Recently, I advised a Castlebridge client, an animal welfare charity, that our furry, four-legged friends, as adorable and cute as they are, do not have data protection rights under the GDPR. That’s because the GDPR (and fundamental rights in the EU generally), only apply to natural persons — aka, living human beings.[1]

All was right and well in the world, and I thought, surely, it was understood that animals don’t generally have data protection or privacy rights. And then the New Jersey Supreme Court presented me with Bozzi v. City of Jersey City (A-12-20) (084392), a fascinating decision wherein the Supreme Court of New Jersey found that the very act of owning a dog overrode privacy interests that the dog owners, and that Fido may actually have more data protection rights than his human. At least when it comes to dog registrations. Let me explain.

Oprah Meme

YOU GET A DOG, AND YOU GET A DOG, EVERYBODY GETS A DOG!

New Jersey requires all dog owners to register and license their dogs annually in the owner’s local municipality. Registrants must include their name, phone, email address, physical address, dog’s name, age, gender, breed, microchip ID and other details. New Jersey also has a public records law, helpfully named OPRA, or the Open Public Records Act.[2] Dog registration records are considered public under OPRA. To the best of my knowledge, they are not shared with Oprah though, because that would be weird.

Ernest Bozzi runs an invisible fence installation service in New Jersey.[3] Under OPRA, he sought the name and addresses of all dog owners in a number of locations in New Jersey, including Jersey City. Jersey City regulations redact information relating to the breed of the dog, the purpose of the dog (if it’s a service animal or for law enforcement), and any phone numbers associated with the records, but not other identifying information such as the owner’s name and address.

Initially, Jersey City denied Bozzi’s request, on the grounds that sharing owner information violated the owners’ reasonable expectations of privacy, and would leave owners exposed to unsolicited commercial contact, as well as jeopardizing the security of both the dogs and their owners. Bozzi brought suit, and the trial court rejected the city’s arguments, noting that the city had not asserted a valid privacy interest that warranted prohibiting disclosure. “[S]omeone who simply registers their dog [does not have] a[n] objectively reasonable belief that it’s going to be kept private or confidential.” The Appellate Court affirmed, citing a similar case also brought by Plaintiff, Bozzi v. Borough of Roselle Park, 462 N.J. Super. 415, 227 A.3d 299 (App. Div. 2020).

DOG OWNERSHIP IS AN ‘INHERENTLY PUBLIC ENDEAVOR’

The Supreme Court, in a 5-2 decision, affirmed the lower court’s findings. Citing OPRA, “all government records shall be subject to public access unless exempt,” and “any limitations on the right of access . . . shall be construed in favor of the public’s right of access.”[4]

Despite numerous amicus briefs asserting that dog owners had a ‘reasonable expectation of privacy’ under the US common and federal law, the NJ Supreme Court noted that disclosure of name and address information did not impinge on the owner’s privacy interests. Dog ownership is “inherently, a public endeavor,”  the court concluded, and dogs and their humans are exposed in the public during “daily walks, grooming sessions, and veterinary visits.” Moreover, despite multiple opportunities, the legislature did not expressly exempt dog owners’ ‘names and addresses’ from disclosure (as they had done for gun ownership). For the court, this implied there is no affirmative privacy right overriding the disclosure of licensing information under OPRA.[5] In short, nothing about dog ownership signalled that dog ownership “is a private undertaking.”[6]

Hilariously, the court did agree that one group’s privacy (or rather, security) concerns overrode disclosure of at least some aspects of the registration records — information related to the dog, including the dog’s name, breed, and purpose. Here, the court found that safety concerns around dog theft, and amusingly, the use of dogs’ names as passwords or answers to security questions, justified non-disclosure.

FUNDAMENTAL RIGHTS MATTER

While I always enjoy the opportunity to rib my fellow Americans about matters of law (just read my Twitter feed), I am troubled by the court’s reasoning in this case, notably around the idea that dog ownership is “inherently, a public endeavor.” Almost all of us exist, at least in part, publicly. We go out in the world, COVID notwithstanding, and walk, and eat, and play. Some of us get groomed on occasion and visit a doctor. What stops the NJ Supreme Court from opening up other forms of personal information, along the same rationale?

Fortunately, the EU, through robust data protection laws like the GDPR end ePrivacy Directive, and the EU Charter of Fundamental Rights, ensure that EU data subjects are less likely to face annoying unsolicited spam from opportunistic invisible dog fence sellers. Articles 7 and 8 of the EU Charter of Fundamental Rights reminds us that “Everyone has the right to respect for his or her private and family life, home and communications” and “protection of personal data concerning him or her.”[7]

These rights don’t cease merely because we exist in the world. Rather, limits on those rights need to be necessary to the interests of a democratic society, and  balanced against rights and interests of data subjects.

Unfortunately, I now have to counsel my client that dogs do have some rights, at least if they’re in New Jersey. Thankfully though, as the proud human servant of cats, I don’t have an obligation to register my furry critters, in Ireland or New Jersey.

Chalk another point up for cats in the cats v. dogs battle of the ages.

Cats and Dogs

[1] There are some jurisdictions that give rights to the dead, but that’s a subject for another blog post.

 

[2] N.J.S.A. 47:1A-1-13.

 

[3] For those unfamiliar, invisible fences work by creating a radio frequency signal boundary around a piece of land. Using RF, and a special collar that emits a high-pitched audible warning, and then a “gentle static correction’ (aka, an electric shock), the dog eventually learns the boundary of the invisible fence and stays within its designated spot.

 

[4] N.J.S.A. 47:1A-1.

 

[5] Bozzi at 12. See also: Brennan v. Bergen County Prosecutor’s Office, 233 N.J. 330 (2018).

 

[6] Bozzi at 15.

 

[7] EU CFR, Articles 7 and 8 at: https://fra.europa.eu/en/eu-charter/article/7-respect-private-and-family-life and https://fra.europa.eu/en/eu-charter/article/8-protection-personal-data.

Carey Lening

Carey Lening

Carey Lening, CIPP-E, CIPP-US works with Castlebridge as an outside information security and risk consultant. She has over 20 years of progressive experience assessing risks and enabling top-tier data security and data protection for industry leaders like Facebook, Palantir and numerous Fortune 500 companies. Her cross-functional and cross-domain knowledge makes her equally comfortable discussing the legal nuances of data protection with lawyers, hashing out technical and operational security controls with engineers and information security professionals, doing a risk audit, and providing a high-level overview to the C-Suite.