Consensus was reached in a proceeding of the National Telecommunications and Information Administration (NTIA) of the U.S. Department of Commerce on a set of privacy practices for the commercial and recreational use of unmanned aerial systems (UAS), more commonly referred to as “drones.”
This agreement, reached on May 18, 2016, successfully concludes a process initiated by President Obama on February 15, 2015, when he called on NTIA to convene a multistake holder process to develop and communicate best practices in order to “promote the responsible use of this technology in a way that does not diminish rights and freedoms.”
In the resulting process, dozens of representatives of diverse industry sectors, civil society and academia formally met a half dozen times under the auspices of the NTIA.
The final best practices were drafted and supported by a combination of civil society groups:
- Center for Democracy & Technology
- New America’s Open Technology Institute
- Future of Privacy Forum
- Online Trust Alliance
and industry participants with diverse interests in the use, manufacture and/or sale of UAV technology:
- X—formerly known as Google X
- CTIA, Consumer Technology Association
- Small UAV Coalition
- Association for Unmanned Vehicle Systems International
- Software & Information Industry Association
as well as media groups:
- News Media Coalition
- Newspaper Association of America
- National Association of Broadcasters
- Radio Television Digital News Association
- Digital Content Next
The best practices, which apply to both business and private use of drones, are voluntary and do not supplant any applicable federal or state law. They nonetheless provide guidelines that may be helpful to businesses and hobbyists as they seek to use drones in a privacy-protective manner.
Highlights of the consensus best practices below.
Highlights of Consensus Best Practices
What’s Covered. The best practices apply to the collection, use or disclosure of data that identifies a particular person and will likely be linked to a person’s name or other personally identifiable information. Blurring a photograph or otherwise de-identifying data takes it outside the scope of the best practices.
Reasonable Expectation of Privacy. When individuals have a reasonable expectation of privacy, drone operators should not purposefully collect personal information unless they have permission or a compelling reason to do so. In addition, drone operators should avoid the persistent and continuous collection of personal information without permission or a compelling reason.
Minimize Flights Over Private Property. Drone operators should make a reasonable effort to minimize flying over or within private property without permission or legal authority, unless it would impede the purpose of the drone operation or conflict with FAA guidelines.
Limits on Public Disclosure. Operators should avoid knowingly making personal information public, except with consent or if necessary to fulfill the purpose for which the drone is used.
Specific Use Limits. Operators should not use personal information for employment eligibility, promotion or retention; credit eligibility; or healthcare treatment eligibility other than when expressly permitted by and subject to the requirements of a sector-specific regulatory framework or with permission.
Security. Drone operators should take reasonable measures to secure personal information collected via UAS.
Next Steps for Drone Privacy Concerns
The privacy best practices emerged from the NTIA process as many businesses eagerly await the FAA’s final rule for the widespread commercial use of drones, which the FAA has made clear will not address privacy issues.
In addition, the FTC has announced a public workshop on October 13, 2016 to address drone privacy issues.
For questions on the best practices produced through the NTIA’s multistakeholder process, please contact Gowdy Brothers Aerospace Consultants.
Source: PerkinsCoie: https://www.perkinscoie.com/en/news-insights/privacy-best-practices-for-commercial-and-private-drone-use.html