New Jersey’s ongoing battle over digital privacy, public safety, and data accountability has now reached one of the most consequential legal crossroads in the state’s modern legislative history. The Supreme Court of New Jersey recently heard oral arguments in the closely watched case of Atlas Data Privacy Corp. v. We Inform, LLC, et al., a dispute that could fundamentally reshape how Daniel’s Law is interpreted, enforced, and applied against businesses that publish or distribute personal information belonging to judges, prosecutors, law enforcement officers, and their families. What initially began as a legal mechanism designed to protect vulnerable public officials from harassment and targeted violence has rapidly evolved into a landmark constitutional and statutory interpretation fight with implications extending far beyond New Jersey itself.
At the center of the case is one deceptively simple but enormously significant legal question: does Daniel’s Law require proof that a company acted intentionally, recklessly, or negligently before it can be held liable for publishing protected personal information, or does the statute create strict liability regardless of mental state? The answer could determine not only the future of dozens of pending lawsuits but also how aggressively New Jersey can regulate the rapidly expanding data brokerage industry that profits from collecting, organizing, selling, and distributing personal information online.
The legal dispute arrives at a moment when concerns surrounding digital privacy, online tracking, searchable databases, and personal security have become central issues in American public life. New Jersey lawmakers originally enacted Daniel’s Law following the tragic 2020 attack on the family of federal Judge Esther Salas, whose son Daniel Anderl was murdered after a disgruntled attorney located the judge’s home address online. The legislation was designed to prevent similar incidents by restricting the public disclosure of home addresses and telephone numbers belonging to active and retired members of law enforcement and the judiciary, along with their immediate family members.
The law represented one of the strongest privacy protection measures adopted anywhere in the country at the time of its passage. Under Daniel’s Law, covered individuals can formally request removal of their personal information from websites, databases, search tools, marketing systems, and other publicly accessible records. Businesses receiving such notices are required to comply within ten days or potentially face litigation and mandatory statutory damages. Importantly, the law broadly defines prohibited disclosure activities to include not only direct publication but virtually any action that makes protected information viewable, searchable, transferable, or accessible within a database environment.
That broad statutory language is precisely what now sits before the New Jersey Supreme Court.
The case itself involves Atlas Data Privacy Corp., a company operating within the increasingly controversial world of digital privacy enforcement. Atlas provides subscription-based services to individuals protected under Daniel’s Law by identifying businesses that continue publishing their personal data online. The company then sends removal demands to those businesses and, in many cases, receives assignment rights allowing Atlas to pursue legal claims on behalf of subscribers. According to allegations discussed during litigation, approximately 19,000 individuals have subscribed to Atlas services, underscoring both the scale of the issue and the growing demand for professional privacy enforcement assistance in the digital era.
Atlas and multiple individual plaintiffs filed suit against several companies accused of failing to remove protected information after receiving Daniel’s Law notices. The defendants, many associated with data aggregation and information brokerage industries, responded aggressively by challenging the statute itself on constitutional grounds. Their argument is not merely procedural. It strikes at the heart of the balance between public information access and privacy protections in the modern internet economy.
The data brokers argue that Daniel’s Law improperly regulates speech and potentially violates First Amendment protections because it restricts publication of otherwise lawful information based on content. They further contend that the law creates severe constitutional problems because it does not clearly specify what mental state must exist before liability attaches. According to the defense position, imposing damages without requiring proof of negligence, recklessness, or intentional wrongdoing creates an impermissibly broad legal framework capable of chilling lawful speech and information sharing.
The federal District Court rejected those constitutional arguments and denied motions to dismiss the lawsuits. However, the United States Court of Appeals for the Third Circuit stopped short of fully resolving the appeal. Instead, recognizing the enormous importance of interpreting New Jersey law correctly, the Third Circuit certified questions directly to the New Jersey Supreme Court seeking clarification regarding Daniel’s Law’s required mental state standard.
That procedural move effectively elevated the case into one of the most important privacy-related legal proceedings currently unfolding in the state.
During oral arguments before the New Jersey Supreme Court, attorneys representing data brokerage companies argued that Daniel’s Law effectively imposes strict liability because the Legislature intentionally removed prior language referencing a reasonable person standard during revisions to the statute. According to defense counsel, lawmakers made a conscious choice to eliminate language tying liability to whether someone reasonably believed disclosure could cause harm, thereby leaving no explicit mental state requirement in the final statutory framework.
