Out-Law News 2 min. read

Unmanned aircraft to face tougher standards on data protection and privacy under new European Commission proposals


Remotely piloted aircraft systems (RPAS) used to carry out checks on energy and rail infrastructure would be subject to stricter regulatory standards under new proposals announced by the European Commission

Civil RPAS – also known as civil drones – would be subject to tougher standards on areas of data protection, privacy, insurance, liability, safety and security if the new measures become law.

The moves are designed to create uniformity across the European Union in relation to civil drone regulation, in order that Europe can become a global leader in the development of the emerging technology while ensuring that appropriate safeguards are in place, a statement by the Commission said.

Announcing the proposals, Siim Kallas, commissioner for mobility and transport, said: "Civil drones can check for damage on road and rail bridges, monitor natural disasters such as flooding and spray crops with pinpoint accuracy. They come in all shapes and sizes. In the future they may even deliver books from your favourite online retailer. But many people, including myself, have concerns about the safety, security and privacy issues relating to these devices."

According to the Commission, civil drones could represent 10% of the aviation market ten years from now, with a value of €15 billion per year.

"If ever there was a right time to do this, and to do this at a European level, it is now," said Kallas. "Because remotely piloted aircraft, almost by definition, are going to cross borders and the industry is still in its infancy. We have an opportunity now to make a single set of rules that everyone can work with, just like we do for larger aircraft."

According to the Commission, civil drones are increasingly being used in France, the UK and Sweden across different civil commercial sectors. While basic national safety rules apply within member states, the Commission is concerned that rules differ across the EU. It believes the "fragmented regulatory framework" means a number of key safeguards "are not addressed in a coherent way." 

The new proposals would introduce tough controls on privacy and data protection, said the Commission.  Data collected by civil drones would be required to comply with the applicable data protection rules and data protection authorities must monitor the subsequent collection and processing of personal data. The Commission said it will propose changes or specific guidance to data and privacy protection issues, if necessary. 

The new measures would also aim to safeguard the security of unmanned aircraft.

"Civil drones can be subject to potential unlawful actions and security threats, like other aircraft," said the Commission. "EASA will start work to develop the necessary security requirements, particularly to protect information streams, and then propose specific legal obligations for all players concerned - e.g. air traffic management, the operator, the telecom service providers - to be enforced by national authorities."

Civil drone operations would also be required to provide an equivalent level of safety to 'manned' aviation operations. The European Aviation Safety Agency (EASA) is to begin the development of specific EU-wide standards for remotely piloted aircraft, said the Commission.

The proposals would also establish a clear framework for liability and insurance in relation to unmanned aircraft.

The Commission also pledged to support research and development of civil drone technology through funds managed by the Single European Sky ATM Research (SESAR) Programme, and its Horizon 2020 and COSME programmes, which support small to medium enterprises and start-ups.

The Commission will now carry out an in-depth impact assessment to examine the issues and define the best options to address them. This may be followed by a legislative proposal, the Commission said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.