Privacy and the Trouble with Drones
There has been much made in the press relating to drones over the last few years, particularly in the context of those disrupting holiday makers with their invasion at Heathrow Airport.
This airport has now installed an anti-drone system designed to block drones entering its airspace to counter this problem by using holographic radar technology to detect not only the drones, but their operators as well. However, unless the interference is one of health and safety or of national security, or a company has the financial resources to employ such technologies as this, then there has been an absence of remedies available to businesses to address this problem.
The Civil Aviation Authority recently updated its code of practice in this area. The ‘Drone Code’ was issued to address the use of drones by operators and provides guidance that operators should follow, including adherence to rules such as not flying closer than 50 m from a person, and not flying closer than 100m from a group of people. It’s also incumbent on an operator to make themselves visible to people while flying (no covert piloting) and always having a direct line of sight to their drone, amongst other things.
The enforcement of these rules is carried out by the police. As this updated guidance is new, (revised in January 2023) it’s unclear how the police will respond to this, and how seriously they take such reports generally. Nevertheless, the guidance suggests that if you suspect someone is in breach of these new drone rules, it is the local police force who should be contacted to deal with it.
In terms of privacy, the Information Commissioner’s Office (ICO), the UK Regulator who oversees the collection and use of personal data, has issued some guidance on the use of drones, or “unmanned aircraft systems” (UAS’s). This is in the absence of any data protection legislation specific to the use of drones contained in the UK GDPR. The ICO guidance distinguishes between those who collect personal information for personal reasons, who they call “hobbyists”, and those who collect it for professional or commercial purposes. It may be that those who fall into the former category may rely upon the domestic exemption if they use the drones and any data collected from them for personal use only, and the ICO maintains even then that operators should be aware of wider privacy considerations when recording and sharing images with others.
The ICO does recognise that the use of drones can be highly intrusive and those who collect images of individuals for professional or commercial purposes without that individuals consent, must demonstrate their compliance with the legislation and codes of practice governing this activity. Particularly, operators should notify those individuals who would likely be caught by any recordings or make such information available through an accessible privacy notice and prepare a Data Protection Impact Assessment (DPIA) to demonstrate that it has considered the privacy rights of the individual(s) concerned.
This leaves businesses seeking to protect their brand and the privacy of their customers against drone activity with the following options:
- Where the operator (or wider company who employ them) can be identified, report the operator and company to the police;
- Place clear signage around property boundaries stating the prohibition of drone activity in its airspace;
- Where recordings are made by a drone (this may only become apparent when uploaded to social media sites), report this to the ICO; and
- Consider legal action for misuse of private information where the individual(s) concerned had a reasonable expectation of privacy
As tempting as it might be, businesses should not engage in action to shoot down drones as this could constitute criminal damage to property.