When Does a Dog’s Name Become Personal Data?
Blog By
Ms. Jane Ombiro, CIPP/E,
Data Protection Expert
South-End Tech Limited
Date: 8th April, 2024
Have you ever wondered when your furry friend’s name becomes personal data? Let us explore this topic together and find out when a dog’s name becomes personal data.
The UK General Data Protection Regulations (UK GDPR) defines personal data as any information relating to an identified or identifiable natural person. An identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The definition of personal data under the UK GDPR is deliberately broad to include all information that can directly or indirectly lead to the identification of an individual. The inclusivity of the definition can be seen in the decision rendered in Edward Williams VS The Information Commissioner (2022).
The facts of Williams Vs the Information Commissioner were that on 31st October 2020, the Avon & Somerset Constabulary (ASC) police officers shut down an illegal rave. During the tussle, Ms Andrew was attacked by a police dog and she sustained serious injuries.
On 26th November 2020, Mr Edward Williams wrote to the ASC under the UK Freedom of Information Act 2000, (FOIA) requesting for the name of the police dog that attacked Ms Andrew and the dog’s police records in addition to other information.
ASC declined the request citing the exemptions under section 30 (investigation and proceeding), section 40 (personal information) and lastly, section 38 (health and safety) of the UK FOIA, 2000. This Article is, however, limited to the interpretation of the exemption under section 40 of UK FOIA, 2000 about the request for information made for the dog’s name and the dog’s police records.
Aggrieved by ASC’s decision Mr. Williams appealed to the Information Commissioner. The commissioner rendered a decision on 8th February 2022 to the effect that ASC in declining Mr. Williams’ request, had correctly applied section 40(2) of FOIA, 2000 concerning the information on the name of the dog, the dog’s police records and the other information ASC deemed personal.
Aggrieved again by the Commissioner’s decision, Mr. Williams appealed to the first-tier tribunal who unanimously dismissed the appeal.
Section 40 of the UK FOIA, 2000 states that any information to which a request for information relates is exempt information if it constitutes personal data. The personal data could relate to the person making the request or a third party.
The tribunal in dismissing the appeal acknowledged that requesting the dog’s information was in no doubt a request for personal data of the dog’s handler. The tribunal further opined that the identification of the dog and the dog’s records would inevitably reveal the dog’s handler.
Since information relating to the dog could lead to the identification of the dog’s handler that information was personal information and as such it was subject to the exemption under Section 40(2) of the UK FOIA, 2000.
A dog’s name, therefore, becomes personal data if it can lead to the identification of the dog’s owner, handler or any other natural person.
In conclusion, from the reasoning of the first-tier tribunal we can deduce that information, no matter its nature, context or form is personal information provided that it can lead to the identification of a person either directly or indirectly.
Please do not hesitate to contact us for your Cybersecurity and Data Protection Solutions and Service needs on the telephone at +254115867309 +254721864169; +254740196519; or email:
jombiro@southendtech.co.ke; dataprotection@southendtech.co.ke or info@southendtech.co.ke