Earlier this month, lawmakers proposed legislation1 which seeks to establish Federal standards to protect the public against invasion of privacy by unmanned aerial systems (UAS) operated commercially and by government entities engaged in law enforcement or intelligence activities. Citing statistics estimating that as many as 2.7 million commercial UAS will be sold annually in the United States by 2020 and the potential for UAS technology to enable “invasive and pervasive” surveillance, the legislation relies on pre-authorization requirements; public disclosure of information about the location, timing, ownership and technical capabilities of all authorized UAS operations; and bans the use of UAS surveillance by law enforcement without a warrant.
If enacted, the legislation would:
- Prohibit the FAA from issuing, approving, or award any certificate, license, or grant of authority to operate UAS without a data collection statement from the applicant that provides “reasonable assurance” that the applicant will operate the UAS in accordance with privacy principles. The requisite data collection statement should, among other things, explain who will operate the UAS, where the UAS will be flown, the kind of data that will be collected, how that data will be used, steps that will be taken to mitigate the possible impact of the operation on the privacy of individuals, whether the information will be sold to third parties, and the period for which the data will be retained. In addition, the data collection statement must provide a process by which an affected individual may request disclosure of and challenge the accuracy of personally identifiable data collected by the operator as well as a private cause of action for injury.
- Require the FAA to publish the name and contact information of all persons and agencies authorized to conduct UAS operations, the tail number of each UAS, data collection and data minimization statements, the technical capability of each UAS, and information regarding data security breaches experienced by licensees publically on its website.
- Require law enforcement agencies operating UAS, as well as their contractors and subcontractors, to prepare and file data minimization statements setting forth how they will minimize the collection and retention of data unrelated to the investigation of a crime.
- Prohibit government entities from using UAS for law enforcement or intelligence purposes without a warrant.
Critics take issue with the fact that the legislation imposes operational barriers on all commercial UAS operations, calls for the public disclosure of confidential business information, and creates an administrative burden on the federal government instead of targeting specific conduct or data collection practices. Others are of the opinion that privacy issues are best addressed at the state level, through local legislation and by existing technology-neutral laws.
The fate of the Act is uncertain at best. Similar legislation was proposed in 2015 but failed to gain support. Notably, the Act is a departure from the approach currently taken by the FAA in 14 C.F.R. Part 107, the regulation which authorizes and spells out the requirements for commercial operation of small UAS in the national airspace. In fact, the FAA specifically considered and chose not to include privacy regulations within Part 107 because such concerns “would be a significant expansion beyond the FAA’s long-standing statutory authority as a safety agency” as they do not implicate the safe flight of the aircraft.
As the ongoing debate among policymakers, industry, advocacy groups, and members of the public about how to address privacy issues associated with UAS operations continues, businesses contemplating or engaged in UAS operations would be well advised to become familiar with National Telecommunications & Information Administration (NTIA) best practices for UAS privacy and with state and local laws bearing on their operation and intended use. Those considering UAS operations across multiple states will be challenged to remain abreast of state and local law developments and should consult with legal counsel with familiarity in this area.
1 Aircraft Privacy and Transparency Act of 2017, S.631 2017, 115 Cong. (2017).