The Daily Telegraph

Prayers for the sick may breach GDPR, Church fears

- By Olivia Rudgard and Katie Morley

THE Church of England has told its parishes not to publish prayer requests for the sick without their permission following the introducti­on of new EU data laws.

The General Data Protection Regulation (GDPR), which came into force yesterday, has caused chaos as small firms, charities and religious organisati­ons struggle to interpret the rules.

The Church of England’s guidance tells parishes that consent should be obtained if “names and reasons for the prayer request are recorded and published on the church website or in a parish newsletter”.

But the Informatio­n Commission­er’s Office (ICO) said organisati­ons should not see the rules as a “barrier” and churches would be free to use informatio­n relating to someone who was part of a congregati­on.

Organisati­ons that break GDPR rules can be fined up to 4 per cent of their turnover by privacy watchdogs.

Schools have also reported concerns that they can no longer hold or pass on medical informatio­n about pupils.

Declan Kelly, the lead adviser for the Church of England on GDPR, said permission would be needed “if the informatio­n were to be published on a website, leaflet or social media”.

The diocese of London clarified its GDPR guidance on Thursday after some priests were left under the impression that they could not pray for people without their consent. “There is no obstacle, under the GDPR, to

spoken prayers in church,” a spokesman said.

“In sensitive situations in which somebody is highly likely to be unhappy about having their name and/or other informatio­n shared, we do warmly advise seeking their agreement, and refraining from sharing their informatio­n in print where consent can’t be obtained.”

In a situation where one individual wants to light a candle for another and leave a note with their details, the new guidance says, the church must “try to ensure that consent is obtained, particular­ly in our multi-cultural society where people may object to being prayed for”.

A spokesman for the ICO said: “If, as an organisati­on, you have an existing relationsh­ip with someone, for instance that person is part of your church congregati­on or volunteers for your sports team, you would not need their consent to use basic personal informatio­n. Consent is not the only basis for using and sharing people’s personal data.”

Andrew Charleswor­th, of the University of Bristol law school, said the Church was “erring on the side of caution”.

“We’re dealing with quite a complex piece of legislatio­n, it’s quite a sensitive area.

“If your mum or your nan is seriously ill, you may not take the publicatio­n of that very well,” he said.

Mr Charleswor­th said that consumers should not expect emails from organisati­ons to “stop immediatel­y” as they struggled to get to grips with the new rules. He added that schools should have no concerns about sharing medical informatio­n where necessary to keep children safe, but should keep parents informed about the data they held and why.

The Daily Telegraph was also contacted by Age Concern Forest of Dean, a small charity providing meals on wheels services to elderly and vulnerable people, which believed following a phone call with the ICO’S GDPR helpline that it needed to send a two-page letter to each client outlining the provisions of the Data Protection Act and asking permission to continue to hold their data.

As many of the charity’s clients have dementia or other disabiliti­es, this would have posed a major threat to its services.

Following interventi­on by this newspaper, the ICO telephoned the Age Concern branch to tell them that they did not need to gain people’s consent to continue providing them with meals on wheels.

‘If your mum or your nan is seriously ill, you may not take the publicatio­n of that very well’

Newspapers in English

Newspapers from United Kingdom