For readers of this site who live particularly in Europe, and especially in the UK, the not-so-catchy acronym that is causing a bit of a stir is GDPR.
What is GDPR?
GDPR stands for General Data Protection Regulations. These regulations will come into force on May 25, 2018, and will affect how legal entities, such as corporations managed by the Organization of Jehovah’s Witnesses, keep records on citizens. Do these new regulations have the potential to financially impact JW headquarters in the USA? Consider that the law will expose corporations operating within the EU to heavy fines for non-compliance (up to 10% of revenue or 10 million euros).
There is much data available about GDPR from Governments and on the internet including Wikipedia.
What are the main requirements?
In plain English, the GDPR requires the data collector to specify:
- What data is requested;
- Why the data is needed;
- How it will be used;
- Why the business wants to use the data for the reasons indicated.
The data collector is also required to:
- Obtain consent to gather and use a person’s data;
- Obtain parental consent for children’s data (under the age of 16);
- Give people the ability to change their mind and request their data be deleted;
- Provide the individual a real choice as to whether he/she wishes to hand over data or not;
- Provide a simple, clear way for the individual to actively and freely consent to their data being used.
In order to comply with the new rules around consent, there are a number of things required from the data collector, such as the Organization of Jehovah’s Witnesses. These include:
- Ensuring that all marketing materials, consumer contact forms, emails, online forms, and requests for data, give users and potential users the option to share or withhold data.
- Providing reasons why the data may be used and/or stored.
- Proving the benefits of sharing data, while clearly giving the consumers the ability to actively consent to so doing, perhaps with a check box or by clicking a link.
- Providing the means on how to request one’s information or data be deleted from all corporate and partner databases.
What has been the response of the Organization?
The Organization has created a form which they want every baptized witness to sign by the 18th May 2018. It has the designation s-290-E 3/18. E refers to English and March 2018 version. There is also a letter to the Elders giving instructions on how to handle those who show reluctance to sign. See below for extract. The full letter can be seen on the FaithLeaks.org website as of 13 April 2018.
How does the “Notice and Consent for use of Personal Data” form and the Online policy documents on JW.Org match up to the requirements of the GDPR legislation?
What data is requested?
No data is requested on the form, it is purely for consent. We are pointed to an online document on jw.org for the Use of Personal Data—United Kingdom. It states in part:
The Data Protection Law in this country is:
General Data Protection Regulation (EU) 2016/679.
Under this Data Protection Law, publishers consent to the use of their personal data by Jehovah’s Witnesses for religious purposes, including the following:
• participating in any meeting of a local congregation of Jehovah’s Witnesses and in any volunteer activity or project;
• choosing to participate in a meeting, an assembly, or a convention that is recorded and broadcast for the spiritual instruction of Jehovah’s Witnesses worldwide;
• attending to any assignments or fulfilling any other role in a congregation, which includes the publisher’s name and the assignment being posted on the information board at a Kingdom Hall of Jehovah’s Witnesses;
• maintaining the Congregation’s Publisher Record cards;
• shepherding and care by elders of Jehovah’s Witnesses (Acts 20:28;James 5:14, 15);
• recording emergency contact information to be used in the event of an emergency.
While some of these activities require data to be stored—emergency contact information, for instance—it is hard to see the requirement applying to shepherding and care by the elders. Are they suggesting that unless they can keep the publisher’s address on record and share it with the worldwide community of JW organizations, it will not be possible to provide shepherding and care? And why would participating in a meeting, by giving a comment, for example, require data sharing? The need to post names on the announcement board so that assignments like handling the microphones or giving parts on the meetings can be scheduled would require some data to be exposed to the public, but we’re only talking about the person’s name, which isn’t exactly private information. Why do such assignments require a person to sign away his right to privacy on the world stage?
To Sign or Not to Sign, that is the question?
That is a personal decision, but here are some additional points to bear in mind that might help you.
