The privacy guidance, arrived at in consensus with drone organizations and companies like Amazon and Google's parent Alphabet, recommends that drone operators who collect personal data should have a privacy policy that explains what personally identifiable information they will collect, for what purpose the data is collected and if it will be shared with others, including in response to requests from law enforcement agencies.
The guidelines also encourage drone operators to avoid using or sharing personal data for marketing purposes without consent of the individual. Drone operators should also not use personal data without consent for “employment eligibility, promotion, or retention; credit eligibility; or health care treatment eligibility other than when expressly permitted by and subject to the requirements of a sector-specific regulatory framework.”
Data collected should also not be held beyond a reasonable period, without the consent of the individual, or in exceptional circumstances, such as legal disputes or safety incidents.
The recommendations also suggest that operators should minimize activities by drones, also known as unmanned aircraft systems (UAS), over or within private property without consent of the property owner or without appropriate legal authority.
“In the absence of a compelling need to do otherwise, or consent of the data subjects, UAS operators should avoid using UAS for the specific purpose of intentionally collecting covered data where the operator knows the data subject has a reasonable expectation of privacy,” according to the guidance released after a meeting of stakeholders on the previous day.
President Barack Obama in a memorandum in February last year instructed the NTIA to convene a process to develop and communicate best practices for privacy, accountability, and transparency issues regarding UAS use. The NTIA is located within the Department of Commerce.
The new recommendations being voluntary may not have an immediate impact on the practices of drone operators, apart from providing some broad boundaries and guidelines for privacy protection.
NTIA warns that the best practices proposed should not be construed to limit or diminish freedoms guaranteed under the U.S. Constitution, or replace or take precedence over any local, state, or federal law or regulation. The Federal Aviation Administration and drone advocacy groups have been pushing for uniform federal regulations to replace a number of laws on drones passed by various states.
The FAA has said it is aiming to finalize rules for the commercial operation of drones by late spring. It announced draft rules in February last year which placed, among other things, limits on the size and height to which drones can fly, and also included curbs on their flights at nights and away from the visual line-of-sight of operators.
The best practices can help promote Department of Commerce priorities by allowing the drone industry "to grow, develop and innovate while helping to build consumer trust," said Secretary of Commerce, Penny Pritzker, in a statement.
Drone and industry groups have welcomed the new recommendations. Association for Unmanned Vehicle Systems International (AUVSI) has recommended that states and municipalities should allow commercial operators to adopt the uniform, federal privacy best practices, instead of creating a complicated patchwork of new laws to address privacy.
The best practices are an example of the progress possible when civil society, government, and businesses work together to find solutions, said Chris Calabrese, vice president of policy at the Center for Democracy & Technology. “Hopefully the broader drone industry and hobbyists alike will embrace these best practices,” he added.