The GDPR in Space: Mapping Jurisdiction and Navigating Trust

This article examines the applicability of Article 3 of the General Data Protection Regulation (GDPR) to space-based personal data collection conducted via Earth observation satellites. Moreover, it measures these findings against public trust perceptions and privacy attitudes. The research adopts a multi-methodological approach, combining a legal doctrinal analysis with psychological theory. Furthermore, it conducts semi-structured interviews with several subject-matter experts. The legal analysis highlights the GDPR’s potential but ambiguous extraterritorial reach in regulating these instances. In parallel, the psychological dimension reveals low public trust in space-based observation satellites, compounded by technical complexities and a growing sense of dependence. In order to integrate the two dimensions and create constructive suggestions, this article applies Malcolm Sparrow’s risk framework. This reveals that, despite legal uncertainty, the risks associated with satellite-based personal data collection by observation satellites necessitate regulatory oversight, positioning supervisory authorities in a key role for addressing societal harms that extend beyond formal legal responsibilities. “I often see privacy set against innovation or law enforcement efforts. But privacy is also a form of security, equally important as protection from crime.”– Monique Verdier, Deputy Chair of the Dutch DPA