CDT Proposes Privacy Best Practices for Drones
Written by Harley Geiger
Unmanned aircraft – “drones” – are a promising technology with great commercial and social potential. Since drones can also operate as a flying platform for sophisticated sensors – such as hi-res cameras, facial and license plate recognition, or cell tower emulators – drones can also erode individual privacy. As with many other emerging technologies, laws established long ago no longer provide adequate privacy protection.
CDT is proposing comprehensive voluntary privacy best practices for private use of drones – both commercial and non-commercial. Strong distrust of drones holds back broad public acceptance of the industry, but following a meaningful set of privacy best practices can help address these concerns. The goal of CDT’s model privacy best practices is to credibly safeguard individual privacy while enabling a wide range of private drone uses.
CDT’s model best practices recommend that:
- Private drone operators should make a reasonable effort to notify individuals when drones are collecting personal data.
- Private drone operators should not intentionally use a drone to enter private property without the landowner’s consent.
- Private drone operators should not use drones to collect personal data without consent where an individual has an expectation of privacy; for persistent monitoring of individuals; or for employment, credit or healthcare eligibility.
- Private drone operators should try to avoid collecting, retaining, or disclosing unnecessary personal data without consent. When possible, unnecessary data should be destroyed or de-identified.
- Commercial drone operators should take basic steps to secure the personal data they collect.
The NTIA process
CDT believes our model best practices achieve the complex balance of providing meaningful privacy protections while remaining sufficiently flexible to enable a huge variety of beneficial drone uses. Our proposed best practices incorporate extensive input from commercial drone operators and civil society groups, resulting in significant changes from our original draft. CDT does not presume our model is flawless and is open to additional constructive feedback.
CDT drafted these model drone privacy best practices as part of the National Telecommunications and Information Administration’s (NTIA) effort to develop voluntary guidelines for Unmanned Aircraft Systems (UAS), as required by the Presidential memorandum on domestic drones. The NTIA’s “multistakeholder process” began in August 2015 and is ongoing – the participants have not yet achieved consensus on a set of best practices. CDT has participated from the start and intends to continue so long as a strong outcome with meaningful protections is reasonably possible.
CDT currently favors our own model best practices over other drafts proposed at the NTIA process. Those other drafts currently offer consumers significantly weaker safeguards from drones, as we detail here, though the drafts may be improved as the NTIA process goes on. CDT may support alternative best practices proposed at the NTIA process in the future – but only if those best practices provide sufficiently strong privacy, transparency, and accountability guidelines for private drone use.
Drone policy background
CDT’s recommendations for drone privacy take two basic tracks – one for government surveillance drones and one for private sector use of drones. When it comes to public sector drones, CDT has long called for federal legislation to create rules that protect privacy from overbroad surveillance without hindering government uses of drones with less impact on civil liberties, such as scientific research and disaster relief.
When it comes to private sector use of drones by both companies and hobbyists, CDT has called for a lighter regulatory touch to protect free speech rights. CDT supports comprehensive baseline consumer privacy legislation that includes drone use, but any government regulation of private drones must be limited to avoid infringing on First Amendment protection of photography and data gathering in public places. For this reason, CDT urges private sector drone operators to adopt a strong code of conduct on privacy, transparency, and accountability. A voluntary code, since it is not forced on the private sector by government, does not raise the same First Amendment concerns that regulation would.
CDT is proposing a set of privacy best practices for the drone industry as a whole, though individual companies or hobbyists could modify the best practices to fit their unique circumstances and formally adopt the best practices as a code of conduct. If broadly adopted and faithfully implemented, a code of conduct could provide meaningful protection and foster greater public trust in drones without unreasonably restraining innovation.
CDT’s model best practices
CDT’s model best practices for private drones lay out principles for privacy, transparency, and accountability. The best practices are drawn from the White House’s Consumer Privacy Bill of Rights, which is based on the widely accepted Fair Information Practice Principles. CDT chose this framework to enhance the completeness and credibility of the best practices. Below are descriptions of some key provisions in CDT’s best practices.
The model best practices encourage all drone operators to provide some form of notice to individuals prior to collecting personal data, where it is practicable to do so. [(1)(b), pg. 4]
CDT’s model best practices include protections from physical intrusions on private property. The best practices encourage drone operators to avoid entering private property without consent. [(2)(d), pg. 6-7] This proposed restriction is in place regardless of whether the drone is collecting personal data, and regardless of whether the drone substantially interferes with the owner’s use or enjoyment of the property. However, we note that best practices do not create any new legal property right over government control of airspace. The FAA has stated that it controls air from the ground up, and may grant drones freedom to fly in this airspace, including air directly over private land.
The best practices encourage commercial operators to specify the purposes for which the drone will gather personal data. [(2)(a), pg. 6] The acceptable purposes for drone use are broad, including the use of private drones for intentional collection of personal data – such as news footage showing individuals’ faces – in public places. However, the best practices forbid the use of private drones to collect personal data, without consent, where an individual has a reasonable expectation of privacy, for persistent and continuous monitoring of individuals, or for eligibility for employment, credit, or healthcare. [(2)(b)-(c), pg. 6]
The model best practices encourage drone operators to collect, retain, and disclose personal data only when it is necessary to fulfill the purpose for which the drone is used, and to destroy or de-identify unnecessary personal data. [(3)(a)-(e), pg. 8] The best practices encourage drone operators to avoid using personal data for marketing without consent. [(3)(f), pg. 9] The best practices encourage drone operators to de-identify or destroy unnecessary personal data upon the request of the data subject. [(4)(a), pg. 10]
The CDT best practices encourage commercial drone operators to take fundamental security measures for retained personal data. These include creating a written policy, monitoring the system for risks, providing employee training, restricting access to personal data, and encrypting or hashing personal data. [(5)(a)-(3), pg. 11] The CDT model best practices encourage commercial UAS operators to periodically review compliance with the drone privacy and security policies. [CDT, (6)(a), pg. 12]
The language of CDT’s model best practices is detailed and flexible – with key phrases like “where practicable” and “reasonable effort,” and some provisions aimed only at commercial drone operators rather than hobbyists. A nuanced and adaptable solution is necessary since the best practices aim to encompass many innovative and complex uses of private sector drones – ranging from precision agriculture and high altitude cartography to amateur videography and investigative journalism. CDT’s model best practices include a “notes” column to help explain the intent behind each provision.
Protecting privacy to enable innovation
Members of the public and regulators have repeatedly shown a visceral reaction to perceived privacy intrusions by drones. As drones are poised to enter the skies in increasing numbers, gaining public acceptance and trust will be key to reaping the full benefits of drone technology. A broadly followed set of best practices for privacy can help drone operators provide consistent privacy protections on which the public can rely. Best practices that are too weak or vague will fail to enhance trust in this already controversial technology.
Ultimately, it is in the best interests of both the industry and consumers to establish sensible norms for drone privacy, transparency, and accountability. CDT hopes our proposed privacy best practices for drones advance us toward that goal.