Law and religion round-up – 27th May

The week in which the GDPR became operative and our inboxes were inundated with e-mails from people we’d never heard of, begging to keep in touch…

The GDPR and the blog

On 25 May we scrapped our existing subscriber list and started afresh. Also on 25 May, we had an all-time record number of page-views and already a significant number of readers has resubscribed.

We fully realise how irritating all this has been for our subscribers (it’s also been a total pain for us) and we must express our grateful thanks for everyone’s forbearance. If nothing else, however, the advent of the GDPR has made us realise that we ought to have a formal Privacy Statement: you can read it here. Those wishing to resubscribe or subscribe for the first time should visit our Home Page, scroll down, enter their e-mail address and hit the ‘Subscribe’ button on the right-hand sidebar.

Ireland and the Eighth Amendment

In the referendum on Friday, Ireland voted by two to one to repeal the bar on abortion in the Eighth Amendment to the Constitution. The wording of the referendum question envisaged allowing abortions without any restriction up to the end of the twelfth week of pregnancy. Given that repeal had the support of both the Taoiseach, Leo Varadkar, and the Tánaiste, Simon Coveney, their intention is presumably to introduce the necessary legislation to amend the Constitution asap. 

The UK Government and blasphemy laws

Ekklesia reports that Lord Ahmad of Wimbledon, Foreign Office Minister of State for Human Rights, has said that ending blasphemy laws around the world is a priority for Government. Speaking at a joint meeting of the All-Party Parliamentary Group for International Freedom of Religion or Belief and the All-Party Parliamentary Human Rights Group, he explained that the UK was working on the issue internationally alongside others, including through the UN and the Commonwealth.

Safeguarding training – an optional extra?

The Church of England website has posted the following piece by the Bishop of Horsham, Mark Sowerby, who is Deputy Lead Bishop for Safeguarding and Chair of the Training & Development Working Group – presumably in response to the rubbishing article in the Daily Mail. Bishop Mark’s piece is worth quoting in full:

“Throughout the year churches across the country open their doors to people of all ages, for services, weekday clubs and vital community projects. IICSA and survivor voices have rightly put our safeguarding practices under the spotlight. We welcome many and we must welcome them safely. Like all organisations who work with children and young people safeguarding training is mandatory for those in certain roles. It is not an opt-in.

Yet while the Church is under a great deal of scrutiny for not having had more rigorous training requirements in place, at the same time we are criticised for seeking to raise training standards.

As a Church we believe in the intrinsic value of training to facilitate culture change to promote the safety and welfare of everyone who access our churches.

The care and protection of children, young people and adults is an important part of our Christian ministry and therefore training is vital to ensure Church Officers understand their responsibilities. Everyone who participates in the life of the Church has a role to play in promoting a safer church and this is underpinned by robust good quality training.

My own personal experience of safeguarding training (all clergy including bishops are expected to keep up to date) has been more than positive. I attended a refresher at the end of last year and those who turned up reluctantly – some admitted they had – all shared that they went away both better equipped and with a deeper understanding of the issues.

Training is not only about understanding practice guidance and procedures, it is about deepening our understanding and respect for children, young people, and vulnerable adults. We have learnt from other reviews and inquiries (the Australia Royal Commission for example) that when preventative measures are in place (ie people understand how to recognise concerns and where to report them) these were extremely effective at decreasing the prevalence of abuse.”

In which connexion…

A report published by the Diocese of Truro on Friday concluded that the Diocese had mishandled allegations of child sexual abuse against Jeremy Dowling, a former member of General Synod and Diocesan Communications Officer, who was jailed in October 2015 for indecently assaulting boys while a teacher at a school in Cornwall in the 1960s and 70s. A summary and a link to the report itself are available on the diocesan website. There is also a long article about it in The Guardian.

GDPR – another optional extra?

The Church Times published “GDPR: Let us not allow privacy to become an idol” by Adrian Beney, in which the sub-headline suggests “Churches must comply with new EU data regulations — but not at the expense of its mission“. Whilst the piece raises a number of good points, there appear to be a number of mixed messages which, from the introduction, might give readers the impression that there is a degree of optionality with regard to conformity to GDPR. Beney comments:

“These messages are all part of an increasingly anxious response to a significant step in the development of privacy law. The Church of England has not been immune from anxiety: advice has been promulgated nationally and at diocesan level which ranges from the sensible and pragmatic, through the cautious, to the downright wrong.”

