Law on Ecclesiastical Data Protection

The Law on Ecclesiastical Data Protection (KDG) regulates data protection in church matters for the Roman Catholic Church in Germany . The EU General Data Protection Regulation allows churches or religious communities to apply their own data protection regulations in Art. 91, provided that these are "brought into harmony" with the regulation. Accordingly, the KDG is intended to bring about conformity with the General Data Protection Regulation for the area of the Roman Catholic Church in Germany. On May 24, 2018, it replaced the order on church data protection .

The churches in Germany have the right to determine their own legal systems for their area on the basis of the church's right to self-determination in Article 137, Paragraph 3 of the Weimar Constitution in conjunction with Article 140 of the Basic Law . Due to the subsidiarity clause in Section 2 (2) of the Act, special church or state regulations for the protection of personal data take precedence over the regulations of this Act. According to ecclesiastical law, these are, in particular, the provisions on the preservation of confessional and pastoral secrecy, the other specific data protection regulations that exist in some dioceses, for example for the protection of patient data in Catholic hospitals and the professional secrecy for employees according to § 5 Paragraph 1 AVR-Caritas . According to state law, the criminal law regulated confidentiality obligation of § 203 StGB takes precedence over the law. In contrast, the regulations of social data protection have no effect in the church area.

The scope of application of the law extends not only to the area of the so-called constituted church, but also to the German Caritas Association, the diocesan Caritas associations, their subdivisions and professional associations and all church foundations, corporations, institutions, institutions and works regardless of their legal form. As a result, the law regulates the handling of personal data of a large number of citizens, for example

are a member of the Catholic Church through baptism or entry into the church and are thus recorded in the church register,

be treated in a Catholic hospital ,

live as a child or adolescent in a Catholic youth welfare facility,

go to a catholic drug counseling center ,

go to a Catholic educational counseling center as parents ,

are looked after by a Catholic institution within the framework of legal care ,

as those in need of care are cared for by a Catholic care service.

as employees are included in the scope of the KDG.

The respective local bishops must formally put the KDG into force for their diocese . The Archbishop of Hamburg issued the law on December 22, 2017.

The bishops are obliged to appoint a diocesan data protection officer as head of data protection supervision for their diocese (§ 42 KDG). The diocesan data protection officer is not bound by instructions in the exercise of his work and is only subject to church law and the state law that is binding on the churches (§ 43 KDG). Every person concerned has the right to complain to the diocesan data protection officer if they are of the opinion that the processing of their personal data violates the provisions of the KDG or other data protection regulations (Section 48 KDG).

In the event of violations of the KDG, fines of up to 500,000 euros are imposed (Section 51 KDG). For this purpose, the diocesan data protection officer forwards the process to the enforcement authority responsible under national law.

Web links

Law on ecclesiastical data protection (KDG) in the version of the unanimous resolution of the general assembly of the Association of Dioceses of Germany of November 20, 2017 (PDF)

Individual evidence

↑ "Consistency means that church data protection must protect fundamental rights and freedoms at least to the same extent as state data protection. The church protection of personal data must not be weaker, but stronger than state protection. A similar regulation is not necessary, probably but one that is equivalent and - taking into account special church circumstances - offers an equally high level of data protection as state data protection law. " (Papenheim, Legal Information Service 3/2018, Caritas in NRW)
↑ Law on Church Data Protection (KDG) of December 29, 2017, Church Official Gazette of the Archdiocese of Hamburg 2018, page 2 (PDF; 822 kB)
^ Addresses of the diocesan data protection officers of the Catholic Church in Germany | Data protection in the Catholic Church. (No longer available online.) Archived from the original on April 13, 2018 ; accessed on April 13, 2018 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2

[1] "Consistency means that church data protection must protect fundamental rights and freedoms at least to the same extent as state data protection. The church protection of personal data must not be weaker, but stronger than state protection. A similar regulation is not necessary, probably but one that is equivalent and - taking into account special church circumstances - offers an equally high level of data protection as state data protection law. " (Papenheim, Legal Information Service 3/2018, Caritas in NRW)

[2] Law on Church Data Protection (KDG) of December 29, 2017, Church Official Gazette of the Archdiocese of Hamburg 2018, page 2 (PDF; 822 kB)

[3] Addresses of the diocesan data protection officers of the Catholic Church in Germany | Data protection in the Catholic Church. (No longer available online.) Archived from the original on April 13, 2018 ; accessed on April 13, 2018 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2

Law on Ecclesiastical Data Protection

Web links

See also

Individual evidence