By Stephen Kiehl
Continuing their focus on drone privacy issues, Senator Edward J. Markey (D-Mass.) and Rep. Peter Welch (D-Vt.) introduced legislation in the House and Senate this month that would require drone operators to create policies covering data collection and retention and require warrants for law enforcement agencies to conduct surveillance by drone.
The Drone Aircraft Privacy and Transparency Act, available here, is similar to legislation Markey and Welch introduced last year, which did not become law. The lawmakers said they are concerned about the potentially “sensitive and personally identifiable information” about Americans drones (“UAS”) collect as they are operated.
The FAA permits drone use for recreational and commercial purposes, under strict rules about how they are operated, and the commercial applications for drones are considered wide-ranging, including agriculture, real estate, photography, newsgathering, transportation, delivery, and other realms. The FAA, however, has not proposed privacy rules for drones, stating that such rules are not within its rulemaking authority or enforcement powers. (This position has been challenged in court by the Electronic Privacy Information Center, which is pushing for the FAA to add privacy safeguards to its UAS rules.)
Others have suggested that existing tort and privacy laws have proven adequate to covering circumstances that arise from drone use. At a Senate drone hearing on March 15, 2017, UCLA professor John Villasenor warned that drone privacy laws may violate the First Amendment rights of drone operators who are filming responsibly. “I think it is premature to enact broad new federal legislation specifically directed to unmanned aircraft privacy,” Villasenor testified.
The Markey-Welch legislation, introduced on March 15, 2017, would:
- Prohibit the FAA from issuing drone licenses unless the license application includes a data collection statement that explains who will operate the drone, where the drone will be flown, what kind of data will be collected, how that data will be used, whether the information will be sold to third parties, and the period for which the information will be retained.
- Require law enforcement agencies and their contractors and subcontractors to include an additional data minimization statement that explains how they will minimize the collection and retention of data unrelated to the investigation of a crime.
- Require that any surveillance involving drones by law enforcement agencies will require a warrant or extreme exigent circumstances.
- Require the FAA to create a publicly available website that lists all approved licenses and includes the data collection and data minimization statements, any data security breaches suffered by a licensee, and the times and locations of drone flights.
In 2016, the National Telecommunications and Information Administration, an arm of the Department of Commerce, issued a set of “Best Practices” that contain voluntary privacy guidance for commercial and private UAS operators. Those best practices were largely limited to data that “identifies a particular person,” and minimizing the collection and retention of such data without individuals’ consent. The best practices also explicitly did not apply to newsgathering and news reporting organizations, based on the strong protections these activities enjoy under the First Amendment.