CDT submitted two documents on commercial use of remotely piloted aircraft systems (or “RPAS” – more commonly known in the United States as drones), to European policymakers this month. One document responded to the UK House of Lords’ inquiry into civil use in the EU of RPAS. The second was a submission to the European Commission’s EU Consultation on the subject matter.
Civil use of RPAS has the potential to revolutionize EU member state industries, especially in the areas of agriculture, healthcare and natural disaster relief. However, increased commercial use of RPAS raises complex consumer privacy concerns. CDT has long advocated for more robust enforcement of existing EU directives and member state law as it relates to civil use of RPAS. In 2011, CDT submitted comments to the European Commission encouraging regulators to provide more guidance on how their legal regimes address the privacy concerns raised by commercial RPAS use. CDT continues to believe that the EU’s existing legal framework provides a sufficient foundation from which to address the challenges presented by RPAS. However, EU regulatory authorities need to clearly define within these directives and laws how they apply to RPAS, and must continually enforce these regulatory tools.
Any changes to EU directives or other legal guidance must include:
- Reasonable limits on RPAS data collection to areas where citizens would reasonably expect surveillance;
- Reasonable limits on RPAS data retention to retain only the personal information necessary for a clearly articulated purpose;
- Reasonable limits on the targeted use of RPAS image identification technologies such as facial recognition and automated license plate scanners; and
- The creation of publicly available standardized information on RPAS owners and operators (described in more detail here).
CDT has written about these positions regularly in recent years. Additionally, we recommended many of these policies in our April 2013 comments to the U.S. Federal Aviation Administration. We believe interpreting the current EU regulatory framework (as well as a revised General Data Protection Regulation currently being debated by the European Council) to include these practices would be equally as effective in the EU. Not only will these changes reinforce the EU Data Protection Directive’s principles of proportionality and transparency, but they will also empower EU member state citizens to safeguard their right to privacy.