What adsbexchange, flightradar & co. are doing is almost certainly illegal in Europe under the GDPR.
This isn't exactly "public flight data", in many cases it's illegally collected and published flight data.
E: I can't reply to "imnotjames" below thanks to HN ratelimits, but here you go:
It's an obvious GDPR violation, just like it'd be an obvious GDPR violation to publish a similar database but with phone IMEIs and associated locations instead of aircraft.
The FAA has a program called LADD (Limiting Aircraft Data Displayed) and high-profile individuals, etc can sign up to it. The major players in the flight tracking business like FlightRadar24 or FlightAware follow that. But sites like ADS-B Exchange do not adhere to that, so you can see a lot more flights that are blocked on the others. Also anyone with a Raspberry Pi and a cheap antenna can build their own ADS-B receiver and get that unfiltered data.
I don’t see how it is an obvious GDPR violation. The GDPR is a lot more nuanced than “all private data is protected”. It has exemptions for data published based on a legal requirement (could be the case here), data that cannot easily linked to an individual (number plates are not protected by themselves) and data regarding companies is also exempt. This jet isn’t owned by musk, it’s owned by a company. Journalists (including citizen journalists) also have broad protections in European law and those must be weighed against the GDPR protections.
There’s so much nuance to this that it’s possible this might fall under GDPR, but it’s very far from obvious.
Not sure how GDPR is relevant since Elon Musk isn’t the EU data commissioner so it’s not up to him to enforce GDPR, and neither Musk, nor Twitter itself, nor the journalists, nor the sites concerned nor the information in question is in any way European[1].
Here’s the definition of personal data under GDPR[2] for anyone who’s curious. If this information hypothetically were to be published by a company with a European or UK connection about an EU or UK data subject and that person were to complain to their national data protection authority we might be in GDPR enforcement territory.
[1] or UK because UK GDPR is a thing even though the UK is no longer in the EU
Well Elon still isn’t anything to do with the apparatus of gdpr enforcement so it’s still irrelevant and secondly enforcement would be against the sites which are supposedly infringing rather than people linking to them on twitter. This is a sideshow.
I think of it as about the same as the recent complaints that Elon Musk posting 'prosecute Fauci' means he is responsible for Dr. Fauci receiving death threats, or whatever the actual consequence was of that. That is, the idea or information already exists and is publicly available to anyone, but it has been 'amplified' here and this makes it much more serious.
How many rich and famous have been disgraced in the last 200 years because journalists posted outside their hotel room or followed their car?