We certainly share that anxiety; however, approaching the GDPR from a legal perspective we concluded that the Church of England’s guidance, reviewed in our posts Parishes and the “GDPR” and GDPR and the Church Electoral Roll, provided a sound starting point for a PCC. But perhaps we’re just being ultra-cautious.

Interestingly, The Herald reports that the Church of Scotland and the Roman Catholic Church appear to have taken different views about the reach of the GDPR. The Archdioceses of Glasgow and of St Andrews and Edinburgh have decided that publishing the names of sick people who need congregational prayers in parish bulletins without prior consent is not realistic: a spokesman is quoted as saying that

“The advice we have been given at the moment is that a person’s name should only appear in a parish sick list when they have given prior written permission. Obviously, in the case where someone has been taken ill suddenly and without warning, such prior written permission is not a realistic option.”

A spokesman for the Kirk, however, told The Herald:

“Guidance for congregations is that including the name of a member of the Church of Scotland, or member of the congregation, or regular attender of worship with the congregation, in an order of service so that person may be prayed for is a legitimate use of that person’s information and is in keeping with the provisions of the GDPR. It is however important to note that if any detailed health information was to be shared – including the nature of the illness – then consent would be required.”

Which just goes to show how confused it all is.

[In the Comments below, Adrian Beney’ has provided further information regarding his Church Times article.]

Legal recognition for humanist weddings

The All-Party Parliamentary Humanist Group has published a report calling for legal recognition to be extended to humanist marriages in England and Wales. The report follows an inquiry that the Group conducted over the last three months into the barriers to recognition. Perhaps the critical issue is that, in England and Wales, weddings may normally only take place on approved premises – and humanists do not have premises. They argue that they would need to be able to marry people anywhere, as is the case with Quakers (though, as a matter of policy, Quaker weddings take place in Friends’ meeting houses), Jewish groups and the Church of England.

Which is all as one might have predicted. But the report points up what we would regard as basic inequities in the current law – which is still largely based on the Marriage Act 1949, itself merely a consolidation of the law at the time. It will be interesting to see the outcome of the appeal against the ruling in Smyth, Re Judicial Review [2017] NIQB 55. The appellants, Ms Smyth and her fiancé, wanted “an explicitly humanist marriage ceremony – not a civil ceremony with attenuated humanist ‘bits’” – which, as we noted, is what they got, but only because the Northern Ireland Court of Appeal was prepared to authorise a humanist wedding as an exception to the current law.

Rwandan bishop wins asylum appeal

Asylum cases are rarely of interest to us; but the oddity of Secretary of State for the Home Department v Ruhumuliza [2018] EWCA Civ 1178 is the identity of the asylum-seeker: Jonathan Ruhumuliza, a Missionary Bishop and Representative of the Archbishop of West Africa in Cameroon. He came to the UK in January 2004 on a student visa to study in Birmingham and was subsequently granted leave to remain as a minister of religion in the C of E until 31 January 2007. When his visa expired and was not renewed he applied for asylum; but in 2011 his application was refused because it was believed that he had been complicit in the Rwandan genocide – and he therefore lost the protection of the Refugee Convention by virtue of article 1F (a) because there were “serious reasons for considering that: (a) he [had] committed a crime against peace, a war crime, or a crime against humanity”. He dropped the asylum claim but appealed successfully to the First-tier Tribunal on the grounds that he was entitled to indefinite leave to remain under paragraph 276B of the Immigration Rules because he had been lawfully resident in the UK for ten years. The Secretary of State’s appeal to the Upper Tribunal was dismissed.

In the Court of Appeal, the Secretary of State’s further appeal was also dismissed, Singh LJ dissenting. Underhill LJ, with whom Irwin LJ agreed, said that he had not found the case altogether easy because “any degree of complicity in the horrors of the Rwandan genocide, such as must be assumed against the Respondent, obviously raises a serious question about whether he is suitable to be granted leave to settle in this country” [43]. However, that had been a question for the FTT to answer; and it had concluded that Bishop Ruhumuliza’s record since the genocide – in which he had not been an active participant – was such that he should not now be regarded as unsuitable to remain.

