By Elizabeth Wharton –
Progress is emerging in the battle for businesses to legally fly their drones over Georgia and around the country. On Sunday the Federal Aviation Administration released proposed rules outlining how and where small drones (up to 55 lbs) may be flown for commercial purposes. The White House also joined in the announcement and issued a presidential memorandum directing federal agencies to evaluate, monitor and report their policies for protecting private information gathered via drones.
All this leaves open opportunities for Georgia legislators to protect the collection, use and storage of private surveillance data.
Under the FAA proposals, drone operators must be over the age of 17 and obtain a license prior to commencing flight operations. Small drones may only be flown during daylight hours at speeds not to exceed a maximum airspeed of 100 mph with a maximum altitude of 500 feet above ground level. The drones must remain in the operator’s or their visual observer’s eye sight at all times during operation. Safety and privacy considerations include a prohibition against operating drones over bystanders (anyone not directly involved in the drone’s operation). And there will be no “drunk droning”– careless or reckless drone operations will be prohibited as will operator two-timing (only one person will be permitted to pilot one drone at a given time).
Not everyone is cheering the proposals. The line of sight, air speed limitations, and 500-foot ceiling effectively prohibit companies like Amazon from utilizing drones for delivery services. If implemented, federal and local law enforcement agencies could skip the current, cumbersome drone-use application process and instead operate surveillance drones directly or via third party contractors. Privacy advocates are concerned by increased and easy law enforcement or third party contractor collection and storage of personal data and images collected via drone.
The White House order is aimed at addressing some of those concerns but lacks real enforcement outside of federal agencies. Agencies would be required to review current policies and create additional policies ensuring adequate protection of personal, private data collected via surveillance flights and ensure compliance with existing constitutional or statutory privacy and free speech protections. Policies would then be reviewed and audited every three years. Agencies are also directed to release an annual report disclosing locations of surveillance drone operations. Collected information could only be used when consistent with an authorized purposed. Data containing personal identifiable information would be destroyed after 180 days unless expressly required for an agency’s ongoing authorized mission.
Timing is everything in D.C. and, in this case, quite telling. An inadvertent posting of a summary of the proposed rules to a government website ruined the planned late-February FAA and White House proposal release. Once industry and news outlets began publishing leaked details on Saturday, the FAA and White House were forced into full disclosure of their plans on Sunday.
Indeed, if the federal government continues to demonstrate an inability to protect and manage information, how can local law enforcement agencies (with smaller budgets and fewer resources) be expected to manage and protect surveillance data? Along those lines, what happens when private companies are permitted to operate drones and collect surveillance data? Flight operation and safety are under FAA purview, but individual data privacy protections fall to state legislators.
The current drone-related legislation under consideration in the Georgia General Assembly in large part misses the privacy mark. Private information is unintentionally collected every day—for example, “photo bombing” the background of videos and cell phone pictures. This will only increase with open, legal commercial drone use. Current state-level attempts to limit drone flight patterns likely run afoul of the FAA’s pre-emptive authority.
Georgia’s legislators should instead direct their attention to the storage (or deletion) and protection of private data collected through drone surveillance. There are commercial uses and public purposes in the lawful collection of data. Just as protections are currently given to personal information collected via other means, consideration should be given to the privacy protections and use of personally identifiable information collected via drones. The FAA and White House proposals are still in the review process and may take years before implementation.
Until then, legislators have time to craft realistic and practical privacy protections. Your move, Georgia.
Elizabeth Wharton is an attorney for Hall Booth Smith, PC in Atlanta