This blog is authored by Aryaman, a 5th year law student at Rajiv Gandhi National University of Law, Punjab.
In the world where everything over exposed, privacy is coming up as a big concern. The world is being run by clouds of data and these clouds burst at times that known as data breach. To prevent these clouds from bursting and causing friction among themselves, different countries are introducing data protection laws. Personal data is a piece of information that may be used directly or indirectly to identify a person[1]. The identity of the person can established by one or more factors which are unique and specific to the individual.
These identifiers have a non-exhaustive list, for instance, Roscoe, is the widely celebrated pet dog of their widely identifiable F1 driver Lewis Hamilton and Chetak, the brave horse of Indian King Maharana Pratap. These are just two examples of how popular pets can get. In general practice also, a pet links itself to their owner, people often refer to them as “someone’s pet”. Therefore, the pet is directed towards disclosing someone’s identity. At this point, the question arises, Does the name of a pet have the scope of becoming an identifier in the aspect of the personal data of the owner?
The Data Protection Bill, 2022 put forth by the Government of India defines personal data as any data that makes a person identifiable.[2] As per this definition the name of a pet would come under the bracket of personal data vide the reasons stated above.
SECURITY CONCERNS
In a recent case of the United Kingdom, the authorities held that the definition of personal data may include the name of a pet dog. In the stated case, a police dog inflicted serious injury to a person. A request was submitted to the Constabulary asking for information such as name of the dog, handler’s name, police records of the dog, training records, etc.[3] The ASC sought exemption from disclosing the dog’s name on the ground that the information would constitute personal data under UK GDPR. The ICO held that the name of the dog would constitute personal data as it may result in the identification of the dog handler thus, the disclosure of the name was exempted.
Posting of pictures with pet in it, can also vulnerably expose the identity of owner. Furthermore, geotagging of the picture can lead to a person’s location as sniffing of GPF is not a tough task to do. The tags that are wore by the pets can also lead to identification of owners of the pet and thus exposing them to certain risks.[4]
In another study, it was found that social media posts seeking pet’s name that seem harmless expose a person to serious security risks. There have been instances where the posts say, “do you miss your pet?”, “what is their name?” or “do you miss your once the closest pet?”, then ask the user to enter the name in the comment box. People fall into this trap of security breach by disclosing their pet’s name.
The name of the pet could be termed as an identifier in a similar way as the contact number, email address, IP address and so on. These identifiers do not directly identify a person but with some corroboration, the information could lead to identifying the owner of the data in question. The reason that some information does not directly lead to the identification of a person does not make the data non-personal. Different pieces of information may add up and lead to an individual thus, breaching the privacy and identity protection. Disclosing of name of pet on Social Media platforms may result in breach of privacy in a way that many people use the names of their pets as passwords or security questions, the information about the name of the pet can easily be used to theoretically impersonate someone and thus result in harm to the owners.
CONCLUSION
The owners of the pets shall remain diligent before disclosing any data pertaining to their pets because in the present-day world, knowledge and information is the real power, data is the biggest asset. The social media platforms and other tech giants are monitoring every movement of individuals, there is an eye over everyone and the pets are not untouched by it. Roscoe is known by all the formula 1 fans because it is the pet dog of racing driver Lewis Hamilton, Oscar is the pet dog of Justin Bieber, the list will go on until people become mindful. The European Union’s General Data Protection Regulation (EU GDPR) defines personal data as any information that is relatable to an identified or identifiable natural person whether directly or indirectly the GDPR of United Kingdom also has similar definition of personal data. Additionally, it shall be noted that the definition of personal data everywhere includes a term ‘any information’ and as per the instances cited above and the reasons given, the name of a pet must come under personal data and be protected with great intensity.
[1] UK GDPR, Section 3 [2] 2(13), Data Protection Bill, 2022 [3] https://www.lexology.com/library/detail.aspx?g=d47403ad-b291-47e3-ba0b-f7bb846a2958 [4] https://www.forbes.com/sites/leemathews/2019/08/19/posting-pet-photos-online-could-be-more-dangerous-than-you-think/?sh=3be77dee4db4