Their growing use has set the demand for regulation and a regulatory framework for licence or permission, liability and privacy and data protection.
A drone is just one of the terms used to describe these many light aircrafts which have so many wide ranging uses. This article is not designed to detail the air regulations, licence or permission for commercial operation of these devices or further legal issues of trespass and nuisance but to focus on the data protection and privacy elements of the usage of these Unmanned Aerial Systems (UAS).
How drones can impact privacy
The EU Commission published an analysis on data protection and the civil use of drones in 2015 which identified drones as technology which are increasingly used. In relation to data protection and privacy, drones normally carry video cameras and allow pilots to fly them. These images can be easily recorded and stored, and are often uploaded onto the internet. The privacy of private life and property can be interfered with and violated when drones capture images of people in their houses or gardens. A series of other applications and payloads can also be installed on drones, allowing the gathering and processing of personal data and seriously interfering with and potentially violating citizens’ rights to privacy and data protection.
There is no specific legislation at present which focuses purely on Data Protection, privacy and drone usage but current legislation including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) demonstrate that the law is recognising the rapid pace of technology changes and the rights of the individual.
The legislation recognises the importance of freedom of expression and recognises peoples privacy with the intention to strike a balance. The Information Commissioner has published guidance on drone usage and a code of practice for surveillance cameras and personal information which is available on the Information Commissions Website.
The potential for privacy and data protection risks to be associated with UAS usage is high and cannot be underestimated.
The majority of civilian drones use congested industrial radio frequencies typically used for amateur radio and where there are unencrypted data links used, they can be vulnerable to interception and hacking. The Civil Aviation Authority recommends the use of a spectrum analyses to assist and assess the radio frequency congestion. However, the danger is there for interception.
Drones and GDPR
A drone is technology and is a device that capable of being intercepted. The GDPR sets out in Article 32, details regarding the security of processing data. It is this section which sets out the specific requirement for an organisation to put in place technical and organisational measures to safeguard data. Before using a drone for commercial reasons it is therefore imperative in order to be compliant with the GDPR to ensure that these measures are taken.
The EU GDPR and the DPA deliver a fundamental change in how data controllers and processors handle data – which includes images of individuals captured on drones. Protection for personal data and privacy will now have to be designed into the very fabric of data processing systems and the use of these types of technology.
It is likely with increased usage and Brexit that drones will force a further and specific legislation change to ensure greater regulation but until that time data privacy and protection are encapsulated within the core elements of the GDPR and also the key Data Protection Principles contained in the DPA.