As our previous post stated, the commercial use of drones, or small unmanned aerial systems (sUAS), for urban real estate and construction has gained some traction with the passage of the New York City Council’s bill requiring the Department of Buildings (DOB) to study the feasibility of using sUAS to inspect building facades. With this new bill, as well as other metropolitan cities surely following suit, one of the biggest issues on the forefront for the public at large is privacy.

Think about it: how would you feel if a drone flew over your house while you were in your private backyard, enclosed by a fence, sunbathing? Watering your garden? Playing soccer with your kids? Or sitting at your desk and a drone hovered by your window? Your answer probably rests on who was flying the drone and the reason why they were flying the drone. However, generally, if you are like others across the U.S., you would probably have some privacy concerns. As bills like the New York City Council’s bill above pass, the public wants to know how these proliferous drones will affect their privacy and what the legal limits are for these drones.

The Federal Aviation Administration’s (FAA) sUAS regulations (Part 107) do not address privacy issues. Essentially, as long as the drone operator is compliant with operational restrictions and obtained appropriate waivers and permissions as needed, there are no other federal restrictions regarding flights when it comes to preserving public privacy -even over your backyard or in front of your office window in the skyscraper where you work.

If you look at the public perception of drones and privacy, generally (of 1,047 participants in a recent study from last year by the College of Aviation at Embry-Riddle Aeronautical University) most people said that they were not concerned about hobbyists, construction and real estate companies, but more concerned with drones operated by the government, military or law enforcement, with unmarked drones generating the most privacy concerns.

So where do we stand on privacy and drones in the United States? Well, it’s a gray area. As noted above, the FAA’s Part 107 rule does not specifically deal with privacy issues, and the FAA does not (and has not agreed to) regulate how sUAS gather data on people or property. The FAA says that it “strongly encourages all [s]UAS pilots to check local and state laws before gathering information through remote sensing technology or photography.” Where does that leave us? Where should companies look for guidance?

Back in 2016, privacy groups and industry stakeholders that were participating in the National Telecommunications & Information Administration (NTIA) Multi-Stakeholder process released a set of best practices for commercial and private drone use. Participants included Amazon, AUVSI, Center for Democracy and Technology, Consumer Technology Association, CTIA, FPF, Intel, X (formerly Google X), New America’s Open Technology Institute, PrecisionHawk, SIIA, Small UAV Coalition, and many media organizations. Those ‘best practices’ included:

  • Informing others of your use of drones (i.e., where reasonable, providing prior notice to individuals of the general timeframe and area where you may anticipate using a drone to collect identifiable data);
  • Showing care when operating drones or collecting and storing personally identifiable data (i.e., retaining only information that you must retain and de-identify information when possible);
  • Limiting the use and sharing of identifiable data;
  • Securing identifiable data; and,
  • Monitoring and complying with evolving federal, state and local drone laws and regulations.

This is a great place to start. This list brings us back to the basics of privacy. Whether its collection of information from consumers or employees or data gathered through a drone, it all comes down to transparency. However, these are only best practices -not laws or regulations. So is there any accountability? We’re working on it; the industry, the FAA, local and state lawmakers. Right now, we have to look to a smorgasbord of privacy and aviation laws and apply them to drone flights and data collection.

From a federal perspective, the FAA Part 107 rules do not allow for flights over people unless the pilot obtains a special waiver. In New York City for example, you’ll be hard pressed to find a street that isn’t densely swarmed with people. Further, most of New York City is controlled Class B airspace because of the airports. Again, to fly in these areas, the pilot would need FAA authorization. This is not to say that the FAA won’t issue a waiver or provide the authorization.

But, the FAA has now proposed a rule for flights over people. The rule will allow drone flights over people if the drone falls within one of three new categories, which are based on injury-risk factors. Drones in the highest-risk category will be prohibited from hovering over open-air assemblies of people unless they are in a closed or restricted-access area, like a stadium, and have been notified of the drone operation. Further, any drone that will fly over people must bear a label identifying its category, except those in the lowest-risk category (i.e., drones weighing .55 pounds or less). Manufacturers of drones weighing more than .55 pounds who want them to qualify for flights over people must certify that the drones meet specified impact-force thresholds and will not contain exposed propellers or rotating parts that will cut human skin. They also must provide pilot instructions, allow FAA inspections, have procedures to notify the FAA and the public of safety defects, and keep records related to the drones. NOTE: nowhere in this proposed rule is privacy addressed. Again, the industry and stakeholders must weigh in and create a standard if the law lags behind.

However, recently, the FAA also proposed a rule on remote identification of sUAS.  The rule would facilitate the collection and storage of certain data such as identity, location, and altitude regarding an unmanned aircraft and its control station. The comment period for FAA’s published the notice of proposed rulemaking on remote identification closed on March 2, 2020. The FAA is now targeting 2021 as the launch of its remote ID program. It would permit police officers, aviation authorities and other public officials to search for a drone by a broadcast unique identifier and find out who the operator is. Will this make the public more at ease? If a drone is hovering, with no markings, and you call your local police department, presumably they’d be able to identity the individual operator and take action. We’ll see what the future holds.

While the future of drones and privacy is unclear and still evolving, one thing is certain, to ensure that drone technology benefits society as a whole, any frameworks proposed should include an eye towards privacy.

This post was authored by Kathryn Rattigan is also being shared on our Data Privacy + Cybersecurity Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.