There is no current news. Attached is a copy of the complaint.
It really has no basis in law as someone who transmits over open airwaves without encryption has no reasonable expectation of privacy. They are alleging that air traffic controllers can be personally identified by the fact that they merely issue instructions to pilots over the air (voluntarily, because they chose their job). It is a ludicrous assertion.
All the while, France passed this legislation today: France: New security law risks dystopian surveillance state
We have been in contact with at least two other French aviation groups that are quite surprised and angered at this development.
Dear dave,
Any update about the situation ?
According to the letter that i've read,
I suggest you to re-open the feed, and the is why, according to my opinion.
The DGAG told you that doing some processing operations, and they refer to the of Regulation (EU) 2016/679 of the Parliament,
European Parliament and of the Council of 27 April 2016, relating to the protection of natural persons with regard to processing of personal data and the free movement of these data (regulation
general data protection).
Especially the article n°6, by saying that :
"However, the processing that you carry out on the data does not appear lawful within the meaning of article 6 of the
aforementioned regulation."
This as false, according to the same code :
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R06791. Processing is only lawful if and to the extent that at least one of the following conditions is met:
a) the data subject has consented to the processing of his or her personal data for one or more purposes
specific;
(b) the processing is necessary for the performance of a contract to which the data subject is party or for the performance of
pre-contractual measures taken at the request of the latter;
c) the processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) processing is necessary to safeguard the vital interests of the data subject or another person
physical;
e) the processing is necessary for the performance of a task of public interest or relating to the exercise of public authority
which is vested in the data controller;
f) the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party,
unless the interests or fundamental rights and freedoms of the data subject prevail which require protection.
protection of personal data, in particular when the person concerned is a child.
Point (f) of the first paragraph does not apply to processing carried out by public authorities in the execution of their
missions.
The good point here is section e),
Indeed you're acting for the public interest, for freedom of information.
DGAC is a public agency which fall onto this regulation purpose :
Directive 2003/98/EC of the European Parliament and the Council of 17 November 2003 on the re-use of public sector information sets out the rules and practices for accessing public sector information resources for further exploitation. This directive has been reviewed in 2013 by Directive 2013/37/EU of the European Parliament and the Council of 26 June 2013 amending Directive 2003/98/EC on the re-use of public sector information.
So it will be nice to heard back from french feed, and wait until an "maybe" next DGAC letter, But it will be difficult for them to find other legal reasons.
Best wings,
Bensay