic Church in the furtherance of its objectives as set out. On that basis, this processing, which remains necessary, has a lawful basis under Article 6(1)(f) and Article 9(2)(d) of the GDPR. Therefore, an individual who no longer consider themselves a member of the Catholic Church cannot rely on Article 17(1)(d) of the GDPR for the erasure of the personal data processed in Baptism Registers. Article 17(1)(e) 758. Article 17(1)(e) provides that the data subject has the right to obtain the erasure of personal data and the controller shall be obliged to erase the personal data where “the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject”. The determination vis-à-vis Article 17(1)(e) 759. In relation to the Archbishop’s compliance with the data subject right under Article 17 of the GDPR, whether a data subject has the right to obtain from the Archbishop the erasure of personal data concerning him or her, in circumstances where one of the grounds listed under Article 17(1)(a)-(f) of the GDPR applies; 760. In relation to the Archbishop’s compliance with the data subject right under Article 17 of the GDPR, whether data subjects who no longer consider themselves members of the Catholic Church have the right to obtain erasure of their personal data in the Baptism Registers under the grounds set out at Article 17(1) of the GDPR. 761. The Archbishop is not subject to any legal obligation in either Union or in Member State law,- that requires the erasure, by him, of the personal data or special category data of any individual whose data is processed and recorded within the Baptism Registers, the subject of this Inquiry. On that basis, Article 17(1)(e) is not applicablewithin the facts and circumstances of this Inquiry. Article 17(1)(f) 762. Article 17(1)(f) provides that the data subject has the right to obtain the erasure of personal data and the controller shall be obliged to erase the personal data where “the personal data have been collected in relation to the offer of information society services referred to in Article 8(1)”. The determination vis-à-vis Article 17(1)(f) 763. The data controller is the Archbishop and does not offer information society services. On that basis, Article 17(f) of the GDPR is not applicable within the facts and circumstances of this Inquiry. Restrictions on the Right to Erasure 764. For determination are the issues as to whether, a data subject’s right to erasuremay be lawfully dis-applied by the Archbishop to the extent that processing is necessary: • for exercising the right to freedom of expression and information, pursuant to Article 17(3)(a) of the GDPR; • archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), pursuant to Article 17(3)(d) of the GDPR; and • for exercising the right to freedom of religion. 765. As the foregoing analysis demonstrates, the right to erasure of a data subject’s personal data and special category data contained with the Baptism Registers under Article 17(1) of the GDPR does not exist. Consequently, Article 17(3) of the GDPR does not apply. Under those circumstances, it is not necessary to consider the applicability of any of the restrictions on the exercise of an individual’s right to erasure as set out in the preceding paragraph as the point is now moot. Finding 766. Therefore, I find that: a. A data subject has not got the right to obtain from the Archbishop the erasure of personal data concerning him or her as none of the provisions under Article 17(1)(a)- (f) of the GDPR apply; b. Data subjects who no longer consider themselves to be members of the Catholic Church do not have the right to obtain erasure of their personal data in the Baptism Registers under the grounds set out at Article 17(1)(a)-(f) of the GDPR; c. Under those circumstances, the provisions of Article 17(3) do not apply. f) STORAGE LIMITATION Issues for determination 767. In relation to the Archbishop’s compliance with the principle of storage limitation as contained in Article 5(1)(e) of the GDPR, the following issues arise for determination: a. whether the personal data and special category personal data contained in the Baptism Registers are kept in a form which permits identification for no longer than is necessary; b. whether the personal data and special category personal data contained in the Baptism Registers are processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, and are subject to the implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject; c. whether, in circumstances where the personal data and special category personal data is processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, it may be stored for longer periods. Relevant Provisions 768. Article 5(1)(e) of the GDPR sets out the principle of storage limitation and requires that personal data be: “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject.” Archbishop’s submissions 769. The Archbishop submitted that he is “satisfied that the requirements of Article 5(1)(e) are met”.483 770. He further submitted that “it is essential for the administration of the sacraments of baptism, confirmation, marriage and holy orders to be assured that these sacraments have been administered once only in a person’s lifetime. De-identification of the record would undermine the purpose for which the record is created andmaintained. Therefore the storage of these data is necessary on a permanent basis, for the purposes for which the data are processed”.484 483 Submissions dated 16 March 2020, page 47. 484 Submissions dated 16 March 2020, page 47. 