The defense position emphasized that courts should not insert negligence standards into statutes when lawmakers deliberately removed such language during legislative drafting. Attorneys representing data firms argued that if the Legislature intended to require negligence or recklessness, it could have explicitly said so. Instead, they maintain, the final law contains no mens rea requirement whatsoever, meaning liability exists purely based on the prohibited disclosure itself.
The phrase “mens rea,” central to the legal dispute, refers to the mental state accompanying conduct. In civil and criminal law alike, courts frequently examine whether defendants acted intentionally, knowingly, recklessly, negligently, or without fault altogether. Strict liability statutes eliminate the need to prove mental state entirely, holding parties liable simply because prohibited conduct occurred.
The distinction is enormous in practice.
If Daniel’s Law is interpreted as a strict liability statute, businesses could potentially face substantial exposure regardless of whether disclosures occurred accidentally, automatically, through outdated databases, or despite attempted compliance efforts. If negligence becomes the standard, plaintiffs would likely need to demonstrate that companies failed to act reasonably after receiving notice. A recklessness or intent standard would create an even higher burden for plaintiffs seeking damages.
Attorneys representing Atlas Data Privacy and the Office of the New Jersey Attorney General urged the Court to adopt a negligence framework instead of strict liability. Their position argues that negligence standards are traditionally presumed within civil tort statutes unless lawmakers explicitly establish otherwise. They maintain that Daniel’s Law should not be interpreted as requiring proof of intentional misconduct because doing so would dramatically weaken the law’s ability to protect vulnerable public officials facing real-world safety threats.
The plaintiffs’ position also reflects growing concern over how rapidly the personal data marketplace has expanded in recent years. Data brokers now aggregate enormous volumes of information sourced from property records, marketing databases, social media activity, consumer transactions, public filings, commercial analytics platforms, and countless digital tracking systems. Much of that information becomes searchable almost instantly across multiple platforms, often beyond the practical control of the individuals involved.
That reality has fundamentally altered how courts, lawmakers, and privacy advocates think about public information access. While many records technically remain public, the ease, speed, and scale of modern data aggregation have created entirely new security concerns that previous generations of lawmakers never anticipated. Information that once required significant effort to obtain can now appear instantly through searchable online databases accessible from virtually anywhere in the world.
Daniel’s Law emerged directly from that transformation.
The case now pending before the New Jersey Supreme Court therefore represents far more than a narrow statutory interpretation fight. It reflects a larger national reckoning involving online privacy rights, data commercialization, public safety, and constitutional boundaries surrounding information dissemination in the digital economy.
The implications extend well beyond judges and prosecutors alone. A ruling favoring strong liability standards could encourage broader legislative efforts targeting data brokers and online information markets. A narrower ruling favoring heightened mental state requirements could limit future privacy enforcement efforts and complicate attempts to regulate information distribution systems. Either outcome is likely to influence privacy legislation discussions nationally as states continue struggling to balance transparency principles with growing security concerns.
The business implications are equally substantial. Companies involved in data aggregation, searchable databases, marketing analytics, people-search platforms, and online records distribution are watching the case closely because the Court’s decision may directly impact operational compliance requirements throughout New Jersey. Depending on how liability standards are defined, businesses may face significantly greater obligations involving notice processing, database management, information removal systems, compliance staffing, and risk mitigation procedures.
At the same time, supporters of Daniel’s Law argue that strong enforcement mechanisms are necessary precisely because the digital information economy has become so pervasive and difficult to control. They contend that without meaningful financial consequences, many businesses would lack sufficient incentive to promptly remove protected information after receiving legal notices.
The broader public policy debate unfolding beneath the litigation reflects a difficult modern question facing legislatures nationwide: how should states regulate personal information once technology allows that information to move instantly, endlessly, and commercially across interconnected digital ecosystems? The answer remains unsettled not only in New Jersey but throughout the United States.
For now, the New Jersey Supreme Court’s eventual ruling will likely become one of the most closely analyzed privacy decisions in recent state legal history. Legal scholars, civil liberties advocates, law enforcement organizations, constitutional attorneys, technology companies, privacy firms, and government officials are all awaiting the Court’s interpretation because it may establish a foundational precedent governing how privacy protection statutes are enforced moving forward.
As New Jersey continues positioning itself at the center of some of the nation’s most aggressive privacy and data protection debates, the Daniel’s Law case increasingly appears poised to become a defining legal moment in the evolving collision between public safety, digital commerce, constitutional law, and the future of online personal privacy.
