As Amazon recently stated in a letter to the FAA, “One day, seeing Amazon Prime Air will be as normal as seeing mail trucks on the road today.” Most people are aware that drones are well on their way towards full integration in our society. In fact, on April 8, 2015, the Federal Aviation Administration (FAA) approved Amazon’s bid to test its “Prime Air” package delivery drones outdoors. Drone technology is advancing so quickly that, according to Amazon, the FAA approvals issued are already obsolete.

The law is reacting to advances in drone technology, albeit at a more measured pace. In February, the FAA’s proposed regulations for a limited class of commercial drone use garnered much public interest. The regulations, which are expected to become effective by 2017, are designed to provide for safe drone operation with the national airspace system. Clearly, if drones become as ubiquitous as mail trucks, they must be as safe, but what about privacy? Justice Brandeis famously asked in 1890, how can the law protect against “mechanical devices” that take “instantaneous photographs,” and “threaten to make good the prediction that what is whispered in the closet shall be proclaimed from the house-tops?” If a delivery drone can drop a package, can it pick one up? If it navigates by camera, what else can it see? Certainly much more than a Polaroid camera on the ground.

If you are looking for guidance on the privacy implications of drone operations, you won’t find it in the FAA’s proposed regulations. Except for the storage of information collected during the operator certification process, privacy is explicitly outside the scope of the proposed regulations. Indeed, with the exception of privacy concerns related to drone operations at commercial test sites, the FAA has avoided regulating drone privacy in general.

Currently, there is limited legal protection from the unique privacy risks posed by commercial drones, with only a few state privacy laws specifically aimed at drones. One such law is the Texas Privacy Act, which prevents private drone use the with intent to conduct surveillance, and specifies certain private uses to which the law does not apply. For example, the law does not apply to certain uses by electric and gas utilities, licensed real estate brokers, or owners and operators of pipelines. Bills introduced in Congress have not been enacted, and the drone privacy legislation currently in committee focuses mostly on governmental use. However, in conjunction with the FAA’s proposed regulations, the White House released a memorandum directing government agencies to update their privacy policies, and directing the National Telecommunications and Information Administration (NITA) to work with private stakeholders to develop a privacy framework for commercial and private drone use.

In NITA’s words, its framework will address the unique privacy issues caused by the fact that drones “enable aerial data collection that is more sustained, pervasive, and invasive than manned flight.” It accepted public comment through April 20, 2015. Questions posed by NITA include, Do drone-based aerial photography services pose unique privacy risks as compared to non-drone based services? Other questions are:

  • Should drones maintain a certain distance from people, homes, businesses, or vehicles?
  • Should the types of cameras or microphones used be regulated?
  • Should drones deliver prescription medicine, or handle medical information? Serve legal process? Read electric and gas meters? Should they coach third base?

Compliance with NITA’s best practices will be voluntary, and enforcement is limited. Until Congress acts, or until best practices are widely adopted, protection for privacy from commercial drones will likewise remain limited.