771. The Archbishop also noted that Articles 5(1)(e) “permits the storage of personal data for longer periods if it is for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes and is subject to implementation of appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject”.485 The Archbishop referred to his previous submissions relating to the technical and organisational measures which apply to the Baptism Registers “and which safeguard the rights and freedoms of the data subject”.486 Legal Analysis First Issue for Determination: Whether the personal data and special category personal data contained in the Baptism Registers are kept in a form that permits identification for no longer than is necessary 772. The importance of the recording and processing of personal data in the Baptism Registers vis- à-vis the administration of Church affairs, per the Archbishop’s submissions, has been identified throughout the course of this Decision. The Archbishop also indicated that de-identification of the personal data and special category personal data in the Baptism Registers would “undermine the purpose for which the record is created and maintained”.487 773. Article 5(1)(e) of the GDPR requires a controller to keep personal data “in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed”. This means that a controller must delete or anonymise personal data once it is no longer necessary for the purposes for which they were originally collected. 774. The Archbishop contends that it remains necessary to keep the personal data and special category personal data contained in the Baptism Registers in a form, which permits identification on a “permanent basis”, for the purposes of the administration of certain sacraments of the Catholic Church. 775. With respect to whether it is necessary to retain the personal data and special category personal data in a form, which permits identification to achieve the purposes of processing, the concept of necessity is relevant. This conceptwas considered earlier in this Decision under legal bases.488 485 Submissions dated 16 March 2020, page 47. 486 Submissions dated 16 March 2020, pages 29-31. 487 Submissions dated 16 March 2020, page 47. 488 C-465/00, C-138/01 and C-139/01 Österreichischer Rundfunk ECLI:EU:C:2003:294, paragraph 88. 776. The Archbishop has stated that de-identification of the personal data and special category personal data in the Baptism Registers would “undermine the purpose for which the record is created and maintained”489 which is for the administration of certain sacraments and to ensure such sacraments are not administered more than once in a person’s lifetime. As set out earlier, there is no set timeframe in a person’s life vis-à-vis the administration of sacraments and on that basis, the Baptism Registers remain live registers for the lifetime of that person. In respect of the reasonableness and proportionality of retaining this personal data on a permanent basis, it is difficult to ascertain how individuals who have been baptised could be otherwise identified correctly, during their lifetime, for the purposes of administering further sacraments, without the retention of a minimum amount of personal data and special category personal data such as is contained in the Baptism Register. Such data includes: “ 1. Christian name of person for baptism 2. Surname 3. Born/Day/Month 4. Name of Parent(s)/guardian(s) 5. Residing at Domicile 6. Duly Baptised – Day/Month 7. Celebrant of Baptism 8. Name(s) of Godparent(s)”490 777. Further sacraments administered are annotated in the Baptism Registers. As such, I am of the view that the retention is reasonable and necessary to achieve the stated purposes. 778. In my view, no equally effective alternative to retaining a minimum amount of personal data and special category personal data in a form, which permits identification, is apparent. In circumstances where the personal data and special category personal data must permit identification in order to achieve the purpose in question, retention of anonymised data would not be a suitable equally effective alternative measure. Further, in circumstances where it is conceivable that individuals who have undergone baptism in the Archdiocese may share the same name, the same birth date or may have parents who share similar names, it is proportionate for the Archdiocese to retain a minimum amount of personal data and special category data. This should be limited to the personal data listed above in order to ensure that the sacramental status of an individual may be sufficiently verified. The retention of less personal data and special category personal data would likely be marginally less intrusive to data subjects, however, itmay significantly lessen the effectiveness of themeasures in order to achieve the stated purpose. 489 Submissions dated 16 March 2020, page 47. 490 Submissions dated 16 March 2020, page 25. 779. I am satisfied that keeping personal data and special category personal data in the Baptism Registers in a form which permits identification remains necessary during the life time of the data subjects in question who have undergone baptism in the Archdiocese. This is in order to achieve the purpose of correctly administering certain sacraments thatmay only be undertaken once in a person’s lifetime. 