Even if it was there’s still nothing wrong with tracking the aircraft and nothing illegal about people matching the rolling ICAO hex codes to the real aircraft.
It frustrates me that we’ve allowed Musk to completely redefine the conversation around something that was already settled and accepted:
1. Flight tracking data, collected from ADS-B, is legal and publicly available. Aircraft ownership data is public too.
2. Nobody has a right to keeping their aircraft movements private, and aircraft movements != personal movements.
3. After much lobbying the FAA introduced LADD & PIA, but they say outright that it’s not a guarantee of confidentiality and just makes it slightly harder to track an aircraft.
4. PIA temporary ICAO codes can only be rotated every 60 days (going down to 20) and it’s pitifully easy for any aircraft spotter, as have hung around airports for decades, to match a new one to an aircraft registration.
Not legal in Europe. You can't legally collect this (or any other PII) for fun, you'd need particularly strong reasons to do so without consent.
Mobile phones also broadcast their IMEIs and location, it would be similarly illegal to collect and store those signals to track phone movements.
>2. Nobody has a right to keeping their aircraft movements private, and aircraft movements != personal movements.
While not all aircraft movements are personal movements, many are.
Private aircraft are neither private cars nor private phones and have he ever been treated equivalently under EU law.
You’re reasoning through false analogies.
The GDPR even covers you just writing notes into your diary about what your neighbours have been up to.
Yes, there are a plenty of precedents in the usual sense of the word. Such as this case, https://www.enforcementtracker.com/ETid-851
If you're going to argue (like _djo_) that this is not a precedent because it concerns a different type of a vehicle, you're entering into some rather absurd territory.
We have a clear example showing that simply storing pictures of car license plates by a toll road operator was a GDPR violation. Aircraft tail numbers are functionally exactly the same as car license plates.
The GDPR does not at any point discuss vehicles, from a GDPR perspective it makes no difference if the vehicle is a car, bicycle or your personal submarine. Or if there's a vehicle at all! GDPR concerns all PII for an extremely broad definition of PII.
Tracking locations of personal aircraft without consent is a GDPR violation, there really couldn't be a more obvious example of one.
PS. GDPR places the onus on the data controller to prove what they're doing is legal, not the other way around. You are guilty unless proven innocent. The reasonable question is to ask "Is there a precedent for this being legal?".
The answer to that is probably not, because the European flightradar24.com does have a privacy policy anywhere. This alone is blatantly illegal, but the reason they don't have one is almost certainly that their business is fundamentally not legal in Europe.
If what flighradar24.com and adsbexchange.com are doing was legal, they would have a privacy policy explaining the legal basis for their data collection. It's fundamentally impossible for their business to be GDPR compliant without one.