Why you should have a comprehensive data protection plan
Mark Del Bianco Attorney at Law
(i) Outsourced UAS services to third party clients in any of a wide range of industries; or
(ii) A platform through which service providers in category (i) can upload, store, manipulate and disseminate data they have generated through their operations.
Like other businesses, commercial UAS operators and service providers receive and use personally identifiable information (“PII”) from customers, potential customers and members of the public who visit their website or use their mobile app. Designing and
maintaining privacy policies that address this data is no different than creating a policy for any other firm.
The unusual challenges facing both operators and service providers arise from the fact that the major existing and contemplated near term uses of UAS revolve around the acquisition of actionable data: still photographs, video, or infrared or LIDAR images. UAS operations inevitably generate data related to property or to identifiable persons who are in places where traditionally there has been an expectation of privacy, based at least partly on the difficulty of access. Think license plates, facial recognition or factory effluent discharge trails. These issues are not unique to UAS – many of the same objections are being and have been made to Google Maps and other similar projects. But the flight component of UAS and the ease of access it affords to formerly inaccessible places has amped up people’s concerns.
The government, UAS industry firms, and other stakeholders have begun to recognize the public concerns about Big Data and the deliberate or accidental acquisition of personal data by UAS and the need to minimize the “creepy” factor associated with UAS. To that end, NTIA, as part of the Commerce Department, in early 2015 convened a multi-stakeholder process to develop privacy best practices to “help guide the development and growth of UAS in the United States.” The process turned out to be a side skirmish in a larger, ongoing debate (some might say “war”) over personal privacy and Big Data.
Nonetheless, a diverse group of stakeholders came to consensus on a best practices document that was released in May 2016. See https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-unmanned-aircraft-systems. A number of groups who participated in the process declined to sign on to final document because they felt it was too narrow in scope and failed to address other technologies (such as CCTV cameras) that raised similar issues as UAS operations.