“Alexa, can Anglican priests refuse to take a christening?”

This week, the Church of England launched an Alexa skill, “enabling users to ask the Church of England for prayers, explanations of the Christian faith and where to find their nearest church for local events and services based on their location”. Prompting an Alexa device with “Alexa, open the Church of England” enables a range options including: Daily prayer resources; links to A Church Near You for finding the nearest services and events; and answers to questions “to increase users’ knowledge of the Christian faith” such as: what is the Bible? Who is God? What is a Christian? Many of these answers draw on material from the Pilgrim discipleship course and The Pilgrim Way: A Short Guide to the Christian Faith, which also feature in the Our Faith section of the CofE website.

However, for those wishing to know whether “Anglican priests can refuse to take a christening”, the (short) answer is to be found in yesterday’s post Readers’ recent queries and comments – late May, our latest compilation of “Quick Answers” to questions which have arisen from searches of, or comments on L&RUK. Starting in August last year, these posts have, to date, provided answers to over 250 questions. In view of the ad hoc manner in which these questions arise, they have not yet been formally catalogued. Perhaps there is scope within the CofE Alexa skill for some general FAQ of this nature.

Quick links

  • Church of England: Report from May House of Bishops: The House of Bishops met in York at Bishopthorpe Palace on 21 and 22 May: the agenda covered safeguarding, the Lambeth Conference in 2020, the future of ministry, and engaging children and young people more completely in the life of the Church.
  • Church of England: General Synod Agenda for July.
  • European Union Agency for Fundamental Rights and Council of Europe: Handbook on European data protection law, 2018 edition, just published: intended to familiarise non-specialist legal practitioners with data protection law, it provides an overview of the EU’s and the CoE’s applicable legal frameworks and summarises the key case law of the CJEU and ECtHR.
  • Michaela Hailbronner, VerfassungsblogCaviar, Corruption and Compliance – New Challenges for the Council of Europe: in December 2017, for the first time, the Committee of Ministers referred back to the Court for non-compliance a case on political imprisonment in Azerbaijan, in violation of several Convention rights.
  • UCL Constitution Unit: Planning the next Accession and Coronation: Bob Morris (who will be well-known to readers of this blog) and Robert Hazell consider how to update the ceremonies – the Accession Council and the Coronation – that usher in a new reign.

And finally…

The posts of David Hart QC on the UK Human Rights Blog of 1COR are always worth reading, particularly when endorsed, “this post will be entirely GDPR-free” and “enjoy”. We are sure that on this Bank Holiday weekend our readers will appreciate A “festival of mendacity”; telling the truth no more than a “lifestyle choice”. As a taster, the article comments:

“judges go about saying people are lying in different ways, from the tip-toeing around the idea of deceit to the full-blooded blast. This judgment, [Rashid v Munir et al, Turner J, High Court, Leeds, 22 May 2018] and that from which it is an appeal, are towards the latter end of the spectrum. I welcome this frankness; if you, a judge, think that someone is telling you a tissue of lies, then you should say so…”

6 thoughts on “Law and religion round-up – 27th May

  1. As the author of the Church Times article on GDPR, I was not of course responsible for the subtitle (or the cartoon which appeared above it.)

    I would like to make it clear that my intention was not to suggest that compliance with GDPR is optional. It is the law and compliance is required. But the manner of that compliance was the thrust of my article. Rights-based regulation is a relatively unfamiliar concept to most people and so they look for rules. But the whole concept of “Privacy by Design” allows a data controller to contextualise that compliance. What would be lawful in one situation could be unlawful in another.

    It is the lack of understanding of the need for context which, in my view, risks allowing the search for certainty about compliance to override all else.

    Here’s a simple example. People have been asking the ICO how long consent, where it is needed, can last. It all depends on context. If my child is doing a week long Outward Bound camp, then the medical consent in relation to that should probably last a week. But if he were to be doing adventure training once a week for a whole school year, it would be much more sensible to get consent for the whole year than to get it renewed each week. That’s one example of privacy by design.

