Association diocésaine d'Angers – Court Ruling (France, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
On 15 February 2020, a data subject lodged a complaint with the French DPA (“CNIL”) regarding the refusal by the Diocesan association of Angers to grant his request for access to personal data concerning him contained in the baptism register of Angers’ diocese and to exercise his right to erasure and to object the processing of his personal data. After noting that the access request had been granted by the controller, the CNIL considered that (i) the data subject could not rely on any of the grounds for deletion mentioned in Article 17(1) GDPR and (ii) the insertion in the margin of the register of a statement indicating that the data subject did not recognize the value of his baptism could be regarded as satisfying the exercise of his right to object under Article 21(1) GDPR. Therefore, in a letter dated 2 December 2021, the CNIL informed the data subject of their decision to close the complaint. The data subject appealed this decision asking the French Supreme Administrative court (“Conseil d’Etat”) to annul it. Firstly, regarding the lawfulness of the processing in itself, data revealing a person’s religious beliefs is, by virtue of Article 9 GDPR, sensitive data whose processing is, in principle, prohibited. By way of exception, the processing of such data is authorised, in particular under Article 9(2)(d) if it is carried out, in the context of their legitimate activities and subject to appropriate safeguards, by an association pursuing a religious aim, provided that the processing relates to members, former members or persons having regular contact with it. The Conseil d’Etat noted that the baptism registers kept by the Catholic Church are intended to keep a record of every event. This personal data was only accessible to the persons concerned and the registers were kept in a closed place before being deposited in the diocese’s historical archives for a period of 120 years. The Conseil d’Etat therefore considered that the mention of personal data in the ba
GDPR Articles Cited
On 15 February 2020, a data subject lodged a complaint with the French DPA (“CNIL”) regarding the refusal by the Diocesan association of Angers to grant his request for access to personal data concerning him contained in the baptism register of Angers’ diocese and to exercise his right to erasure and to object the processing of his personal data. After noting that the access request had been granted by the controller, the CNIL considered that (i) the data subject could not rely on any of the grounds for deletion mentioned in Article 17(1) GDPR and (ii) the insertion in the margin of the register of a statement indicating that the data subject did not recognize the value of his baptism could be regarded as satisfying the exercise of his right to object under Article 21(1) GDPR. Therefore, in a letter dated 2 December 2021, the CNIL informed the data subject of their decision to close the complaint. The data subject appealed this decision asking the French Supreme Administrative court (“Conseil d’Etat”) to annul it. Firstly, regarding the lawfulness of the processing in itself, data revealing a person’s religious beliefs is, by virtue of Article 9 GDPR, sensitive data whose processing is, in principle, prohibited. By way of exception, the processing of such data is authorised, in particular under Article 9(2)(d) if it is carried out, in the context of their legitimate activities and subject to appropriate safeguards, by an association pursuing a religious aim, provided that the processing relates to members, former members or persons having regular contact with it. The Conseil d’Etat noted that the baptism registers kept by the Catholic Church are intended to keep a record of every event. This personal data was only accessible to the persons concerned and the registers were kept in a closed place before being deposited in the diocese’s historical archives for a period of 120 years. The Conseil d’Etat therefore considered that the mention of personal data in the ba
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Association diocésaine d'Angers in FR
This is the only recorded case for this entity in this jurisdiction.
Details
Ruling Date
2 February 2024
Authority
Commission Nationale de l'Informatique et des Libertés
GDPRhub ID
gdprhub-court-7592About this data
Cite as: Cookie Fines. Association diocésaine d'Angers - France (2024). Retrieved from cookiefines.eu
Last updated: