Hong Kong's Privacy Commissioner updated and expanded existing guidance on CCTVs to encompass the use of drones in guidance released on 31 March 2015, titled Guidance on CCTV Surveillance and use of Drones.
Acknowledging there is "no universal definition" of a drone, the guidance nevertheless indicated that it covered "aircrafts that are either controlled autonomously by remote pilots".
Particular privacy concerns over drone usage were noted: being small, portable and mobile they can track an individual's activities more persistently over time and in a wider area; their surveillance is covert and their technological sophistication means they can capture objects - relevantly, people - in detail.
The guidance urged users to be mindful of people's privacy during usage given these concerns. It reminded drone operators that intrusion on privacy can only be justified "if it is proportional to the benefit to be derived", or else it could be considered an unfair collection of data under Hong Kong's privacy laws.
The non-binding guidance offered four tips for the use of drones: careful planning of a drone's flight path to avoid flying close to people or properties; pre-defining recording criteria to avoid over-collection of data and a policy on erasing irrelevant recordings; ensuring any wireless transmission of data is encrypted and, finally, to provide notice of use of drones. This includes using flashing lights to indicate recording, pre-announcing drone operations, branding the drone and drone operators with corporate information and logos to ease identification and putting up banners with privacy notices at launch sites.
The guidance also acknowledges that certain types of drones may be subject to additional civil aviation regulations or regulation by the Office of the Communications Office in Hong Kong.
The non-binding guidance note also revised the position on CCTV previously published in 2010; the position is now much tougher. The guidance calls for careful consideration of whether any use of CCTV is appropriate and if so, to avoid high definition recording so as to only collect required information (and not too much personal data). CCTV operators are required to use contractual or other controls around any third party contractors who provide or maintain CCTV. Overall, the guidance called for tighter security controls around the use of CCTV and a policy on the retention and deletion of data when no longer required.
For more information, please contact Anna Gamvros or Rachel Jacqueline.