The National Telecommunications and Information Administration has released a set of what the agency calls voluntary best practices for unmanned aircraft system privacy, transparency and accountability.
The guidelines are the result of a White House memo that directed the agency to develop a set of privacy standards for drone use. The best practices document is divided into two parts, the actual document and an appendix that summarizes the jargon-filled best practices document.
The best practices are basically a set of rules that boil down to not using information gathered by drones (primarily images) of what the document calls “data subjects” (people) without their permission and making sure to protect that information in a manner similar to how companies currently protect other consumer information. This means, among other things, not retaining that information any longer than necessary.
What’s notable in the main document is that there are as many disclaimers as there are best practices. The voluntary rules are filled with phrases like “where possible” while also pointing out that it does not give drone users any cover for violating existing laws and regulations.
In addition, the document exempts the news media from those suggested rules because, of course, that might infringe on First Amendment freedoms.
The best practices also intend to provide guidance to drone users to be considerate of the people who might be affected by drones, even if they’re not the subjects of any imaging. Those practices include telling people that you’ll be using a drone and what you intend to do with it.
Drone pilots should also be aware when people have a reasonable expectation of privacy, which should be honored “where possible,” as should their property rights. Thus, you shouldn’t fly a drone over someone else’s property without permission, “where possible.”
The practices also suggest that you listen to their privacy concerns as long as they’re polite about it, and that you shouldn’t harass people with your drone activity.
At this point, everything is voluntary, and the NTIA couches it all in language that almost goes overboard with those equivocations to the point that it’s clear that the agency isn’t interested in controlling or mandating anything—and they aren’t. The NTIA, which is part of the Department of Commerce, has no legal basis to issue drone rules. It’s clear that the agency issued these voluntary best practices because the White House told them they had to.
And even though the NTIA stresses that these best practices are not intended to be a template for legislation, you can bet they will be used for just that.
‘Voluntary’ NTIA Drone Best Practices Likely to Shape Federal Law
The Federal Aviation Administration is currently working on a comprehensive set of drone regulations that will include privacy rules. You can assume that those privacy rules will be remarkably similar to what the NTIA says is voluntary.
Except when the FAA issues those regulations, they won’t be voluntary. Likewise, those data collection, use and retention practices may be voluntary as far as the NTIA is concerned, but it’s the Federal Trade Commission that handles most privacy rules, and those aren’t voluntary either.
You can assume that the word “voluntary” is in these best practices just for now. These will likely be rules that you have to follow in the near future, so you might as well adopt them now.
In addition, the existence of those best practices will be legal fodder for anyone who wants to sue you for drone activities that are perceived as offensive, so you probably should adopt them as if they’re gospel now, and make sure your drone operators do as well.
This is not necessarily a bad thing. The news has been full of stories about irresponsible drone operators violating the privacy of people as they buzz apartments, pools and beaches.
Likewise, stories of drone operators doing other illegal activities such as buzzing airliners are common. While the privacy rules don’t cover all of those activities, they do underscore the need for some common sense regulations.
Perhaps more important to companies contemplating drone use for photography, delivery, surveying or environmental monitoring is that these best practices are themselves mostly common sense.
In the set of best practices, the NTIA recommends that companies create a set of written policies for gathering and securing what the agency calls “covered data” and that data sharing be limited in a manner already covered by other data sharing rules.
This means, for example, that you can’t sell data you’ve gathered with a drone to anyone without the subject’s permission, and that you can’t use it for “employment eligibility, promotion, or retention; credit eligibility; or health care treatment eligibility other than when expressly permitted by and subject to the requirements of a sector-specific regulatory framework.”
If you start now applying these guidelines today, you will find that when the formal regulations come down from the FAA, you will already be doing the right thing.