    In addition, there has been a wholesale lack of understanding that consent is just one of six grounds for lawful processing, or that it is somehow morally superior to any of the other six grounds, and in particular, legitimate interests. One diocese which processes Gift Aid for its parishes has decided it needs to seek consent to process their data and has told donors that if they don’t give consent then their Gift Aid can not be reclaimed. The likelihood is that the parishes are processing Gift Aid as part of a legal obligation (under the relevant Finance provisions for Gift Aid) and that the diocese is acting as Data Processor. Consent is not only not needed, but irrelevant. I asked them about this and they said it had been a good chance to clean up their data. That may well be true but to dress this up as a requirement for consent is misleading.

    • Thanks for your Comment and further information on your article in the Church Times. I have added a note to our round-up which alerts readers, as not all will follow up their reading of the post with a perusal of the Comments. We appreciate that in many cases, the author of a piece is not responsible for the headlines/sub-headlines, and agree that there is a great deal of confusion regarding the application of the GDPR. You will gather that Frank and I have taken a strict interpretation of the Regulation by deleting the details of all our subscribers on 24 May, and requiring them to resubscribe on 25 May, subject to our Privacy Policy.
      Clearly this is an easier decision to take where no commercial interests are involved; however, we were pleased to note that whilst we do not yet have as many subscribers as before, the number of page-reads does not appear to have decreased.

        • I agree entirely that ‘there has been a wholesale lack of understanding that consent is just one of six grounds for lawful processing, or that it is somehow morally superior to any of the other six grounds, and in particular, legitimate interests’.

          I think that the difficulty is knowing precisely when as a data controller one does, in fact, have a ‘legitimate interest’. That was why we decided to scrap our e-mail subscriber list and start again from scratch, on the basis that we could then make it clear that signing up to e-mail notifcation would be taken as consent to our holding subscribers’ e-mail addresses on our system.

          In my view – for what it’s worth – many of the problems relating to the implementation of the GDPR and the Data Protection Act 2018 have arisen from the fact that official guidance has been slow to appear and/or lacking in clarity.

          • The Data Protection Network ( produced some very helpful work on Legitimate Interests back in the summer of 2017. It wasn’t “official” guidance although it was “welcomed” by ICO and the Irish DPC. I have some sympathy with ICO about the lateness of their own guidance since they were waiting for the Article 29 Working Party to produce theirs. And I think it’s outrageous that what is now the European Data Protection Board was still producing what amounts to primary guidance just weeks before implementation of a monumentally complex piece of legislation.

            However, as far as LI is concerned, I am buoyed up this statement from ICO: “If you choose to rely on legitimate interests, you take on extra responsibility for ensuring people’s rights and interests are fully considered and protected. ” In other words, if you want an easy life (in the manner you’ve done with this list) then use consent. If you want to take on that extra responsibility, use LI.

            I find this a very helpful counter to the line that is peddled which says “If you’re honourable, use consent; if you’re a cowboy organisation, use LI.”

            I think it’s also necessary to look at harm. In the case of this list – while I completely understand why you did what you did – I think a Legitimate Interests balancing exercise would have been pretty easy to pass given that, presumably, anyone on the list had signed up. If you had added people to the list yourself without their knowledge, and especially if could not differentiate those from others who had signed up themselves, then it would have been much harder.

            But then there would be PECR and the vexed question of what is and it not Direct Marketing. The 1998 Data Protection Act had a (surviving) definition of what is Direct Marketing, but it’s so broad and entirely self-referential since it doesn’t define marketing, that we are left with the ICO’s very broad (and arguably unsupportable) assertion that anything directly addressed which is sent to promote an organisation is direct marketing.

            I am not convinced that receipt of the Law and Religion blog constitutes direct marketing. it looks more like a journal to which someone subscribes to me. But I understand why you would not want that tested!

          • It’s different for institutions but, as a blogger, I’m all for an easy life. If something went horribly wrong and we were fined for non-compliance, we don’t have an institution standing behind us to pick up the tab and we might be bankrupted.

Leave a Reply

Your email address will not be published. Required fields are marked *