Drone use puts operators at risk of 'collateral privacy intrusion', says data watchdog

Out-Law News | 12 Nov 2014 | 9:51 am | 3 min. read

Businesses that use 'remotely piloted aircraft systems' (RPAS), or drones, to capture images run the risk of "collateral intrusion" of individuals' privacy, the UK's deputy information commissioner has said.

Drones can be used for a variety of commercial purposes, such as by broadcasters for capturing aerial images, by construction companies to monitor project progress and to inspect oil and gas pipelines.

David Smith told a UK parliamentary committee that the use of drones by commercial operators must correspond to rules set out in the Data Protection Act (DPA).

"There is more scope with these systems for what we would call collateral intrusion," Smith told the Lords Sub-Committee on the Internal Market, Infrastructure and Employment. "[For example], I'm going to inspect the roof of a house but I pick up lots of images of people in the garden, neighbours gardens and around which I'm not intending to pick up but which I do pick up."

However, Smith said that there is increased blurring of the legal lines that differentiate between the collection of images of individuals by commercial operators of drones and by private "hobbyists" using the technology. He said the Information Commissioner's Office (ICO) has been pressurised to regulate the use of drones by private individuals.

EU data protection rules generally govern the collection, processing and retention of personal data but do not apply where personal data is collected "in the course of a purely personal or household activity".

Smith said that a case before the Court of Justice of the EU (CJEU) could set a legal principle about the extent to which the 'household' exemption to data protection laws applies in the context of using surveillance cameras.

"This question of how far data protection law extends to personal and private use is more than under debate, it is under legal question," Smith told the committee. "There is a case before the CJEU about domestic use of CCTV where it is a camera put on someone's private house but it overlooks the public area into street. Our approach [under UK law] would be … that that is all outside the scope of data protection law."

"The Advocate General of the court has given a preliminary opinion which said because [the gathering of images] extends into public spaces [and] should be caught [by data protection laws] – it is not simply personal and domestic. But we have not yet had the full judgment of the court so it is a little bit of a moving field," Smith said.

Smith said that the use of long-range drones that capture images in the UK but are operated from other EU countries, such as France, would be governed by data protection laws in those other EU countries.

"If they came across from France and were operated by a French operator then they would be covered by French data protection law," he said.

Smith said that the Article 29 Working Party, the committee which represents data protection authorities based across the EU, is working on a new opinion on the use of drones and how data protection laws are engaged.

The ICO issued new guidance on the use of drones and privacy rights last month.

However, communications law academic David Goldberg challenged whether privacy watchdogs should be concerned with the use of drones by commercial operators. He told the Committee that the businesses he knows of that use drones have no interest in capturing images of individuals and cited the use of drones in Japan's agriculture industry in the past three decades "for monitoring the state and condition of plants, fields and crops" as an example of commercial use of drones that has "no connection to privacy".

Privacy rights should only be engaged where the use of drones results in "serious systematic surveillance" on individuals, Goldberg said, citing a previous UK court ruling on the use of aerial photography.

"I think this focus on an RPAS peaking into somebody's window is, in a certain sense, a difficult attitude to even understand," Goldberg said. "It's just not relevant and not credible in relation to the use of RPAS in the market we are talking about."

"I find the Information Commissioner Office's concern with collateral and incidental and accidental and happenstance capturing of images quite the tail wagging the dog," he said.

The use of drones deliver a "greater health and safety advantage" by allow the machines to carry out "dull, dangerous and dirty" jobs that humans would otherwise have to.

"The manifold businesses that are being established by the RPAS operators have got absolutely not the slightest interest never mind in misusing personal information but in acquiring it in the first place," Goldberg said.

The Lords Sub-Committee on the Internal Market, Infrastructure and Employment is expected to report on the results of its inquiry into the civil use of RPAS in the EU in March.