Speaking for everyone snowed-in in DC, White House Counselor John Podesta remarked that “big snow trumped big data,” while on the phone to open the first of the Obama Administration’s three big data and privacy workshops. This first workshop, which I was eager to attend (if only to continue my streak of annual appearances in Beantown), focused on advancing the “start of the art” in technology and practice. For a mere lawyer such as myself, I anticipated a lot of highly technical jargon, and in that regard I was not disappointed. // Full recap on the Future of Privacy Forum Blog.
On Monday, Sen. Markey introduced legislation designed to expand legal safeguards to protect individual privacy from invasion by commercial and government use of drones. The bill amends the FAA Modernization and Reform Act of 2012, which directed the FAA to integrate unmanned aircraft systems (UAS) into U.S. airspace by October 2015. The law, however, was silent as to the transparency and privacy implications of domestic drone use. Under pressure from advocacy groups and Congress, the FAA solicited public comment about potential privacy and civil liberties issues during its UAS test site selection process, ultimately suggesting only that UAS privacy policies “should be informed by the Fair Information Practice Principles.”
This section-by-section summary looks at how Sen. Markey’s bill would amend current law to establish national guidelines for domestic drone use.
Sec. 1 – Short Title
Drone Aircraft Privacy and Transparency Act of 2013
Sec. 2 – Findings
The bill notes that the FAA projects that 30,000 drones could be in sky above the United States by 2020, and further, that current law provides for no explicit privacy protections or public transparency measures with regards to drone use by public or private entities.
Sec. 3 – Guidance and Limitations for UAS
The major substance of this section details new requirements for data collection statements by commercial drone operators and data minimization statements by law enforcement. The bill’s provisions with regards to law enforcement appear to bolster significantly Fourth Amendment privacy protections. Agencies would be subject to a warrant requirement for any generalized drone surveillance absent exigent circumstances, such as (1) imminent danger of death or serious injury or (2) DHS has determined credible intelligence points to a high risk of terrorist attack. Moreover, any information collected that was unrelated to a potential exigency is required to be destroyed.
While these provide practical, procedural limitations on surveillance, the bill also forces law enforcement to consider how they plan to use drones prior to their implementation. Law enforcement offices will be required to file an explanation about any policies adopted to minimize the collection of data unrelated to a warrant-requirement, how excess data will be destroyed, and detailing any audit or oversight mechanisms. By making licenses contingent on these statements, the bill may encourage careful consideration of privacy challenges before law enforcement begins broad use of drones.
For commercial operators, the bill would prohibit the FAA from issuing licences without a statement that provides information about who will operate the drone, where the drone will be flown, what data will be collected and how that data will be used, including information about whether any information will be sold to third parties, the period for which information will be retained, and contact information to receive complaints. Depending upon how onerous these statement requirements become, this section may present some First Amendment challenges, particularly public efforts to advance newsgathering and the free flow of information.
The FAA would be charged with creating a publicly searchable website that would list all approved drone licenses, including copies of data collection or minimization statements, any data security breaches, and details about the time and location of all drone flights.
This section also calls for the Departments of Homeland Security, Commerce, and Transportation and the FTC to conduct a study to identify any potential challenges presented by drones to the OECD privacy guidelines. It would also require the current UAS rulemaking underway to take those privacy guidelines into consideration.
Sec. 4 – Enforcement
The section provides for concurrent enforcement by state authorities and the Federal Trade Commission under its Section 5 authority. It also allows for a private right of action for violations of either an entity’s data collection or data minimization statement. Remedies include equitable relief, and the greater of actual monetary damages or statutory damages of up to $1,000 for each violation.
Sec. 5 – Model Aircraft Provision
Finally, the bill provides for an exception for model aircraft.