To provide more context - a cease-and-desist letter came from a lawyer representing a client, who I will not name here. They are still claiming that these actions are not legal and trying to base it on GDPR. Make no mistake - this is an abuse of GDPR.
Hearing an air traffic controller (ATC) over a radio channel is not considered a breach of that person’s privacy under the General Data Protection Regulation (GDPR) for several reasons:
1. Public Communication: ATC communications are typically transmitted over publicly accessible frequencies that can be picked up by anyone with the right equipment (which in and of itself is not illegal). Since these communications are not private by design, they are not subject to the same privacy protections as personal conversations.
2. Lack of Personal Data: GDPR applies to the processing of personal data, which is information that can identify an individual. ATC transmissions usually consist of callsigns, instructions, and technical communications, not personally identifiable information like names, addresses, or private details.
3. Identification Issue: To be subject to GDPR, the data must be capable of identifying an individual, either directly or indirectly. While an ATC’s voice could be recognized by colleagues, it is generally not sufficient for public identification, especially since the communications are not high fidelity. Unless additional data (such as employment records or a published list linking voices to names) is used to connect a voice to a specific individual, it is unlikely to be classified as personal data under GDPR.
4. Legal and Regulatory Exemptions: Aviation communications fall under specific regulations and exemptions related to safety and operational efficiency. ATC communications are recorded and monitored by aviation authorities for safety, compliance, and training purposes, which is an accepted and necessary practice.
Does listening to ATC violate GDPR?
- Passive listening (e.g., via a scanner) does not violate GDPR because no personal data is being processed or stored.
- Publishing or streaming ATC communications might have legal implications, but this depends on local laws rather than GDPR specifically. Some countries restrict the rebroadcasting of ATC transmissions.
Hearing ATC communications does not violate GDPR because:
- It is public, operational communication.
- It does not inherently contain personal data.
- Identifying a controller from a voice alone is generally not feasible for the public.
Rebroadcasting or recording ATC transmissions might be restricted under aviation or communication law in some countries - but GDPR is not a valid claim.
You can draw your own conclusions.
