FAA Reauthorization, Explained: Part 3, Privacy

The new proposed FAA Reauthorization package has been made public.  It’s wordy, complex, and confusing – and the headlines haven’t made understanding what’s inside easier.  There are several points of critical importance for the drone industry to understand.  The proposed Repeal of Section 336, the Integration Pilot Program, the “Safeguarding the Skies” Act, the enforcement of drone laws and the timeline for drone integration are all addressed in the bill.

Without expressing an opinion on the proposed regulation, this series of short articles will provide a plain English explanation of each of these issues as written in the bill.  This explanation is for educational purposes and is not to be construed as legal advice.

The current extension of funding for the FAA expires at the end of this month.  See Part 1 (Repeal of Section 336) and 2 (Enforcement) of this series here and here.

Privacy for Citizens

Sec 357 of the FAA Reauthorization document outlines an “UNMANNED AIRCRAFT SYSTEMS PRIVACY POLICY.”

The section states: “It is the policy of the United States that the operation of any unmanned aircraft or unmanned aircraft system shall be carried out in a manner that respects and protects personal privacy consistent with the United States Constitution and Federal, State, and local law.”  In other words, if it were illegal before, it is also illegal with a drone.  However, Section 358 of the document is titled “UAS Privacy Review,” and outlines further actions.

Section 358 calls upon the Comptroller General to review and report on “privacy issues and concerns associated with the operation of unmanned aircraft systems.”  The Comptroller is instructed to work with the DOT and National Telecommunications and Information Administration (NTIA) to include their previous reports.  They are also instructed to look at all of the existing laws relative to personal privacy, and determine if any of them are so worded that the protections don’t extend to inappropriate use of drones.  The Comptroller is then to suggest remedies for any legal gaps identified.

Privacy Policy Requirements and Information Tracked About Drone Operators and Operations

Privacy is also mentioned in Section 337 of the document.  Section 337 proposes that commercial drone operators be required to have a publicly available and regularly updated written privacy policy (consistent with Section 357, outlined above), that outlines policies regarding “the collection, use, retention, dissemination and deletion of any data collected during a mission.”

Section 379 of the document outlines data that will be collected about commercial and government drone operators.  Section 379 specifies that there will be a DOT website location that will list:

1) all waivers or authorizations issued

2) a spreadsheet of drone registrations, including the city, state, and zip code of each registration

3) description and location of any public unmanned aircraft operations

4) description only of common civil unmanned aircraft operations

5) the expiration date of authorizations for public or civil drone operations

6) links to the websites of agencies that will enforce privacy laws (presumably to handle complaints.)

Required reporting about commercial systems “that will collect personally identifiable information about individuals, including the use of facial recognition”:

a) details about the “circumstance under which the system will be used”;

b) the specific type of data gathered;

c) how that data will be used and protected (in detail, including such things as how the data will be sold/distributed/stored/deleted.  Since this detail may be of interest, it is reprinted below.*)

Public systems collecting personally identifiable data must report the location, time, and purpose of the mission and also technical details on the aircraft and payload capabilities.

*Reprinted from Section 379

(7) For any unmanned aircraft system, except with respect to any operation protected by the First Amendment to the Constitution of the United States, that will collect personally identifiable information about individuals, including the use of facial recognition—

(A) the circumstance under which the system will be used;

(B) the specific kinds of personally identifiable information that the system will collect about individuals; and

(C) how the information referred to in sub-paragraph (B), and the conclusions drawn from such information, will be used, disclosed, and otherwise handled, including—

(i) how the collection or retention of such information that is unrelated to the specific use will be minimized;

(ii) under what circumstances such information might be sold, leased, or otherwise provided to third parties;

(iii) the period during which such information will be retained;

(iv) when and how such information, including information no longer relevant to the specified use, will be destroyed; and

(v) steps that will be used to protect against the unauthorized disclosure of any information or data, such as the use of encryption methods and other security features.

Miriam McNabb is the Editor-in-Chief of DRONELIFE and CEO of JobForDrones, a professional drone services marketplace, and a fascinated observer of the emerging drone industry and the regulatory environment for drones. Miriam has a degree from the University of Chicago and over 20 years of experience in high tech sales and marketing for new technologies.
Email Miriam



Check Also

Apple transportation through drones to become reality in Him…

Apple growers in remote and inaccessible areas of the tribal Kinnaur district are in for …

Turkey’s New Fighter-Like Drone Takes Flight — For A Few Sec…

The Turkish ‘Kizilelma’ drone got airborne over the runway at the Akinci Flight Training and …