A considerable amount of commercial, security, and safety-related data is collected and used in various ways by airlines and other aviation industry participants. Much of this data collection, retention, and disclosure is authorized by a complex array of international and municipal regulation, which also requires that some of the data be reported to agencies and other persons authorized to access it. However, it is already difficult to identify what data collection, retention, and disclosure is authorized and what is not. Even the use of purely commercial information by airlines purports to be authorized by private contractual arrangements with customers. Privacy and data protection laws in Australia and elsewhere are designed to protect individuals’ personal information from misuse and exploitation but it is difficult to reconcile the conflicting imperatives of privacy and aviation safety and security. New privacy law proposals in Australia require the notification of individuals whose data has been disclosed or accessed without authorization and seem to be a desirable element in the armoury of data protection defences against personal data abuses. However, their effectiveness is questionable in the aviation context, as the implementation of the proposed obligations will not only lead to considerable complexity and uncertainty for airlines but also be difficult to carry out and to monitor in practice.
Air and Space Law