05.23.2016

|

Updates

Consensus was reached in a proceeding of the National Telecommunications and Information Administration (NTIA) of the U.S. Department of Commerce on a set of privacy best practices for the commercial and recreational use of unmanned aerial systems (UAS), more commonly referred to as “drones.” 

This agreement, reached on May 18, 2016, successfully concludes a process initiated by President Obama on February 15, 2015, when he called on NTIA to convene a multistakeholder process to develop and communicate best practices in order to “promote the responsible use of this technology in a way that does not diminish rights and freedoms.”  See Perkins Coie Update, FAA Proposes Rules for Commercial UAVs; White House Launches UAV Privacy Initiative.  In the resulting process, dozens of representatives of diverse industry sectors, civil society and academia formally met a half dozen times under the auspices of the NTIA. 

The final best practices were drafted and supported by a combination of civil society groups (Center for Democracy & Technology, New America’s Open Technology Institute, Future of Privacy Forum, Online Trust Alliance, NetChoice) and industry participants with diverse interests in the use, manufacture and/or sale of UAV technology (Amazon, X—formerly known as Google X, CTIA, Consumer Technology Association, Small UAV Coalition, Association for Unmanned Vehicle Systems International, Software & Information Industry Association, PrecisionHawk) as well as media groups (News Media Coalition, Newspaper Association of America, National Association of Broadcasters, Radio Television Digital News Association, Digital Content Next).  The best practices, which apply to both business and private use of drones, are voluntary and do not supplant any applicable federal or state law.  They nonetheless provide guidelines that may be helpful to businesses and hobbyists as they seek to use drones in a privacy-protective manner.  

Attorneys in Perkins Coie’s Unmanned Vehicle Systems industry group participated at every stage of the NTIA proceeding, and we share highlights of the consensus best practices below.

Highlights of Consensus Best Practices

What’s Covered.  The best practices apply to the collection, use or disclosure of data that identifies a particular person and will likely be linked to a person’s name or other personally identifiable information.  Blurring a photograph or otherwise de-identifying data takes it outside the scope of the best practices.

Notice.  As a general matter, businesses should offer a privacy policy if they anticipate collecting personal information. 

Reasonable Expectation of Privacy.  When individuals have a reasonable expectation of privacy, drone operators should not purposefully collect personal information unless they have permission or a compelling reason to do so.  In addition, drone operators should avoid the persistent and continuous collection of personal information without permission or a compelling reason.

Minimize Flights Over Private Property.  Drone operators should make a reasonable effort to minimize flying over or within private property without permission or legal authority, unless it would impede the purpose of the drone operation or conflict with FAA guidelines.

Timely Deletion or De-Identification of Personal InformationDrone operators should generally delete or de-identify personal information no longer needed for the purposes explained in their privacy policy, unless they have permission to keep it longer or if there are exceptional circumstances.

Limits on Public Disclosure.  Operators should avoid knowingly making personal information public, except with consent or if necessary to fulfill the purpose for which the drone is used.

Specific Use Limits.  Operators should not use personal information for employment eligibility, promotion or retention; credit eligibility; or healthcare treatment eligibility other than when expressly permitted by and subject to the requirements of a sector-specific regulatory framework or with permission. 

Security.  Drone operators should take reasonable measures to secure personal information collected via UAS. 

Next Steps for Drone Privacy Concerns

The privacy best practices emerged from the NTIA process as many businesses eagerly await the FAA’s final rule for the widespread commercial use of drones, which the FAA has made clear will not address privacy issues.  In addition, the FTC has announced a public workshop on October 13, 2016 to address drone privacy issues.  For questions on the best practices produced through the NTIA’s multistakeholder process, please contact experienced counsel.

© 2016 Perkins Coie LLP


 

Sign up for the latest legal news and insights  >