Data Protection Commission says concerns were raised over amount of information that was publicly available
In its annual report published today, the privacy watchdog reveals that it engaged on the issue with the Irish Aviation Authority (IAA) after concerns were raised by the owner of one private aircraft.
“This individual was required to register their aircraft with the IAA and was concerned about the amount of information contained in its register of aircraft owners, which it makes publicly available on its website,” the DPC report says.
The aviation authority is required to keep a register of aircraft owners in Ireland, which the public can inspect, and owners must provide their names and addresses when registering.
The DPC took the view that while the authority was right to collect the personal data, publication of it online “appeared to go beyond what was specifically required by legislation”.
Doing so meant that the names and addresses of private aircraft owners “were publicly searchable on search engines, representing a significant invasion of their privacy”.
The DPC says that following its intervention, the IAA agreed to redact the names and residential addresses of private individuals on the aircraft register posted online.
The aviation authority confirmed than as of October 2023, it had stopped doing so. “Should a member of the public wish to view the aircraft register, they may do so for a fee and by appointment,” it said.
While most of the 1,377 planes registered in Ireland are owned by airlines or charter companies, hundreds of them are in private hands, including wealthy business people. For example Larry Goodman’s Anglo Irish Beef Processors registered a Eurocopter in 2008 that is still on the register.
The number of flights being taken by private aircraft, and the carbon they emit, have been coming under closer scrutiny globally.
The private planes of celebrities such as Elon Musk and Taylor Swift have been tracked by university student Jack Sweeney, who calculates how much pollution their air travel is producing. This is set to become more difficult as the US government is giving private aircraft owners the right to anonymise their registration details.
Asked if the right balance is being struck in Ireland between owners’ privacy and the public’s right to know, Dale Sutherland, a commissioner for data protection, told the Irish Independent: “We felt some of the information being published was not necessary for the purposes of the register.
“You look at what is the purpose of the register, what is the legal basis on which it’s been established, what does it intend to do. And then if you have information being published that is beyond what is necessary for the purpose of the register, it is hard to find a lawful underpinning from a data-protection point of view.”
He said the deletion of the names and addresses of aircraft owners from the online register did not affect the integrity of the database. “It simply acknowledges that you have to strike a balance between what should be in the public domain and what shouldn’t.”
There was a significant increase in complaints dealt with by the DPC last year, according to the annual report, with record fines issued, including the €1.2bn levied on Meta and the €345m on TikTok. Both are being challenged in the courts.
The DPC said it processed 11,200 new cases last year, a 20pc increase on the figure for 2022. The total number of valid GDPR breach notifications received in 2023 was 6,991, also up 20pc.
The most frequent cause of complaint was that correspondence had been sent to the wrong recipients.
Public-sector bodies and banks accounted for the top 10 organisations with the highest number of breach notifications recorded against them.
