Gregory S. McNeal Contributor
The European Commission published a comprehensive report evaluating the privacy impact of drones (referred to in the report as RPAS or remotely piloted aircraft systems), finding that Europe’s existing regulatory framework is adequate to address the emergent technology.
The 378 page report found that the current European and Member State regulatory framework was “adequate to address the privacy, data protection and ethical impacts” of drones because those rules are technology neutral. The report noted that rights to privacy and data protection frameworks in Europe included provisions for addressing various risks. While the regulatory structure in Europe is adequate, the report noted that the biggest problems associated with drones may be educating the industry about their obligations, and enforcing the regulatory mechanisms that are already in place. The report’s authors also believed that drones should “include privacy-by-design features in all data collection and processing activities” (a reform I encourage U.S. legislators to consider in this white paper).
The report makes the following core recommendations:
We conclude that a combination of existing regulatory instruments and soft law measures such as Privacy Impact Assessments (PIAs) elements will assist RPAS operators in developing innovation applications and services by combining harmonised, technology- neutral regulations across Europe with a tailored impact assessment. In particular, they are organised under five main headings:
Industry-specific recommendations for reducing risk (described above)
Raising awareness of privacy and data protection requirements in the RPAS industry
Enacting information and transparency protocols
Conducting mandatory assessments of privacy and data protection issues for each type of operation (privacy impact assessments)
Identifying stakeholders to monitor good practice in privacy and data protection.