Federal agency releases drone privacy guidelines

The NTIA's new guidelines, developed with input from privacy advocates and companies like Amazon, are not enforceable, and they leave room for big data collection.
Written by Stephanie Condon, Senior Writer

After working for the past year with consumer privacy advocates, inudstry groups and companies like Amazon, a U.S. federal agency has finally released a set of drone privacy guidelines.

The guidelines, from the National Telecommunications and Information Administration (NTIA), focus on protecting personally identifiable information but leave plenty of room for big data collection. The NTIA guidelines are currently completely voluntary, but they do represent the first step in creating federal drone privacy standards.

The guidelines are "an important step in building consumer trust, giving users the tools to innovate in this space in a manner that respects privacy, and providing accountability and transparency," Angela Simpson, NTIA deputy assistant secretary, said in a blog post. The NTIA began working on the guidelines after President Obama asked for a set of privacy best standards in February of last year.

The guidelines comprise five overarching rules, beginning with, "inform others of your use of UAS." More specifically that includes suggestions such as, "where practicable... make a reasonable effort to provide prior notice to individuals of the general timeframe and area that they may anticipate a UAS intentionally collecting covered data." The term "covered data" refers to information that identifies a particular person.

Next, the guidelines suggest, showing "care when operating UAS or collecting and storing covered data." That means avoiding the "persistent and continuous collection of covered data about individuals," along with avoiding the collection of covered data "where the operator knows the data subject has a reasonable expectation of privacy." It calls on drone operators to refrain from "retaining covered data longer than reasonably necessary," and to establish a process for resonding to privacy concerns.

Third, the guidelines include limiting the use and sharing of covered data. For instance, the document specifically says drone operators shouldn't use covered data for the following purposes without consent: employment eligibility, promotion, or retention; credit eligibility; or health care treatment eligibility.

It says drone operators should "make a reasonable effort" to avoid using or sharing covered data for marketing purposes. However, it expressly says, "There is no restriction on the use or sharing of aggregated covered data as an input (e.g., statistical information) for broader marketing campaigns."

Lastly, the guidelines say drone operators should secure covered data, as well as monitor and comply with evolving federal, state and local UAS laws.

The Center for Democracy & Technology (CDT), which was part of the group that gave input to the NTIA, commended the recommendations.

"Drone technology has the potential to revolutionize many parts of our lives, including how news is gathered, food is delivered, and wildlife sanctuaries are monitored. Yet drones also present a very real threat to our privacy rights if left unchecked," CDT vice president Chris Calabrese said in a statement. "As the nascent drone industry is starting to take-off, adopting these best practices will help ensure that drones fly safely, ethically, and respectfully."

However, the digital rights group Access Now was less than impressed, arguing the guidelines are riddled with loopholes and too narrow in scope.

While the NTIA has been handling privacy issues, the Federal Aviation Administration (FAA) has been working on broader guidelines for drone use and should soon finalize rules for commercial drone operation.

Meanwhile, the U.S. Senate has asked the NTIA for a set of privacy guidelines that could serve as the basis for further federal legislation.

Editorial standards