Cookie Information

We use Google Analytics cookies in order to provide meaningful reports about our site visitors so we may continue to improve our website. Google Analytics cookies do not collect personal data about our website visitors.

Drones & Privacy

COMMERCIAL DRONE USE AND PERSONAL PRIVACY
UAVs are covered by the Data Protection Act and as such, all privacy laws can be applied to their use. For more information visit https://ico.org.uk/for-the-public/drones/.


The principles of the Data Protection Act 1998 state:

1. Personal data shall be processed fairly and lawfully.

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

This is not a full explanation of the principles. For more general information, see the ICO's Data Protection Act 1998 Legal Guidance available on the ICO website www.ico.org.uk

In addition, commercial drone use is governed by the ICO's Data Protection Code of Practice for Surveillance Cameras.

The code states:

1. Where UAS are used for non-domestic purposes, operators should comply with data protection obligations. For example, when using UAS to access inaccessible areas, such as a roof to check for damage, its use should be limited to that specific function and recording should not occur when flying over other areas that may capture images of individuals.

2. The use of UAS have a high potential for collateral intrusion by recording images of individuals unnecessarily and therefore can be highly privacy intrusive, ie the likelihood of recording individuals inadvertently is high, because of the height they can operate at and the unique vantage point they afford. Individuals may not always be directly identifiable from the footage captured by UAS, but can still be identified through the context they are captured in or by using the devices ability to zoom in on a specific person. As such, it is very important that operators provide a strong justification for their use.

3. Performing a robust privacy impact assessment will help you decide if using UAS is the most appropriate method to address the need that you have identified.

4. It is important that the recording system on UAS can be switched on and off when appropriate. This is particularly important given the potential for the cameras to capture large numbers of individuals from a significant height. Unless operators have a strong justification for doing so, and it is necessary and proportionate, recording should not be continuous. This is something that we look at as part of our privacy impact assessment.

5. UAS cover the whole system, rather than just the device in the air, so the whole system must be compliant. Operators must ensure that any data which they have collected is stored securely, for example by Version 1.1 31 21/05/2015 - using encryption or another appropriate method of restricting access to the information. Operators should also ensure that data is retained for the minimum time necessary for its purpose and disposed of appropriately when no longer required.

6. Operators may be able to reduce the risk of collateral intrusion by incorporating privacy by design methods. For example, by procuring a device that has restricted vision so that its focus is only in one place. Privacy by design may be incorporated into our privacy impact assessment.

7. One major issue with the use of UAS is the fact that on many occasions, individuals are unlikely to realise that they are being recorded, or may not know that UAV have a camera attached. The challenge of providing fair processing information is something that operators must address. This could involve wearing highly visible clothing, placing signage in the area of operation explaining its use and having a privacy notice on a website that we direct people to, or some other form of privacy notice, so individuals can access further information.

8. Although these issues are the same as for any aerial vehicle with an attached camera, we have focused here on how UAS can be used as they are a novel device with the potential for a greater impact on privacy.

We comply fully with both codes and encourage everyone to review both pieces of guidance. If you have any concerns that you or your property have been captured on film by a Sky Revolutions drone, please contact us in the first instance giving us the location, date and time of the incident.

We will take every reasonable step to ensure that any unnecessary images caught inadvertently as part of our commercial work are deleted in line with your rights under the Data Protection Act.