For example in Finland you would likely be violating the radio secrecy laws by merely listening unless you're actively involved in aviation (e.g. flying a plane or sitting in a tower)
In all EU countries you would be violating the GDPR if you stored this data without a lawful basis. (If you're wondering what constitutes "lawful basis", here's a helpful tool https://ico.org.uk/for-organisations/gdpr-resources/lawful-b...)
> I doubt the EU courts would argue any other way otherwise we'd need to criminalize tracking of UPS trucks and the like
Why would the GDPR prevent UPS from tracking their own trucks? How is this even remotely related to what we're discussing here?
Somehow getting, storing, and sharing passenger manifests would constitute PII of the sort that falls under GDPR.
It sure as hell does, just like it applies to movements of cars and movements of mobile phones.
https://ico.org.uk/for-organisations/guide-to-data-protectio...
It isn't! These are ephemeral radio transmissions which contain PII. You might collect those transmissions and publish them somewhere, but that would be illegal.
> nobody has been able to successfully make a case that aircraft movements are cases of indirect PII in terms of the GDPR.
So you're just trolling. That's not how the GDPR works, you don't get to make any kind of case at all. The government will when they eventually get to it after clearing decades worth of backlogs.
And for what it's worth, there are already perfectly applicable precedents https://www.enforcementtracker.com/ETid-851
> you're just trolling. That's not how the GDPR works, you don't get to make any kind of case at all. The government will when they eventually get to it after clearing decades worth of backlogs.
To “make a case” for something means to provide a persuasive argument for it. If I had meant pursuing a lawsuit I’d have said so.
What? Where am I defending Musk? You seem to have an unhealthy obsession with the clown. I haven't even mentioned the guy!
Unlike you, I don't give a shit about the guy. I'm just an European aircraft owner who's not a fan of these websites.
>There is no PII in these transmissions.
>To “make a case” for something means to provide a persuasive argument for it. If I had meant pursuing a lawsuit I’d have said so.
Are you kidding? Mere pictures of license plates associated with timestamps have been found to be covered by GDPR, perfectly analogous to what's being discussed here.
http://enforcementtracker.com/ETid-851
Instead of car license plates, we have tail numbers and ICAO addresses. That's the only difference.
Nobody would even contemplate a public registry of car owners, for instance, but all of those countries maintain one for aircraft.
I’ve seen multiple attempts to make the same argument you are by disgruntled private aircraft owners every now and then. None have succeeded in any official venue.
Are you joking? Lots of EU countries have had this, and still do.
For example in Finland, https://www.traficom.fi/en/services/vehicle-data-and-tax-pay...
In Sweden you can text the cars registration plate to 72503 and get the cars owners info.
In Norway you can look up car owners by registration plate or VIN https://www.vegvesen.no/en/dinside/kjoretoy/finn-eier-og-kjo...
In Portugal anyone can request the registration certificate from the IRN, that contains the owners information.
The governments aren't bound by GDPR and can totally do this, but as a private party it would generally be illegal for you to scrape this data.
>I’ve seen multiple attempts to make the same argument you are by disgruntled private aircraft owners every now and then. None have succeeded in any official venue.
Same is true of literally all GDPR violations, we've only just introduced these laws and catching up on the enforcement backlog will take decades.
Not only that, but most governments are doing a very shit job funding the enforcement authorities.
The obvious solution will be to allow impacted individuals to litigate GDPR violations by themselves.