780. I also wish to note that the GDPR does not apply to the personal data and special category personal data of deceased persons, further to Recital 27 of that Regulation. As such, the Archbishop is not under an obligation to comply with the principle of storage limitation once the lifetime of the data subjects in question ends. Second Issue for Determination 781. The second issue for determination is whether the personal data and special category personal data contained in the Baptism Registers are processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, and are subject to the implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject 782. The Archbishop stated that the personal data and the special category personal data which is contained in the Baptism Registers are “essential for the administration of the affairs of the Catholic Church”,491 in particular to maintain a record of people who have been baptised and to set out a “person’s status in respect of certain sacraments, which can be administered only once in a person’s lifetime”492. The Archbishop stated that the purpose for which this personal data and special category personal data was collected is also “to record the fact that a person received the sacrament of baptism into the Roman Catholic Church on a particular date”493. 783. Further, in respect to archiving purposes in the public interest and historical research purposes, the Archbishop stated, “The Baptism Registers record the historical fact of baptisms having taken place. Over time, these registers assume a different importance becoming a unique archival and/or historic record of enduring value. Baptismal records are often, for example, sought by those carrying out genealogical research”.494 784. With respect to appropriate technical and organisational measures in place in order to safeguard the rights and freedoms of the data subject, the Archbishop stated that the following technical and organisational measures were in place: • the Adopted Persons Baptism Registers and the Clonliffe College Registers are securely stored in the Chancellery Offices; • the parish Baptism Registers are normally “kept in safe rooms, fire-proofed, and are accessible only by the pastor and authorised Parish personnel”495; 491 Submissions dated 16 March 2020, page 50. 492 Submissions dated 16 March 2020, page 48. 493 Submissions dated 16 March 2020, page 54. 494 Submissions dated 16 March 2020, page 52. 495 Submissions dated 16 March 2020, page 29. • the parish priest is under an obligation “to take care that the baptism registers do not fall into unauthorised hands. The Diocesan Bishop or his delegate is to inspect the archive at the time of the visitation. Older parochial registers are also to be carefully safeguarded, in accordance with the provisions of particular law”;496 and • the Archbishop “organises data protection training days for Parish Priests and members of the parish administrative teams. It is also open to Parish Priests to organise their own training in respect of data protection matters”497. 785. I have previously considered whether the personal data and special category personal data contained in the Baptism Registers may lawfully be processed relying on archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (Article 9(2)(j)) as the legal basis for processing. It is my view that the Archbishop may not rely on archiving purposes in the public interest and historical research purposes as a legal basis for processing for the reasons as previously set out. 786. As the central purpose for processing the data contained in the Baptism Registers is in order to keep an accurate record of the sacramental status of individuals with such processing having a lawful basis under Article 6(1)(f) and Article 9(2)(d) of the GDPR, it is not necessary to consider the technical and organisational measures pursuant to Article 9(2)(j) and or Article 89(1) of the GDPR. Third Issue for Determination: 787. The third issue for determination is whether, in circumstances where the personal data and special category personal data is processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, it may be stored for longer periods 788. As set out above, the central purpose for processing the data contained in the Baptism Registers is for the purposes of maintaining an accurate record of the sacramental status of individuals. Consequently as there is no limitation during the life of a person as to when sacraments can be administered and the records can lawfully be maintained for the lifetime of an individual. Therefore, any evaluation of storage data for ‘”longer periods” than one’s lifetime is moot. Findings 789. I find that the Archbishop did not infringe the principle of storage limitation contained in Article 5(1)(e) of the GDPR. In particular, I make the following findings: a. The personal data and the special category personal data contained in the Baptism Registers are kept in a form that permits identification for no longer than is necessary which is essentially for the lifetime of an individual. I am satisfied that this is necessary, given the purpose for which the Baptism Registers aremaintained and it does not give rise to an infringement by the Archbishop regarding the principle of storage limitation. 496 Submissions dated 16 March 2020, page 29. 