Drone fever and privacy policy: A US perspective

We find ourselves at a historic time for Unmanned Aircraft Systems (UAS or drone) policymaking in the United States. Technology has moved forward quickly, and what used be considered toys are now must-have tools for industry. Drones have substantial safety and efficiency benefits for tasks ranging from insurance applications, to precision agriculture, to infrastructure inspection, to newsgathering, to package delivery – and everything in between.

The US has generally lagged behind much of the world, as many other countries – including many in Europe – have already embraced a regulatory framework that allows safe commercial drone use. Until just recently, operators have been prohibited from using drones commercially in the US without a special license from the Federal Aviation Administration (FAA). However, after years of effort by industry and government alike, on August 29, 2016, the FAA’s long-awaited small UAS rule (Part 107) went into effect—for the first time broadly authorising commercial drone operations in the US.

The FAA’s new rule opens the skies for commercial drones: Any company looking to fly drones in the US to enhance its business operations – whether for insurance, disaster response, infrastructure inspection, agriculture, newsgathering, filmmaking, aerial photography, or anything else – can now do so. Under the rule, drones (by definition, 55 pounds (25 kg) or less, including payload) may generally fly up to 400 feet (120m) above ground level, up to 100 miles per hour (160 kmph), within visual line-of-sight, away from people, and during daytime hours. The operator must have a remote pilot certificate, pass a Transportation Security Administration background check and be at least 16 years old. While there are limitations (for example, industry is anxious to be able to fly beyond visual line of sight, over people, and at night—and these types of operations are not yet broadly authorised without a special waiver), the rule is generally considered by the industry to be a very positive step forward. The Part 107 process will speed up the adoption of drones in the US without sacrificing safety.

While the U.S. federal government has been most focused on safety issues related to drone integration, the American public has been most focused on privacy issues. In light of recent developments, this article outlines privacy concerns related to drone integration in the US, and describes the legal and policy state of play. It also forecasts where these issues may head in the near and longer term future, and the impact for insurance companies.

The American public’s privacy concerns

Drones are a platform for a camera, and in many ways are similar to the use of a satellite, pole camera, or a helicopter to record aerial images. However, legislators, the media, and the American public have singled out drones over privacy issues. This is partly because to some, the word “drone” connotes drones being used overseas for intelligence gathering and military purposes. For others, the very characteristics that make drones so promising for commercial uses, including their small size, manoeuvrability, and capacity to carry various kinds of recording, have raised privacy concerns.

Whatever the reason, data shows that the American people do perceive drones differently than other camera platforms. One 2014 study by University of Oklahoma researchers found that many people found the use of drone-based cameras more objectionable than ground-based cameras1. Only 24% of people surveyed opposed ground-based cameras to monitor streets and businesses, while 46% of people opposed drone-based cameras for the same purpose2. Similarly, 34% of people opposed ground-based cameras to enforce traffic laws but 53% opposed the use of drone-based cameras to enforce traffic laws3.

As a result, we often hear individuals worrying that their neighbours will spy on them with a drone. Companies worry that their competitors will steal trade secrets with a drone. In popular culture, television shows (from South Park to Modern Family) commonly spoof drone privacy issues.

This public perception issue has had real influence on the commercial drone policy development process in the U.S. At a federal level, the Department of Commerce recently organized a multi-stakeholder process to craft voluntary best practices on privacy for the commercial and private use of drones. Congress has also proposed legislation. And while the FAA focuses on safety, its small rule actually does have some privacy implications. Finally, privacy and property rights also are regulated at the state and local level, so we have seen much action across the country. We will examine each of these in turn, before summarising where we see the privacy landscape going in the future. 

1)    Department of Commerce and voluntary privacy commitments

In February 2015, the same day the FAA released its proposed rule on safety and operations related to commercial drone use, the White House issued a Presidential Memorandum that established a multi-stakeholder process to craft best practices for privacy, transparency, and accountability related to the private and commercial use of drones. The process was led by the National Telecommunications and Information Administration at the Department of Commerce.

After months of negotiations and heated debate between industry representatives and privacy advocates, in May 2016 a diverse group of drone industry stakeholders and civil society representatives reached consensus on a set of best practices that create new privacy standards for drone operators that adopt them. These best practices include promises by drone operators to:

  • create and publish drone privacy notices;
  • forgo the collection of information where a person has a reasonable expectation of privacy;
  • avoid the persistent and continuous collection of data on individuals without a compelling need to do so or consent;
  • minimize the operation of drone over private property without legal authority or consent;
  • delete or de-identify drone images when no longer needed; and
  • avoid making information public except as necessary or with permission.

