Privacy Regulations Absent from FAA’s Long Awaited Final Rule Regarding Small Unmanned Aircraft Systems

On June 21, 2016, the Federal Aviation Administration (FAA) published its final rule regarding routine commercial use of small unmanned aircraft systems (UAS) which will be codified at 14 C.F.R. 107. The new rule outlines safety regulations for unmanned aircraft drones weighing less than 55 pounds that are performing non-hobbyist functions.  Noticeably absent are regulations addressing recognized privacy concerns associated with UAS operation.

By way of background, the FAA Modernization and Reform Act of 2012 directed the FAA to “develop a comprehensive plan to safely accelerate the integration of civil unmanned aircraft systems into the national airspace system.” This mandate put the FAA at the center of debate regarding the regulation of UAS and the privacy implications of UAS operations despite questions about the agency’s authority to regulate privacy at all.

On February 15, 2015, the FAA published a proposed a framework of regulations that would allow routine use of certain small UAS and noted that privacy concerns “were beyond the scope of this rulemaking.” The agency received about 180 comments in response raising concerns about the potential impact of UAS operations on privacy from groups such as the Electronic Privacy Information Center, News Media Coalition, National Association of State Departments of Agriculture, Illinois Farm Bureau, Colorado Cattlemen’s Association, and the International Association of Amusement Parks and Attractions.  These concerns ranged from personal privacy, data privacy, private property rights and intellectual property rights, with no consensus regarding how such concerns should be addressed or the FAA’s proper role.  Some commenters urged the FAA to include privacy provisions in its final rule.  Other interested parties maintained that privacy regulations were beyond the scope of the FAA’s authority, were best addressed at the state level and existing law already adequately addressed the issue of privacy.

The FAA ultimately opted not to impose privacy regulations within Rule 107 because such concerns do not implicate the safe flight of the aircraft and to do so “would be a significant expansion beyond the FAA’s long-standing statutory authority as a safety agency.” The FAA cited a long history of aircraft being equipped with cameras and other sensors for a variety of purposes including aerial surveys, film and television production and law enforcement, noting that the FAA has never extended its administrative reach to regulate the use of cameras and other sensors extraneous to the airworthiness or safe operation of the aircraft in order to protect individual privacy. The FAA further observed that there is ongoing debate and no consensus among policymakers, industry, advocacy groups and members of the public regarding whether the privacy issues posed by UAS operations are adequately addressed by the existing legal framework.

The FAA, however, did recognize that UAS have unique characteristics and capabilities that may pose risks to individual privacy and committed to take certain steps to address these concerns. As per the FAA’s June 21, 2015 press release, the agency announced its intention to launch a privacy education campaign and “strongly encourage[d] all UAS pilots to check local and state laws before gathering information through remote sensing technology or photography.”  The FAA further announced that it intends to educate all commercial drone pilots on privacy during their pilot certification process, provide all drone users with recommended privacy guidelines as part of the UAS registration process and through the FAA’s B4UFly1 smartphone mobile application and issue new guidance to local and state governments on drone privacy issues.

The FAA’s efforts are intended to build upon the Voluntary Best Practices of UAS Privacy, Transparency, and Accountability recently published by the National Telecommunications and Information Administration (NTIA), the Executive Branch agency principally responsible for advising the President on telecommunications and information policy issues. The NTIA best practices were developed at President Obama’s request through a multi-stakeholder engagement process, which included participants from the commercial, academic, private and government sectors, and are strictly voluntary.

A host of privacy issues are certain to surface in the near term as commercial UAS take to the skies and recreational use of UAS continues to expand. These issues will implicate concepts of federalism and test privacy theories developed in the context of older technologies. In the meantime, and as per the FAA, businesses contemplating UAS operations would be well advised to become familiar with NTIA best practices for UAS privacy and with state and local laws bearing on their operation and intended use.  Those considering UAS operations across multiple states will be challenged to keep up with state and local law developments and should consult with legal counsel.


1 B4UFly is a free smartphone app geared primarily toward hobby and recreational unmanned aircraft operators that helps them determine whether there are any restrictions or requirements in effect at the location where they want to fly.  The app was released on January 6, 2015 and allows users to plan out future flights and check against local rules.