497 Submissions dated 23 July 2021, page 7. b. The personal data and the special category personal data contained in the Baptism Registers are not processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR. c. As the personal data is lawfully processed under Article 6(1)(f) and Article 9(2)(d) of the GDPR during the lifetime of the data subjects who are members and or former members of the Catholic Church, the issue of longer storage periods under Article 9(2)(j) and or Article 89(1) of the GDPR does not arise. g) SUMMARY OF FINDINGS 790. Having carefully considered the submissionsmade by the Archbishop I now summarisemymain findings in this Decision, which are as follows: a. Material Scope: i. That hardcopy Baptism Registers form part of a filing system or are intended to form part of a filing system, having regard to the definition of filing system under Article 4(6) of the GDPR; ii. That no exemptions under Article 2(2) of the GDPR apply to the processing of the personal data and special category data contained within the Baptism Registers. b. Controllership: i. That the Archbishop and Parish Priests are joint controllers of the personal data and special category data contained in the Parish Baptism Registers with respect to the processing activities of collection and recording of data only; ii. That the Archbishop is the sole controller of the personal data and special category data in the Parish Baptism records with respect to the processing activities of storage and retention, standard and special annotation and alteration; iii. That the Archbishop is the sole controller of the personal data and special category data in the Clonliffe College Registers with respect to all processing activities; iv. That the Archbishop is the sole controller of the personal data and special category data contained in the Adopted Persons Baptism Register with respect to all processing activities. c. Legal Bases i. That the Archbishop may lawfully rely on legitimate interests under Article 6(1)(f) of the GDPR as a legal basis for the processing of personal data of data subjects which is recorded in the Baptism Register, even in such instances where a data subject no longer wishes to be associated with the Catholic Church; ii. That subject to safeguards, the Archbishop’s interests in retaining the personal data contained in the Baptism Registers are not overridden by the interests or fundamental rights and freedoms of the data subjects; iii. That the Archbishop may rely on the legal basis under Article 9(2)(d) of the GDPR for the processing of data subjects’ special category data during the course of their lifetime, being members or former members of a not-for-profit with a religious aim; iv. That the Archbishop, in processing the special category personal data in accordance with Article 9(2)(d) of the GDPR, has in place the required appropriate safeguards for such processing under Article 9(2)(d); v. That the Archbishop cannot lawfully rely upon Article 9(2)(j) of the GDPR for the purposes of further processing the personal data and special category data of those named in the Baptism Registers, the subject of this Inquiry. d. Rectification i. That data subjects may exercise the right to request rectification, in accordance with Article 16, of the personal data contained in the Baptism Registers; ii. That the Archbishop must comply with his obligations under Article 12(3) and Article 12(4) of the GDPR in order to facilitate requests in relation to data subject’s rights under Articles 15 to 22 of the GDPR; iii. That in circumstances where a data subject no longer wishes to be a member of the Catholic Church a supplementary statement could be added by the Archbishop to the Baptism Register entry stating “No longerwishes to be identified as a Roman Catholic”; iv. Any amendment made to the hard copy authoritative Baptism Registers ought to be reflected in any copy made of the Registers, whether in electronic form, indexed registers or otherwise. e. Erasure i. That a data subject has not got the right to obtain from the Archbishop the erasure of personal data concerning him or her as none of the provisions under Article 17(1)(a)- (f) of the GDPR apply; ii. That data subjects who no longer consider themselves to be members of the Catholic Church do not have the right to obtain erasure of their personal data in the Baptism Registers under the grounds set out at Article 17(1)(a)-(f) of the GDPR; iii. In the circumstances where a ground under Article 17(1) have not been met the provisions of Article 17(3) do not apply. f. Storage Limitation i. That the personal data and the special category personal data contained in the Baptism Registers are kept in a form that permits identification for no longer than is necessary which is essentially for the life time of an individual; ii. That the personal data and the special category personal data contained in the Baptism Registers are not processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR; iii. That as the personal data is lawfully processed under Article 6(1)(f) and Article 9(2)(d) of the GDPR during the lifetime of the data subjects who are members and or former members of the Catholic Church, the issue of longer storage periods under Article 9(2)(j) and or Article 89(1) of the GDPR does not arise. Recommendations 791. One of the issues for determination in this Decision was the issue of controllership. This arises in circumstanceswhere the Archbishop is of the view that hewas not and is not a data controller of the relevant Parish Baptism Registers and that the Parish Priest was and is in fact the data controller. On that basis the Archbishop submitted “[I]t is a matter for individual Parishes to address the transparency principle in respect of registers held by them and which are subject to the GDPR. However, in relation to the register of baptisms of persons who are adopted, the Parish of baptism will direct adopted persons applying for baptismal certificates to the Chancellery”.498 792. The imposition of obligations and duties under the GDPR flow from controllership and one of those obligations is transparency of processing which is provided for under Article 5(1)(a) of the GDPR. In light of the findings of this Decision, that the Archbishop is the joint controller along with the parish priests for collection and recording and sole controller