The best practices are not mandatory; they are strictly voluntary. However, any commercial entity that chooses to commit to these best practices must uphold this commitment under federal law. These regulations do not fill all perceived gaps identified by privacy advocates but, if adopted, they arguably provide the most comprehensive drone privacy standards to date.

2)     Congressional action 

Federal lawmakers also have taken steps towards imposing new drone privacy regulations. Senator Ed Markey (D-MA) and Congressman Peter Welch (D-VT), for instance, introduced legislation that would, among other things, require that all drone licenses be publicly available and disclose the operator, the area of operation, what data will be collected, how data will be used, and whether data will be transferred to third parties.

The bill’s policy prescriptions resemble many of the privacy rules proposed by privacy and civil liberty advocacy organizations. The Center for Democracy and Technology, for instance, has urged the FAA to adopt baseline enforceable standards for drone privacy such as data minimization rules and transparency requirements that would inform the public about who operates drones that may affect their privacy. Relatedly, the ACLU has called for mechanisms to allow citizens to opt out of property surveillance. 

3)    The FAA’s de facto drone privacy standards

Although the FAA has stated it does not have privacy authority, and while the agency is not seeking to regulate privacy in Part 107, it is notable that the agency’s new safety rule does have real privacy implications.

Flights over people. First, according to the rule, drones may not operate over any persons not directly participating in the drone flight, except when those persons are under a covered structure, inside a covered stationary vehicle, or when the FAA grants a specific waiver. This prohibition of flights over non-participating persons could result in generally limiting drone operations to unpopulated or sparsely populated areas or over tightly controlled private property.

Visual line of sight. Second, drones are required by the rule to remain within the visual line-of-sight of the pilot-in-command or the drone’s visual observer. The aircraft must remain close enough so those persons are capable of seeing the aircraft with vision unaided by any device other than corrective lenses. Although this rule aims to promote safety by limiting drone operations to a relatively confined space and ensuring constant visual contact between the pilot or visual observer and the aircraft, it also promotes privacy by precluding drone operators from observing distant subjects or places.

Night operations. Third, the rule generally prohibits drone operations at night without a special waiver. Daylight-only operations or twilight operations – 30 minutes before official sunrise or 30 minutes after official sunset – with appropriate anti-collision lighting are allowed. Like the line of sight rule, the general prohibition on night operations has a key safety purpose of preventing flights at a time when reduced visibility increases the likelihood of collisions, but the rule also limits the ability to misuse drones to surreptitiously capture images under cover of darkness.

While these requirements in the FAA’s new rule have clear privacy implications that provide a certain level of protection from the use of drones for invasive purposes, privacy advocates have expressed concern about aspects of drone privacy that remain unregulated. For instance, nonparticipating persons are not necessarily given notice of nearby drone activity. Moreover, people may be unable to determine who is flying the aircraft or not know how to stop the use of such aircraft if they believe their privacy is violated.
4)    State and local activity 

In the US, rules regarding property rights, and certain privacy regulations, have been adopted at the state and local level. According to the National Conference of State Legislatures, 45 states considered 168 pieces of drone legislation in 2015. At least ten states, including Arkansas, Florida, Idaho, Indiana, Louisiana, North Carolina, Oregon, Tennessee, Texas, and Wisconsin, and cities such as Chicago and Los Angeles, have enacted privacy laws that regulate the commercial and private use of drones. These state laws take many different forms. Idaho’s law specifically prohibits drones from photographing or recording an individual for purposes of publicly disseminating the information without the individual’s written consent4. Other laws prohibit the use of drones to record or survey of private property. Louisiana’s drone law, for instance, prohibits the use of drones to conduct surveillance of certain manufacturing facilities5. Notably, most of these state laws have an exception to the general prohibitions on image capture with a person’s or property owner’s consent.

States also have privacy laws that are technology-neutral: They do not explicitly mention drones, but may be broad enough to cover drone activities. California’s law, for instance, prohibits the capture of images taken in an offensive manner of an individual engaging in a personal or familial activity6. Most states have general consumer protection laws that prohibit unfair or deceptive acts or practices, the enforcement of which theoretically could include drone activities that violate a person’s privacy expectations. States also have rules against peeping Toms, and individuals can bring nuisance claims and suits against trespassers related to drones.

