Privacy obligations and legal risks of drones
Privacy breaches and potential liabilities might increase as a consequence of the usage of drones that represent a massive resource in a number of different sectors, but might also trigger some “new” unexpected legal risks.
Drones were initially used only in the military sector. However, the possibility to rely on them for instance for the delivery of drugs in areas that cannot be reached by normal vehicles, to monitor farm fields or plants or even for the delivery of products purchased on an e-commerce portal might make them an additional actor of our day-by-day life in our “smart” cities.
Drones are part of Internet of Things projects whose estimated value has been recently increased by Cisco to $19 trillion by 2020. But as occurred for other IoT technologies, also drones present some legal risks.
Are drones a privacy threat?
The most common issue challenged to the usage of drones derives from the amount of images that they can be collected by drones flying in the air without any knowledge by the relevant individuals. I am not aware of decisions by privacy authorities relating to drones, but the closest scenario to drones might be the collection of images by Google Street View cars. These led to considerable troubles for Google with fines of € 900K in Spain, € 150K in France and € 1 million in Italy!
The main challenge for such type of technology relates to transparency and adequate information of individuals whose images can be recorded through drones. And indeed this is the approach taken by the Italian data protection authority in a recent ruling concerning the Google Special Collects service. The Italian authority in such case required Google to notify the public in advance about the occurrence of the recording through its site and the websites of the entities running the places whose images will be recorded and to comply with safeguards ensuring that a limited number of individuals are showed in the recordings.
If the above mentioned transparency obligations and safeguards can be adequately implemented with reference to recordings that are not frequent, the same principle is more difficult to be implemented with reference to drones that will fly on our heads several times a day. As a consequence, different principles shall be adopted in relation to the notification of the recording as well as the storage of the recorded images.
Drones will not represent a privacy threat provided that they comply with adequate measures aimed at protecting individuals’ privacy. But the discussions that are currently ongoing in the US and in the UK on regulatory restrictions to the usage of drones for surveillance purposes because of the privacy risks associated to their usage show that regulators do not trust companies running such technologies.
Which risks for individuals and our cities?
An additional issue is linked to the risk of near collision between drones and individuals or items/buildings/vehicles. The setting up of more liberal or restrictive rules on the usage of drones is subject of considerable debate. And apparently while in France, Germany and Canada locals laws do not prescribe relevant restrictions to their usage, it is not the same in the US.
For what concerns Italy, regulations on the usage of drones were adopted in 2013 and require that the owner of the drone executes a self-declaration of compliance of his drone with the terms of the regulations and holds, among others, a pilot certification. However, such regulations apply only to drones used for amusement and sports purposes and for instance one of the requirements is that the pilot never loses the eye contact with his drone which would be impossible in the provision of a commercial service. But no specific regulations have been drafted for drones that are used for commercial purposes.
If governments will start issuing regulations on the usage of drones for commercial purposes, they shall not be too restrictive as otherwise they risk to prevent the growth of the market and the advantages deriving from their usage. However, the issue is on what kind of certifications and guarantees shall be provided in order to use drones for commercial purposes. And indeed an open issue is whether a specific insurance policy shall become compulsory for their usage to cover damages to third parties or items.
Such issues are further increased by cyber crime related risks that as in relation to any Internet of Things technology can cause the loss of any control of drones with a potential misuse of images stored by the drone and of damages to third parties.
We will see the regulatory developments of the matter. And in particular, it will be interesting to see the position of the Italian privacy regulator on the Internet of Things after the consultation just launched on the topic and covered in this blog post.
WRITTEN BY GIULIO CORAGGIO
IT, gaming, privacy and commercial lawyer at the leading law firm DLA Piper. You can contact me via email at firstname.lastname@example.org or email@example.com or via phone at +39 334 688 1147.