of the relevant Baptism Registers with respect to the processing activities of storage and retention, standard and special annotation and alteration, certain obligations and duties fall to him to fulfil, including his obligations and duties in relation to transparency under Article 5(1)(a) of the GDPR. 793. I am of the view that it is necessary and proportionate for the purpose of ensuring compliance with the GDPR that I make the following orders to the Archbishop as controller i. update the Privacy Policy of the Archdiocese to identify that the Archbishop is the data controller for the processing of personal data and special category data held in all Baptism Registers within his Archdiocese; ii. set out in the Privacy Policy the lawful basis of such processing together with the retention periods for such personal data; iii. set out in their Privacy Policy that the subsequent administration of certain sacraments to an individual are annotated in the Baptism Register, explaining why this is so; iv. ensure that the parishes within the Archdiocese make the relevant notice accessible and available to those undertaking sacraments. 498 Submissions 15 October 2020 page 33 G. Finding Regarding Article 5(2) 794. The scope of this inquiry included an analysis of compliance with Article 5(1)(e) GDPR and the associated ability to demonstrate that compliance. In the circumstances, the personal data was retained for a purpose that was to document that certain baptisms occurred on specific dates. I do not find any infringement of Article 5(2) GDPR in relation to demonstrating this principle of storage limitation in relation to the original entries in the Baptismal Registers. Therefore, I find that the Archbishop did not infringe Article 5(2) GDPR. H. Decision on Corrective Powers 795. I have set out above, pursuant to section 111(1)(a) of the 2018 Act, my decision to the effect that the Archbishop has infringed Article 5(1)(a) of the GDPR. This finding was made in paragraph 622. 796. Under section 111(2) of the 2018 Act, where the DPCmakes a decision (under section 111(1)(a)), it must, in addition, make a decision as to whether a corrective power should be exercised in respect of the controller or processor concerned and, if so, the corrective power to be exercised. The remaining question for determination in this Decision is whether or not that infringement merits the exercise of any of the corrective powers set out in Article 58(2) GDPR and, if so, which corrective powers. 797. Article 58(2) GDPR sets out the corrective powers that supervisory authorities may exercise in respect of non-compliance by a controller or processor. In deciding whether to exercise those powers, Recital 129 provides guidance as follows: …each measure should be appropriate, necessary and proportionate in view of ensuring compliance with this Regulation, taking into account the circumstances of each individual case… 798. Having carefully considered the infringement identified in this Decision, I have decided to exercise a certain corrective power in accordance with section 115 of the 2018 Act and Article 58(2) GDPR. In summary, the corrective power that I have decided is appropriate to address the infringement in the particular circumstances is: An order to the Archbishop to update the Privacy Notice in the manner outlined in paragraph 793. I. Order to amend the Privacy Policy 799. Under Article 58(2)(d) GDPR, supervisory authorities have the power “to order the controller or processor to bring processing operations into compliance with the provisions of this Regulation, where appropriate, in a specified manner and within a specified period.” 800. Vindication of the rights available to data subjects pursuant to Chapter III of the GDPR depends upon, inter alia, the clear identification of the controller. 801. In light of the identified infringement of Article 5(1)(a) GDPR, I order the Archbishop to make the updates to the Privacy Policy specified in paragraph 793 by one month from the date of the Final Decision in this Inquiry. J. Right of appeal 802. This Decision is issued in accordance with section 111 of the 2018 Act. Pursuant to section 150(5) of the 2018 Act, the Archbishop has the right to appeal against this decision within 28 days from the date on which notice of the Decision is received by it. Appendix 1: LIST OF ABBREVIATIONS/ RELEVANT TERMS the 2018 Act the Archbishop/Archdiocese Canon Law the Chancellor the Chancellery Data Protection Act 2018 the Archbishop of Dublin/Archdiocese of Dublin Canon Law is the internal law of the Roman Catholic Church assists the Archbishop in the governance of the Archdiocese is an office of the Archdiocese which assists the Chancellor in the discharge of his functions within the diocesan curia of the Archdiocese the Charter Charter of Fundamental Rights of the European Union the CJEU Court of Justice of the European Union the Decision the Decision of the Data Protection Commission delivered in the context of an own-volition inquiry the DPC Data Protection Commission (previously the Data Protection Commissioner prior to the entry into application of the Data Protection Act 2018) the Commissioner Data Protection Commissioner established pursuant to the Data Protection Acts 1988– 2003 the Complaints Complaints received in the DPC pursuant to Article 77 of the GDPR the Complainants Natural persons who lodged the complaints the Directive Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data EDPB European Data Protection Board GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC the Inquiry The inquiry commenced pursuant to Section 110 of the 2018 Act