Order on church data protection
The order on church data protection (KDO) was the data protection regulation applicable to the area of the Roman Catholic Church in Germany . When the General Data Protection Regulation came into effect on May 25, 2018, it was replaced by the Law on Church Data Protection . The churches in Germany have the right to determine their own legal systems for their area on the basis of the church's right to self-determination in Article 137, Paragraph 3 of the Weimar Constitution in conjunction with Article 140 of the Basic Law . Due to the European Data Protection Directive 1995/46 / EC, you are obliged to set up rules on data protection.
Due to the subsidiarity clause in Section 1 (3) KDO, special church or state regulations for the protection of personal data of the KDO take precedence. According to ecclesiastical law, these are, in particular, the regulations on the protection of confessional and pastoral secrecy, the other specific data protection regulations that exist in some dioceses, e.g. B. to protect patient data in Catholic hospitals and the professional confidentiality for employees according to § 5 Abs. 1 AVR-Caritas . According to state law, the KDO takes precedence over the criminally regulated confidentiality obligation of Section 203 StGB. In contrast, the regulations of social data protection have no effect in the church area.
If the KDO defines its own regulations for individual areas, these usually take precedence over the state or federal data protection law .
The scope of the KDO extends not only to the area of the so-called constitutional church, but also to the German Caritas Association, the diocesan Caritas associations, their subdivisions and professional associations and all church foundations, corporations, institutions, institutions and works regardless of their legal form. As a result, the KDO collects the personal data of a large number of citizens. B.
- are a member of the Catholic Church through baptism or entry into the church and are thus recorded in the church register,
- be treated in a Catholic hospital ,
- live as a child or adolescent in a Catholic youth welfare facility,
- go to a catholic drug counseling center ,
- go to a Catholic educational counseling center as parents ,
- are looked after by a Catholic institution within the framework of legal care ,
- as those in need of care are cared for by a Catholic care service.
- as employees are included in the sphere of activity of the KDO.
The respective local bishops must formally put the KDO into force for their diocese . All the bishops in Germany have done this.
The bishops are obliged to appoint a diocesan data protection officer for their diocese (§ 16 KDO). The diocesan data protection officer is independent in the exercise of his activity and is only subject to church law or the state law that is binding on the churches. Anyone can turn to the diocesan data protection officer if they believe that their rights have been violated by church authorities during the collection, processing or use of their personal data (§ 15 KDO).
The KDO does not provide for sanctions for violations, in contrast to the Federal Data Protection Act (fifth section). Insofar as a violation also violates state law, this can, however , give rise to claims for damages under civil law or be punishable in the event of a violation of confidentiality . However, if an employee of a church-owned institution violates the rules of the KDO, this can have consequences under labor law.
See also
Web links
- Working aid of the German Bishops' Conference on data protection and reporting rights of the Catholic Church (with the text of the KDO), Bonn 2006 (PDF; 569 kB)
- Overview of the regulations of the church data protection on www.datenschutz-kirche.de
- Names and addresses of the diocesan data protection officers of the German dioceses
Individual evidence
- ↑ Data protection in the Catholic Church ( Memento from December 7, 2010 in the Internet Archive )