Drone privacy framework: Impact on the insurance industry

The adoption of Part 107 is a significant step forward and one that promises benefits across industries, including the insurance sector. Insurers are in the unique position of being drone users themselves, as well as policymakers for their customers around drones. In either role, insurers should pay close attention to the federal, state and local laws under consideration and in effect. To the extent these laws limit drone operations – for instance, through Part 107 limitations, or by requiring prior consent from property owners before permitting flights or before filming a non-participating person – certain insurance activities using drones may be curtailed. Whether an insurance company is using drones for its own purposes or providing drone coverage, the federal laws, various state and local laws, and any voluntary privacy commitments made by operators or that become standard industry practices, will need to be taken into account. Indeed, since most companies that operate internationally may implement one set standards globally to meet the European Union’s (EU) relatively strict and comprehensive data privacy laws, it will be important to keep abreast of the application of the EU’s data privacy standards to drone operations as well – and others around the world.

What the future holds for drone privacy

Given the many legislative bodies at the federal, state and local level interested in the privacy aspects of drones, voluntary efforts by industry, and general privacy and property rules that apply to drone activities, the future of privacy standards for drones likely will remain fragmented.

In the near-term, we will likely continue to see state and local legislation proposed, as well as calls for federal drone privacy legislation. The industry’s agreed-upon industry best practices may provide a template for states and localities looking to regulate.

Over time, as more drones enter the national airspace, and as night-time and beyond visual line-of-sight operation of drones is allowed more broadly, the pressures to create comprehensive and broader privacy standards will increase. Drone operators should keep a close eye on these developments, as it is only a matter of time before new drone privacy laws will emerge – and the debate about what shape these laws will take already is underway.

1 Kerry G. Herron, Ph.D., Hank C. Jenkins Smith, Ph.D., and Carol L. Silva, Ph.D, “US Public Perspectives  on Privacy, Security, and Unmanned Aircraft Systems,” Center for Risk and Crisis Management, University of Oklahoma (March 2014) at 35.
2 Id.
3 Id.
4 Idaho Code Ann. § 21-213 
5 La. R.S. 14:337.
6 Cal. Civ. Code § 1708.8 (A person is liable for constructive invasion of privacy when the person “attempts to capture, in a manner that is offensive to a reasonable person, any type of visual image, sound recording, or other physical impression of the plaintiff engaging in a personal or familial activity under circumstances in which the plaintiff had a reasonable expectation of privacy, through the use of any device, regardless of whether there is a physical trespass, if this image, sound recording, or other physical impression could not have been achieved without a trespass unless the device was used.”).  


Lisa Ellman

Partner, Hogan Lovells

Lisa Ellman is a Partner and leading public policy lawyer at Hogan Lovells, where she co-chairs the firm’s global Unmanned Aircraft Systems (UAS) Group. Throughout her career, Ms. Ellman has worked to bridge the sizable knowledge gap between government policymaking and business innovation. In February 2015, Ms. Ellman was recognized in Fortune magazine's "Most Powerful Women" series for her efforts to integrate drones into the domestic United States. She has held a variety of positions at top levels of the Executive branch at the White House and the U.S. Department of Justice (DOJ). In a series of presidential appointments, Ms. Ellman led work on high-priority policy initiatives for the Obama administration on issues spanning from open and transparent government to domestic use of UAS. Most recently, she led DOJ's effort to develop policy that would govern the use of UAS in the United States. She also represented DOJ in the federal interagency process considering UAS-related policy issues that are shared across departments and agencies. Earlier in the Obama Administration, Ms. Ellman served in senior positions within three White House agencies: the Office of Science and Technology Policy, the Office of Management and Budget/Office of Information and Regulatory Affairs, and the Office of Presidential Personnel.

In private practice, Ms. Ellman co-leads the Hogan Lovells UAS group, a “one-stop shop” for UAS manufacturers, operators and users. The UAS group provides nuts-to-bolts assistance for businesses entering the dynamic UAS marketplace and assists firms to succeed in the uncertain regulatory environment. Ms. Ellman has counseled businesses and trade groups in industries ranging from newsgathering and television production, to aerial photography and energy, to precision agriculture and insurance, to higher education, drones technology, and real estate–and everything in between.