Consequences of not signing:
The document continues, “If a publisher chooses not to sign the Notice and Consent for Use of Personal Data form, Jehovah’s Witnesses may not be able to evaluate the publisher’s suitability to fulfill certain roles within the congregation or to participate in certain religious activities.”
This statement actually breaks the regulations as it is not specific as to what the publisher may no longer be able to participate in. Therefore, ‘giving or withholding consent is not possible on an informed basis’. This statement should at the very least state all the roles and activities that would be affected. So be aware that any existing roles might be removed because of non-compliance.
From the letter to elders named ‘Instructions for use of Personal Data S-291-E’ of March 2018
Notice that even if one refuses to consent to the sharing of personal data, the congregation elders are still directed to keep his personal data in the form of the Publisher Record Card, shown here:
So even if you withhold consent, they still feel they can violate your data privacy by recording your name, address, telephone, date of birth, date of immersion, as well as your monthly preaching activity. It would seem that the organization is not about to lose control, even in the face of international regulations by the superior authorities that Jehovah requires us to obey in such instances. (Romans 13:1-7)
Consequences of signing:
The letter further states, “Personal data may be sent, when necessary and appropriate, to any cooperating Organization of Jehovah’s Witnesses.” These “may be located in countries whose laws provided different levels of data protection, which are not always equivalent to the level of data protection in the country from which they are sent.” We are assured that the data will be used “only in accordance with the Global Data Protection Policy of Jehovah’s Witnesses.” What this statement does not make clear is that when moving the data between countries, the stricter requirements of data protection will always take precedence, which is a requirement of GDPR. For example, under GDPR, data could not be transferred to a country with weaker data protection policies and then be used according to the weaker data protection policies as this would be attempting to circumvent the requirement of GDPR. Despite the “Global Data Protection Policy” of the Organization of Jehovah’s Witnesses, unless the United States has data protection laws equal to or more restrictive than those of the EU, the UK and European branch offices cannot, by law, share their information with Warwick. Will the Watchtower corporations comply?
“the religious Organization has an interest in permanently maintaining data regarding an individual’s status as one of Jehovah’s Witnesses” This means that they want to keep track of whether you are ‘active’, ‘inactive’, ‘disassociated’, or ‘disfellowshipped’.
This is the form that is being provided to all EU and UK publishers:
The Official Policy document continues: “Upon becoming a publisher, a person acknowledges that the worldwide religious Organization of Jehovah’s witnesses…lawfully uses personal data in accordance with its legitimate religious interests.” What the Organization may view as “legitimate religious interests” may be quite different to your view and is not spelled out here. Additionally, the consent form allows them to share your data in any country they wish, even countries without data protection laws.
Once you sign consent there is no simple online form to remove consent. You would have to do it in writing via the local body of elders. This would be intimidating for most Witnesses. Will most Witnesses feel strong psychological pressure to sign, to conform? Will those who care not to sign or who later change their minds and request their data not be shared do so free from any form of peer pressure?
Consider these legal requirements under the new regulations and judge for yourself whether they are being met by the Organization:
- Requirement: “A data subject’s consent to processing of their personal data must be as easy to withdraw as to give consent. Consent must be “explicit” for sensitive data. The data controller is required to be able to demonstrate that consent was given.”
- Requirement: “’That consent is not freely given if the data subject had no genuine and free choice or is unable to withdraw or refuse consent without detriment.”
What if you hear that pressure from the platform is being exercised by the user of such phrases as, “If you don’t sign you are not obeying Caesar’s law”, or “We will want to comply with the direction from Jehovah’s Organization”?
Other Potential Consequences
Only time will tell what other consequences these new regulations will have on the Organization of Jehovah’s Witnesses. Will disfellowshipped persons request that their data be removed from congregation archives? What is someone does that but at the same time asked to be reinstated? Would it not be a form of intimidation, of pressuring someone into releasing the confidential data, to require a person sign the consent form before their reinstatement case can be heard?
We shall have to see what the ramifications of these new laws are over the long term.