drones

By Stephen Kiehl

Continuing their focus on drone privacy issues, Senator Edward J. Markey (D-Mass.) and Rep. Peter Welch (D-Vt.) introduced legislation in the House and Senate this month that would require drone operators to create policies covering data collection and retention and require warrants for law enforcement agencies to conduct surveillance by drone.

The Drone Aircraft Privacy and Transparency Act, available here, is similar to legislation Markey and Welch introduced last year, which did not become law.  The lawmakers said they are concerned about the potentially “sensitive and personally identifiable information” about Americans drones (“UAS”) collect as they are operated. 
Continue Reading Legislation Introduced in House and Senate to Establish Drone Privacy Rules

By Stephen Kiehl and Hannah Lepow

Over the last year, the National Telecommunications and Information Administration, an arm of the Department of Commerce, has convened a series of meetings regarding voluntary best practices for privacy, accountability and transparency in the use of drones (“UAS”) by commercial and private users.  A number of stakeholders have participated in these meetings, including representatives of insurance companies, technology companies, news organizations, drone manufacturers, and consumer and privacy groups.  This week the stakeholders reached consensus on a “Best Practices” draft document that contains voluntary privacy guidance, which the NTIA has posted on its website.

Importantly, the document recognizes that the benefits of UAS are substantial, and that UAS integration will have a significant positive economic impact in the United States.  The document also stresses that the best practices it outlines are voluntary and do not create a legal or regulatory standard, nor should they be used as a basis for any local, state or federal law or regulation.  The privacy guidance focuses on data collected by a UAS — and not on data collected by any other means.  And, as we discuss below, the best practices do not cover newsgathering activities.
Continue Reading NTIA Multistakeholder Group Reaches Consensus on Best Practices for Drone Privacy

By Rani Gupta

More than 50 commenters have offered their thoughts on privacy and transparency issues regarding non-government use of unmanned aircraft systems, better known as drones or UAS.

The comments responded to a request by the National Telecommunications and Information Administration.  As we previously reported, the NTIA is planning a multi-stakeholder process to formulate best practices for drone-related privacy, transparency, and accountability issues.  That process was spurred by a White House memorandum calling for further study of these issues as the Federal Aviation Administration issued a proposal to allow the limited commercial use of drones.Continue Reading Groups Weigh In On Drone Privacy

By Meena Harris and Caleb Skeath

  1. Data Breaches
  • Studies show increase.  Amidst a flurry of high-profile breaches during 2014, several studies confirmed that data breaches as a whole have risen significantly over the past few years.  The California Attorney General released a study showing a 28% increase in breaches in 2013 as compared to 2012.  Another study, which examined the volume of data breaches during the first quarter of 2014, found an increase of 233% compared to the same time period in 2013.
  • State laws.  In April, Kentucky became the 47th state to enact a data breach notification law.  Florida and Iowa each amended their data breach notification laws in 2014 to, among other changes, enhance regulator notification requirements.  California amended its data breach notice law to expand the types of information covered and to require certain companies to provide one year of free credit monitoring to affected individuals (although the statutory language on the latter point is subject to multiple interpretations).
  • Federal legislation.  Numerous data breach bills, including the Data Security Breach Notification Act of 2014 and the Personal Data Protection and Breach Accountability Act, were introduced in Congress, although none passed during 2014.  The Senate Judiciary Committee, the Senate Commerce Committee, and the House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade, among others, held hearings during 2014 to discuss the need to address data breaches and the possibility of enacting federal legislation.
  • Federal enforcement.  In the enforcement arena, the Federal Trade Commission (“FTC”), the Department of Health and Human Services (“HHS”), and state attorneys general pursued enforcement action during 2014 against companies that had suffered data breaches.  The Securities and Exchange Commission also announced in April that it would conduct over 50 cybersecurity examinations of publicly traded companies.  The Federal Communications Commission (“FCC”), for its part, levied a $10 million fine in October against two telecommunications carriers for exposing customer data, which represented the FCC’s first enforcement action in the wake of a data breach.
  • Continued attention in 2015.  Legislative interest in data breach issues has only increased in early 2015.  Since President Obama proposed national data breach legislation, additional data breach notification bills have been introduced in the House and Senate.  The House Subcommittee on Commerce, Manufacturing, and Trade also held a hearing on crafting a national data breach bill, debating the harm that should trigger notification obligations and the appropriate window for providing notifications.

Continue Reading Top 10 U.S. Privacy Developments of 2014

Following up on his post on Senator Jay Rockefeller’s proposed privacy legislation, Covington & Burling privacy attorney Jeff Kosseff had the opportunity to discuss what it means with Colin O’Keefe of LXBN. In the short interview, Jeff explains that, while this likely won’t become law, it does hint at Congress’ priorities on this

On October 15, 2014, the UK Information Commissioner’s Office (ICO) published an updated code of practice for surveillance cameras.  Among other topics, the ICO uses the Code to begin to address privacy practices for drones. 

Drones are not new, but two factors are now making questions about drones and privacy practices more pressing.  First, many drones now include high quality cameras, sourced originally from smart phone technologies, which increases their potential impact on individual privacy.  Second, the price of drones has fallen dramatically in recent years — making them increasingly ubiquitous and available for both businesses and consumers.  Policymakers in the United Kingdom and in the European Union are currently gathering information and conducting impact assessments to determine whether new legislative rules are needed to deal with the privacy challenges posed by drones, or whether existing data protection rules are sufficient. 

The ICO guidance note makes clear that standard data protection rules (and rules governing the use of CCTV cameras) will, in the meantime, apply to the use of drones.  It explains that — as with organizations and individuals handling data more generally — drone users should be separated out into professional and commercial users, on the one hand, and hobbyists, on the other.  Hobbyists, using drones for purely domestic purposes, are unlikely to be covered by data protection rules — but use of drones for non-domestic purposes will be governed by data protection requirements.
Continue Reading ICO Releases Concrete Guidance on Privacy Requirements When Recording Video with Drones

By Gabriel Slater and Kurt Wimmer

As reported in the press, President Obama plans to issue an Executive Order authorizing the Commerce Department’s National Telecommunications and Information Administration (“NTIA”) to coordinate the development of privacy guidelines for commercial drone operations. More specifically, we understand that NTIA would coordinate a “multi-stakeholder process” — a procedure used