This claim keeps being made, but Musk’s aircraft is fully visible in the FAA registry data and doesn’t have an obfuscated ICAO hex code. It wasn’t part of the PIA programme, which is also not something endorsed by the ICAO but only used by the FAA within US borders. When flying abroad an aircraft must use its static ICAO address.
Even if it was there’s still nothing wrong with tracking the aircraft and nothing illegal about people matching the rolling ICAO hex codes to the real aircraft.
It frustrates me that we’ve allowed Musk to completely redefine the conversation around something that was already settled and accepted:
1. Flight tracking data, collected from ADS-B, is legal and publicly available. Aircraft ownership data is public too.
2. Nobody has a right to keeping their aircraft movements private, and aircraft movements != personal movements.
3. After much lobbying the FAA introduced LADD & PIA, but they say outright that it’s not a guarantee of confidentiality and just makes it slightly harder to track an aircraft.
4. PIA temporary ICAO codes can only be rotated every 60 days (going down to 20) and it’s pitifully easy for any aircraft spotter, as have hung around airports for decades, to match a new one to an aircraft registration.
It's the general data privacy regulation, it applies generally, to everything. It treats planes, cars and phones in exactly the same way (in that it never specifically mentions any of them).
The GDPR even covers you just writing notes into your diary about what your neighbours have been up to.
If you're going to argue (like _djo_) that this is not a precedent because it concerns a different type of a vehicle, you're entering into some rather absurd territory.
We have a clear example showing that simply storing pictures of car license plates by a toll road operator was a GDPR violation. Aircraft tail numbers are functionally exactly the same as car license plates.
The GDPR does not at any point discuss vehicles, from a GDPR perspective it makes no difference if the vehicle is a car, bicycle or your personal submarine. Or if there's a vehicle at all! GDPR concerns all PII for an extremely broad definition of PII.
Tracking locations of personal aircraft without consent is a GDPR violation, there really couldn't be a more obvious example of one.
PS. GDPR places the onus on the data controller to prove what they're doing is legal, not the other way around. You are guilty unless proven innocent. The reasonable question is to ask "Is there a precedent for this being legal?".
The answer to that is probably not, because the European flightradar24.com does have a privacy policy anywhere. This alone is blatantly illegal, but the reason they don't have one is almost certainly that their business is fundamentally not legal in Europe.
If what flighradar24.com and adsbexchange.com are doing was legal, they would have a privacy policy explaining the legal basis for their data collection. It's fundamentally impossible for their business to be GDPR compliant without one.
Even if it was there’s still nothing wrong with tracking the aircraft and nothing illegal about people matching the rolling ICAO hex codes to the real aircraft.
It frustrates me that we’ve allowed Musk to completely redefine the conversation around something that was already settled and accepted:
1. Flight tracking data, collected from ADS-B, is legal and publicly available. Aircraft ownership data is public too.
2. Nobody has a right to keeping their aircraft movements private, and aircraft movements != personal movements.
3. After much lobbying the FAA introduced LADD & PIA, but they say outright that it’s not a guarantee of confidentiality and just makes it slightly harder to track an aircraft.
4. PIA temporary ICAO codes can only be rotated every 60 days (going down to 20) and it’s pitifully easy for any aircraft spotter, as have hung around airports for decades, to match a new one to an aircraft registration.