Berliner Beauftragte für Datenschutz und Informationssicherheit – Court Ruling (Germany, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Administrative Court of Berlin ruled that the church's data protection practices are under church supervision, not state supervision. This case matters because it clarifies that churches can have their own data protection authorities, which are independent from state authorities.
What happened
The court ruled that church data protection is subject to church supervision, not state supervision.
Who was affected
Individuals who received questionnaires from the church tax office about their children's religious affiliation.
What the authority found
The court agreed with the Berlin DPA that church data protection is under the church's own supervisory authority, compliant with GDPR.
Why this matters
This decision clarifies that churches can establish independent data protection authorities, which may affect how individuals interact with religious organizations regarding their data.
GDPR Articles Cited
In November 2019, the church tax office (controller) sent the data subjects questionnaires to provide information on the religious affiliation of their two minor children. In December 2019, the data subjects requested the controller to refrain from such requests. Nevertheless, the controller requested the data subjects to complete the forms again in January 2020. Consequently, in August 2020, the data subjects filed a complaint with the Berlin DPA (Berliner Beauftragte für Datenschutz und Informationssicherheit). They claimed that the questionnaire was unlawful under data protection law. The DPA dismissed the complaint, arguing mainly that it was not competent to decide on the matter because of the church's special competence. Furthermore it did not find a breach of data protection law. Before the court, the data subjects pursued their claim. The Administrative Court of Berlin dismissed the data subjects' claim. The court agreed with the DPA that it had rightfully declared itself incompetent in the matter. First, it held that church data protection such as in the case is subject to church supervision and not to state supervision. According to Article 91(2) GDPR, churches are entitled to establish their own independent supervisory authorities. While the wording of the provision does not clearly state whether such authority must be of an official nature or independent, the court interpreted the provision based on its systematic nature. As Article 91(2) GDPR explicitly mentions that the specific supervisory authority must fulfill the conditions of Chapter VI of the GDPR, such reference would be redundant if only state authorities were allowed since such authorities have to fulfill these regulations in any case. This position is also supported by Recital 128 GDPR. Therefore, the court found the independent nature of the church supervisory authorities to be GDPR-compliant. Second, it clarified that church data protection law must be understood as a comprehensive data
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Berliner Beauftragte für Datenschutz und Informationssicherheit in DE
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Berliner Beauftragte für Datenschutz und Informationssicherheit - Germany (2022). Retrieved from cookiefines.eu
Last updated: