If you ask a random person on the street their opinion about drones, my guess is that they see the benefits but also see a risk of misuse. If you drill down into that risk, privacy is likely at the top of the list. People understand that they are being recorded all the time. Whether it's satellite imagery, ATM security cameras, or manned aircraft, we are constantly being observed and our data recorded. Drones are different, however, in that they are small, quiet, and can be flown at low altitudes. They can covertly collect data on people from unique angles and vantage points, violating a person’s reasonable expectation of privacy. This can happen even if it wasn’t the intent of the drone operator. There is a lot to unpack involving drones and privacy, so let’s spend a few minutes understanding some best practices for commercial drone operators.
For this article, let’s define privacy as the “freedom from unwanted observation.” Let’s also narrow the scope by excluding law enforcement activities. Determining if a person’s privacy is violated is significantly influenced by who is doing the observation and what their intent is. Police have the intent of serving the public interest. This is much different than private citizens engaging in commerce. For commercial drone operators, the question that governs the discussion is “does the observed have a reasonable expectation of privacy.” In other words, would a reasonable person assume they are not being observed? On the surface, this seems black and white, but it gets gray fast and is entirely specific to the situation. The words reasonable and expectation are notoriously tricky to define. In the absence of ironclad rules, following industry best practices is your best bet. Let me qualify the rest of the article by stating clearly that I’m not a lawyer. However, I’ve been in enough briefings and conferences with lawyers specializing in drone privacy law to have compiled a list of best practices. So here are Burgett’s Top 14 Drone Privacy Best Practices.
1. Don’t violate someone’s reasonable expectation of privacy. If you think someone has a reasonable expectation of privacy, don’t collect the data. Take special caution if your mission requires capturing data of windows, private pools, areas with oblique (not transparent) fences, and children.
2. Ask permission. If possible, give people advanced notice that they will be photographed. You can do this by putting a flyer in the mailbox, contacting the building manager, and communicating with the HOA. Be specific with your notification. Tell them the day and time of the mission and a backup day if it rains. Let them know where you’ll be flying, what they can expect to see, and who they should contact if they have any concerns. If someone expresses reservations, explain what you’re doing, why you need the data, the benefit it provides, and that you’ll destroy the data when you’re finished. That may turn a soft “no” into an affirmative “yes.” If after a respectful discussion, they are still a hard “no,” avoid the mission or seek legal counsel.
3. Turn off the record button. Often people like to turn the record button on for the entire flight “just in case.” For example, if something bad happened to the drone, they want to use the video to show their boss they weren’t at fault. I understand that point. However, when privacy is a concern, don’t collect data you don’t need. Turn the video off until you get to the mission site, and only record what you need.
4. Limit your data collection area. Pilots that use drones to create 3D maps and models will commonly use flight control apps like DroneDeploy or Pix4D to create waypoint-assisted missions. You will create the mission ahead of time and draw a map you want the drone to fly over. When privacy isn’t a concern, I usually advise capturing more data than you need. This helps ensure you have good coverage around the perimeter of your area of interest. It also gives a margin of error if your waypoint maps doesn’t perfectly align with field conditions. However, consider scaling back your mission map if privacy is a concern. Or, if you don’t need a 3D model, consider using nadir (straight-down) images only. Images straight down will limit the penetration into windows and under overhangs.
5. Destroy the data when you’re done. This is a tough one for me personally. If TLC had a Digital Hoarders show, I would definitely be on its pilot episode. As a scientist, it goes against my instincts to delete any data, even if I don’t plan to return to it. However, deleting the data when you’re done is a great practice when privacy is an issue. You may capture sensitive data without even knowing it. For example, how about if you fly your drone at a public park? Seems pretty good so far. Now, how about if there was a child in foster care having a DSS-supervised visit with their parent? Well, now we are getting into some gray areas. There are always special considerations when collecting data on kids, especially when they are in foster care. You may not have meant to capture that data, but you did anyway. If you delete the data before it’s an issue…no harm to foul. Deleted data also has the benefit of not being able to be stolen. That brings me to my next point.
6. Secure your data from theft. Always make sure you store your data securely. Cloud storage like Box or Google Drive is an excellent way of doing this. However, this can challenge 3D modelers who create 30+ gigabytes models. It doesn’t take long before you need to buy more cloud storage space. A solution I see often is just to buy a 2TB external hard drive and put all their models on that. That opens up liability if the external drive is lost or stolen. Again, cloud storage is the preferred method for securing your data. Follow good cyber security practices like using strong, unique passwords and only giving access to authorized people.
7. Have a process for deleting data. Telling yourself that you’re going to delete the data in 12 months sounds great, but what is your process to ensure you do it. There is no magic answer to this; however, a simple practice is organizing your files into folders titled by the date. Use year first, then the month, then the day. I also end with a short description. For example, “20230117_Data from Bridge Inspection” for January 17th, 2023. Then make yourself an outlook reminder every month to delete the folder whose data is older than 12 months. Titling the folders by date allows for easy sorting and deleting.
8. Do not overshare. Don’t share data you don’t have to. Once you share the data, you’ve lost control of it. This is especially true when you make the data very public with social media or advertisements. Scrutinize your data to make sure no one has a reasonable expectation of privacy before publishing it. Asking permission from the people in the data is the easiest way to ensure you’re in the clear.
10. Keep a flight log. In the context of privacy, keeping a flight log for every mission you fly gives you a credible argument against being falsely accused. For example, someone may accuse you of violating their privacy on Tuesday, but your flight logs show you weren’t on site until Wednesday. Remember that flight logs are only credible if they are consistently kept. If you only record the flight half the time, the accuser could argue that you didn’t record the mission that day. There are several online flight logs you can use, or you can buy a hard copy from Amazon. Both have their merits. Just ensure you consistently record the mission location, beginning and end time, the purpose of the mission, weather, and who was flying.
11. Avoid private property. Try to avoid flying over private property if you can. If you must fly over private property, fly as high as you legally can. More privacy is preserved as your ground images have less resolution.
12. Use the right tool. Obviously, I am a big fan of drone technology; however, other data collection means may not have the same privacy barriers. If privacy concerns exist, consider getting your data a different way. Can you obtain your data from the tax assessor's office, building department, Google Earth, or another publicly available forum? The best approach may be to use a different tool to collect the data needed.
13. Respect the measures created to protect privacy. The most common benchmark we use with privacy is if the person being observed had a “reasonable expectation of privacy.” The word “reasonable” is very subjective. However, a privacy violation case is much stronger if they erected privacy fences, bushy vegetation, or other visual barriers to shield their property from public view. These things are clear signs that they “intended” to have privacy and from there, it’s a short leap to “reasonable expectation.” A less obvious example is if an HOA prohibited drone fights in their community. An HOA can’t deny your access to the national airspace, but it's a compelling argument that they intended to have privacy and relied on their rules to have a reasonable expectation of it. In general, if someone has made an attempt to obstruct the view of their property from ground level or made a request restricting drone access, respect their wishes and don’t capture data on them without their permission.
14.Be a good neighbor! This one captures it all and applies to most things in life. If there is a chance that what you are doing could negatively impact someone, ask permission, or avoid the mission altogether. If it’s something that you really don’t want to ask permission for because you think the answer might be “no,” that is a huge red flag. Err on the side of caution and think through other alternatives to meet the mission's objective without using a drone.