+Eyes in The Sky: Drones, Data and Privacy

Unmanned Aircraft Association of Ireland

21 August 2015

Joseph Dalby & John Wright

info@flightpfpath.ie

twitter: @flightpathc

+

a niche practice advising on entry into the drone market and the use and application of drones and drone technologies.

formed in 2014 by Joseph Dalby and John Wright, who are both lawyers and drone pilots.

Advise on the cross over issues of regulation and commercial aspects of the use of drones

+Renewed Questions

New drone capabilities renew very necessary questions over privacy, data protection and ethical issues.

The particular issues that arise with regard to Privacy and Data Protection

Some of the difficulties that arise

How these issues can be addressed

+Public (mis)Trust

Widespread concern

Public aware of rights but unfamiliar with drone technology

Emotive subject

+Breaches

Potential abuses of privacy include:

Deliberate or malicious invasions of privacy

Systematic monitoring and recording of data in a permanent way, whether covert or overt

Disclosure of previously collected images of someone

Information is not recorded, but public space is monitored through “sophisticated means”

Accidental breaches/ “collateral”

Surveillance, Dehumanisation and Discrimination

“Gamifying” reality

Function creep 

+Distrust is Costly

Industry needs public trust (Current industry worth is $1bn, set to grow to $8-12 billion over the next 5 years)

Costly

Unchecked, costs will increase

PR and lip service are not enough

+Are we protected?

Legislation in place

Adaption & interpretation is key

Meaningful initiatives needed for commercial, non-commercial and governmental use

+Privacy

Collection of EU & National rights – Constitutional, Statutory & Common Law (eg. Right to a good reputation, trespass, nuisance, IP, confidentiality)

Collectively limit the right of society to take action on others (the right to be left alone)

Contextual & Variable (eg. public spaces, Exceptions for public interest)

Made more difficult by online platforms

We have a “Reasonable Expectation” of privacy

+Drones and Privacy

Dexterity

Increasingly advanced

Remote operation heightens fears

Proliferation (4000 drones in Ireland)

+Data Protection

DPA defines Personal Information = any info relating to an individual who is identified or identifiable either from that data or by combining that data with other information

Clear but flexible definition

Not technology specific & applies to drones

“Controllers” (ie. typically person in possession) owe a duty of care to process this data correctly

5 basic principles for how personal data should be handled

+Duty of Care

Under Data Protection Acts, data must be:

Obtained fairly and lawfully

Stored for legitimate purposes

Relevant and not excessive

Accurate

Stored securely and only for so long as is necessary

+Balancing rights with innovation

New interpretations of old law (eg. Trespass, nuisance)

Property rights

Operator awareness, industry specific guidance

Manufacturer guidance

Transparency & Accountability measures (databases, “licence plates”)

Operational requirements (PIA, SIA, Audits)

New Technology (eg. geofencing, GPS tracking)

+Enforcement

Self regulation & supervision is not enough

Courts will be ultimate arbiters

+Developments

Progress in general privacy law would be welcome

EU commission strategy emphasises privacy & data protection

EU General Data Protection Directive will unify & future proof

Working parties have made recommendations for operators

DPC

We will be working on understandable guidance for the industry

+

THANK YOU