Critical summary of the ruling of the Supreme Administrative Court of 14 July 2022 (Ref. III OSK 2776/21) with special consideration of Canon 220

Abstract

The plaintiff complained against two Roman Catholic parishes about the processing of his personal data and demanded their deletion. The President of the Office for Personal Data Protection (DPA) refused to initiate proceedings, as the Catholic Church has its own data protection regulations and an independent supervisory authority in accordance with Article 91 GDPR. The Provincial Administrative Court in Warsaw and the Supreme Administrative Court upheld this decision. The courts emphasised the constitutionally guaranteed autonomy of the Church and the adaptation of its data protection regulations to the GDPR. Canon 220 protects the good reputation and privacy of the faithful. The independence of the church's data protection officer and the balance between data protection and religious autonomy were recognised. However, critics are calling for greater state control to better monitor the church's data protection regulations.