Privacy and drone technology

Drone technology is becoming less expensive and more user friendly with the result that their use is increasingly viable for government agencies.

Drones can be used for...

  • crime prevention, detection and control
  • event management
  • fire detection and management - remote bushfire management
  • search and rescue - aerial grid coverage of search areas
  • infrastructure monitoring -  seek and repair of damaged or fallen power lines
  • disaster mapping and management
  • environmental exploration and protection  - coral reef monitoring
  • scientific research - species tracking
  • urban planning - aerial surveys of proposed development sites.

The most well-known drone type is the unmanned aerial vehicle (UAV), which can be outfitted with sophisticated camera surveillance equipment. UAVs are controlled remotely by an operator or by an on board or central computer.

Other types of drones include the unmanned ground vehicle, and the remotely operated underwater vehicle. Drones can vary in size and sophistication and, depending on their purpose, may be equipped with a variety of imaging technologies and other sensors.

Drones are similar to fixed surveillance systems but their additional mobility and control features enable them to operate in previously inaccessible areas and potentially capture a broader range of information.

Personal Information

The collection and handling of personal information by Queensland government agencies must be done in accordance with the Information Privacy Act 2009 (IP Act).

Personal information includes any information about an identifiable individual whose identity is known or can be reasonably ascertained from that information.

Drones will collect a variety of information, some of which will be personal and some of which will not.1 If the information cannot identify an individual, or if the information is not about an individual, there will be no privacy implications arising out of its collection, storage, use or disclosure. However, even if the information is not directly about an individual, it can still qualify as personal information if it reveals information about an identifiable individual.

Personal vs. non-personal information

An agency uses an unmanned aerial drone to survey the extent that backyard swimming pools have complied with the legislated pool fencing requirements.  While ostensibly the information collected is about swimming pools and fencing, the information that a pool owner has not complied with their legislative obligations would be the personal information of that individual.

Government agencies wishing to use drones will need to consider how to manage personal information which may be collected by the drones, regardless of whether it is collected deliberately or inadvertently in the course of fulfilling the purposes for which drones are deployed.

While the community will generally be familiar with fixed camera surveillance, particularly in urban areas, those cameras generally capture activities which are occurring in public spaces, such as a public park or street.

The introduction of drones raises the potential for camera surveillance to occur in personal spaces, such as a backyard. Drones could potentially collect a range of personal information; they would generally collect an individual’s image, but could also collect additional information or details, such as geographical or street view of their place of residence, vehicle registration number, their activities, behaviours or location at a particular time, and conversations if the drone has the ability to record sound.

The privacy impacts of using drones

Personal information collected or generated using a drone is subject to the obligations in the IP Act relating to the collection, storage, use and disclosure of personal information generally.

There are also a number of other laws which could potentially apply to the use of drones, including:

  • The obligations in the Invasion of Privacy Act 1971 concerning the audio recording of conversations.
  • The common law relating to trespass against a person.
  • Section 227A of the Criminal Code 1899 concerning observations or recordings in breach of privacy.
  • The management of drone generated records under the Public Records Act 2002.
  • Civil Aviation Safety Authority (CASA) requirements in relation to Unmanned Aircraft Systems.
  • Australian Maritime Safety Authority (AMSA) requirements in relation to underwater vehicles.

Agencies may wish to obtain separate guidance on the potential interaction of these laws with their drone management and use programs.

Privacy Impact Assessments

There is an established benefit in building privacy into a program at the beginning rather than ‘bolting privacy on’ later. Trying to manage privacy concerns after the program is in operation, particularly if there has been public concern or a privacy breach, has the potential to be both difficult and expensive, both retrofitting privacy to the program and managing any operational and social impacts.

Privacy Impact Assessments (PIA) are a mechanism for assessing and mitigating privacy risks. PIAs are not required by the IP Act, however government agencies may find them very useful for both ensuring any program of drone use is privacy compliant and for identifying and managing possible privacy risks.

A PIA allows privacy risks to be recognised and ensures the agency’s action taken to mitigate those risks is documented. Consultation with the community can often be an important part of undertaking a PIA, particularly where the program is one which will likely have a significant impact on the community.

Current as at: May 4, 2016