Through meetings organized by the National Telecommunications & Information Administration (NTIA), unmanned aircraft systems (UAS) stakeholders have come to a consensus on voluntary best practices for privacy, transparency and accountability of commercial and recreational drones.
In February of last year, the Obama administration first directed the NTIA to convene the group. According to the Future of Privacy Forum (FPF) – a Washington, D.C., think tank that seeks to advance responsible data practices – these best practices are intended to encourage operators to use drone technology in a responsible, ethical and respectful way. FPF says the practices offer enough flexibility to support innovative uses of UAS but, at the same time, provide firm privacy standards.
Brian Wynne, president and CEO of the Association for Unmanned Vehicle Systems International, which also participated in the process, states, “Rather than create a complicated patchwork of new laws to address privacy, AUVSI encourages states and municipalities to allow commercial operators to adopt these uniform, federal privacy best practices. Clear, consistent, national frameworks, such as this, are critical for the timely and safe integration of UAS into the national airspace.”
Thanks to all who participated but I would be surprised if much of this quiets the critics or soothes the paranoid. The drone industry threw itself a giant softball that leaves a whole lot of discretion in the hands of the operator.
The basic premise here is the concept of “covered” data.
“Covered data” means information collected by a UAS that identifies a particular person. If data collected by UAS likely will not be linked to an individual’s name or other personally identifiable information, or if the data is altered so that a specific person is not recognizable, it is not covered data.
A couple of other definitions leave all sorts of wiggle room.
The terms “where practicable” and “reasonable” depend largely on the circumstances of the UAS operator, the sensitivity of data collected, and the context associated with a particular UAS operation.
There are five voluntary best practices based on these definitions.
1. Inform others of your use of UAS.
2. Show care when operating UAS or collecting and storing covered data.
3. Limit the use and sharing of covered data.
4. Secure covered data.
5. Monitor and comply with evolving federal, state, and local UAS laws
Of course the devil is in the details. Upon closer examination very little is required of the UAS operator who is given enormous discretion by virtue of the ideas of “where practicable” and “reasonable” as well as this additional language.
4a) …Reasonable administrative, technical, and physical safeguards appropriate to the operator’s size and complexity, the nature and scope of its activities, and the sensitivity of the covered data.
I interpret this to mean that the little guy is held to a different, and the implication is lower, standard. It leaves the decision about how sensitive the covered data (an identifiable picture of you) is to the operator who is out to make a buck. This will not offer any consolation to someone whose identity is compromised.
Under Article 5, the press gets carte blanche.
Newsgathering and news reporting are strongly protected by United States law, including the First Amendment to the Constitution. The public relies on an independent press to gather and report the news and ensure an informed public. For this reason, these Best Practices do not apply to news gatherers and news reporting organizations. Newsgatherers and news reporting organizations may use UAS in the same manner as any other comparable technology to capture, store, retain and use data or images in public spaces.
Clearly taking on a First Amendment issue is well beyond the scope and qualifications of this type of task force. Leaving it for the courts to sort out at some future date makes sense. But again this is not any kind of best practice, nor does it suggest that the press should exercise any kind of consideration.
I find it curious that there was no mention of who was on the task force besides the Small UAV Coalition and AUVSI who were identified in the article.
I also find it curious that there is no direct mention of issues beyond individual privacy, including trespass, industrial espionage and the many other nefarious uses that those looking to make a buck will put drones to. Nor does it suggest that if someone objects to becoming covered data, the UAS operator should stand down.
Consider these three summary points:
When persons have a reasonable expectation of privacy, do not intentionally collect personal information unless you have permission or a compelling reason to do so.
Avoid persistent and continuous collection of personal information, unless you have permission or a compelling reason to do so.
Minimize flying over private property, unless it impedes the purpose for which the drone is used, or you have permission, or legal authority.
Nowhere does no mean no. Nowhere is there a recognition for the need for remediation or recourse.
Is it a beginning? Sure.
But after 15 months (the Obama administration ordered this in February 2015) it is not going to satisfy very many people. It is not going to quiet the EPIC lawsuit which the courts dismissed pending the FAA completing their rule making this week. And it is certainly not going to do anything to avoid creating “a complicated patchwork of new laws to address privacy.”