At the second installment of the FTC’s Fall Technology Series, FTC researchers, academics, consumer advocacy groups, and drone manufacturers explored the potential privacy and security concerns that arise from the use of drones.
FTC Commissioner Maureen Ohlhausen kicked off the event with a reminder that transformative technologies often provide society with unexpected and incredible benefits. She emphasized that social adaptation to such technologies often requires reconsideration of social norms, policy, and laws, and reiterated that “drone law” is still developing. From the FTC’s perspective, the privacy concerns related to commercial drone use necessitate an assessment of their potential implications for consumer protection.
Do Drones Raise Unique Privacy Concerns?
The first panel focused on whether drones raise unique privacy concerns or whether they are just like other transformative technologies to which consumers ultimately grow accustomed to after realizing their benefits (e.g., portable cameras, online behavioral tracking/advertising). Most of the panelists agreed that two features make drones unique: (1) the remoteness of the operator means that consumers frequently do not know who is controlling a drone; and (2) the ability of drones to collect data from areas that are difficult to access with other technologies. Some panelists also pointed out the potential of drones to quickly collect data on a mass scale (e.g., such as by flying over a large crowd to collect pictures in combination with device identifiers), while other panelists argued that this fear is overplayed and that most drones are actually engaging in beneficial activities (surveying land, news-gathering, finding survivors following a natural disaster, storm-tracking, wild-life rescue).
Industry panelists argued that while drones are unique in some respects and have the ability to collect lots of data, most of the potential privacy harms can be solved through existing laws. For example, “Peeping Tom” statutes and tort laws such as invasion of seclusion and trespass prohibit invading an individual’s privacy in private places. Furthermore, the FTC’s Section 5 authority over unfair or deceptive acts and state AG equivalents would allow for regulatory action against companies that collect or use drone data in illegal ways. State security/breach laws combined with FTC and state AG breach/security actions also will ensure reasonable security on drones and related devices.
Panelists highlighted the benefits of industry self-regulation, noting the unprompted efforts already taken to build privacy and security mechanisms into drones such as encrypted transmissions and crash avoidance overrides. They also drew attention to the collaborative multi-stakeholder process undertaken by the National Telecommunications and Information Administration (NTIA) that developed voluntary Best Practices relating to the privacy, transparency, and accountability issues in drone operation that were endorsed by the Center for Democracy and Technology. On the other hand though, consumer advocates and academics argued that existing privacy laws are not sufficient to protect consumers against abusive uses of technologies and thus, either drone-specific regulations are necessary or existing privacy/security laws need to be strengthened.
How Can We Solve Drone Privacy Concerns?
The second panel discussed how drone privacy concerns should be addressed. Some panelists discussed notification options such as signage in physical locations where discrete commercial drone activity is taking place while others suggested having drones broadcast unique identification numbers that consumers would be able to detect with a smart phone app to learn about a drone’s operator and function. Device manufacturers also noted that they have included sections in their hobbyist operator manuals dedicated to explaining privacy and security issues to operators.
Panelists debated whether the biggest concern is the collection of data through drones or how such data is used. Industry panelists suggested that it would be easier to place limitations on use rather than collection, as drones often have to collect lots of data for safety reasons (e.g., in order to fly safely, drones have to collect images of the environment around them, including the people in the environment).
While the panelists discussed a number of potential solutions, there was ultimately no clear consensus on how or whether to apply traditional consumer privacy principles of notice and choice to drone activities. The debate is likely to continue as commercial and recreational drone use becomes more pervasive. For now, it is important that companies interested in manufacturing or using drones remain up-to-date with federal guidance, the patchwork enforcement of newly enacted state laws, and industry best practices.