The Article 29 Working Party (WP) have highlighted a number of risks and threats presented by drones in regards to data protection.

Their opinion highlighted a number of difficulties with the processing of personal data by drones. Due to their unusual nature, specifically their dexterity and unique vantage point, it entails reduced transparency and increased privacy intrusion in comparison with fixed sensors e.g. CCTVs. There is also no specific data protection legislation on the use of drones. The WP highlighted that the relevant legal framework could consist of parts of the Data Protection Directive. As providers of publicly available electronic communications services might use drones, the Privacy and Electronic Communications Directive will also be applicable.

Their opinion provided a guideline for policy makers, manufacturers and operators to correctly address data protection requirements and included:

  • verifying the need for a specific approval from Civil Aviation Authorities;
  • finding the most suitable criteria for legitimate processing and complying with the purpose limitation, data minimisation and proportionality principles;
  • fulfilling the transparency principle in the most suitable manner;
  • adopting appropriate security measures and deleting or anonymising personal data which is not strictly necessary; and
  • the adoption of national policies and the development of common European standards by the European Aviation Safety Agency.

In the UK, the Information Commissioner's Office code of practice on CCTV and surveillance cameras includes guidance on the use of drones.

Please click here for further information from the WP.