Drones, UAV and Data Protection in the EU

Public attention about drones

Due to numerous reports, the public is prudent when it comes to flights by unmanned aerial vehicles (UAV). Often, when people see a UAV above their heads, they feel scared or intimidated. In fact, according to the latest report from the European Aviation Safety Agency (EASA), 40% of surveyed people view drones negatively.

A while ago, we explored this topic in more detail with Christian Walter Franz. We found out that this phenomenon derives from the so-called cognitive dissonance: a discrepancy between what a person expects (“I want to give my consent before someone films me”) and what a person sees (“Someone is filming me, but I didn’t give my consent”).

Would you be happy if a drone passes by and films your body while you’re sunbathing?

Remote pilots can actively help to reduce unfounded fears and reservations:

• Actively inform people that you are flying in an area and why you are flying here
• Report any misuse of UAVs to relevant authorities
• Minimize the data collected for the scope of the project

These measures might be enough to reassure people affected during a drone operation, however they still don’t comply with data protection laws.

Note: Independently from these measures, it is forbidden to fly with an UAV into areas or approach areas where an emergency operation is taking place - unless the responsible emergency service has given express permission.

UAV & Data Privacy

Privacy is a fundamental right that every citizen in the EU has. Data protection is mainly regulated in the EU General Data Protection Regulation (GDPR) and applies to everyone in the European Union and companies that do business with people living in the EU.

Unmanned aerial vehicles (UAV) offer us many new ways to collect data thanks to:

• Cameras
• Microphones
• Infrared cameras
• LiDAR
• Thermal imaging cameras

The uses of drones range from surveying, defense, agriculture and real estate to photography, live entertainment, etc. Being remote-controlled, they are a perfect tool for collecting high-definition images (even in inaccessible places).

Unfortunately, they can be also used to break into the privacy of others or for criminal purposes. For this reason, the UAV operator must be registered if the UAV is equipped with a sensor system that can record personal data (unless the UAV falls under the EU Toy Directive - Directive 2009/48/EC).

UAV & Personal data

Data protection only affects ‘personal data’, i.e. only a small part of all available information captured by drones. According to the art. 4 of the GDPR, this is all information that relates to an identified or identifiable natural person.

A natural person is regarded as someone who can be identified by a physical, physiological, genetic, psychological, economic, cultural or social feature of this natural person. Hence, all recordings that show people in principle are protected by data protection.

There are some basic principles for handling personal data:

• The principle of “data minimization” must be applied: whenever possible, no personal data should be processed or recorded.
• Consent from the data subject: the data subjects must be informed that their data is being processed (e.g. that they are being photographed, filmed or recorded) and give consent.
• Data anonymization: anonymized data (e.g. blurring) are not considered as personal information (Recital 26). Therefore, consent is not required.

Why Anonymization is the solution

It seems obvious to start by asking the consent of anyone that might be affected by the drone mission. However, when you consider large image datasets, it could be time-consuming and costly to get explicit consent from hundreds of thousands, or even millions of individuals.

Anonymization is a better solution because it preserves privacy while drastically reducing operational costs. Also, by establishing anonymization as a standard approach, you can effectively discourage negative reactions and mitigate citizens’ distrust.

Want to know more about image anonymization? Check out:

• Image Anonymization for Mapping
• Checklist for Image Blurring

Latest drone regulations (2021)

On January 1, 2021, the European Union standardized drone regulations across the continent (Regulation (EU) 2019/947 and Regulation (EU) 2019/945). The new rules replace EU state’s existing laws, standardising drone operations for business or leisure across Europe.

A full list of regulations and requirements under the Open category can be found here.

Regardless of these latest regulatory developments, to ensure the safety of all persons concerned, every drone pilot should ask himself/herself the following questions before every flight:

• Am I flying to pursue a legal, permissible purpose?
• Will I not endanger anyone with my flight, not even other pilots?
• How can I avoid invading the privacy of others through my flight?
• Is it impossible for me to interfere with the work of the authorities, police or rescue services through my flight?

About Celantur

Technology

Celantur offers fully-automated image and video anonymization solutions to help companies and organizations comply with privacy laws. Our technology detects several objects to be anonymized such as faces, bodies, license plates, vehicles and facades, and automatically blurs them.

Our product is developed specifically for street-level and aerial imagery, and works well with various systems:

• DJI
• Wingtra
• Parrot
• Phase One
• and many more

Data Protection Standards

Data protection is our core business. That's why, to operate as a data processor, we have robust measures in place to comply with the GDPR and other data protection laws:

• Images are processed in GDPR-certified data centres in the European Union.
• External Data Protection Officer at service.
• All data and storage devices are encrypted.
• Data are deleted after the anonymization.
• Annual Data Protection Audit.
• Up-to-date Documentation: Technical and Organizational Measures ("TOMs"), Records of Processing Activities and Data Processing Agreement.