In Europe, privacy and the protection of personal data are recognised fundamental human rights. European and national legislation protects us from external intrusions into our private lives, considering them illegal. This includes interferences resulting from the use of drones.
As a professional drone operator or customer of drone services, you should be aware that legal data protection requirements may concern you whenever you collect personal data, even if that is unintentional. – something which could easily happen when using a drone. . You must carefully asses this possibility for your specific operations before carrying them out. Any drone operation that involves the collection of personal data must comply with specific legal obligations and restrictions.
In the European Union, the processing of personal data (collection, recording, storing, use, disclosure, dissemination, retrieval, etc.) is governed by specific laws: the General Data Protection Regulation (“GDPR”) and also specific national legislation on data protection (European Union Institutions and Bodies are governed by Regulation (EU) 2018/1725).
- What is personal data? The term “personal data” is a very broad concept that covers any type of information relating to an identified or identifiable person. As a result, any use of a drone that captures images which identify an individual (such as a facial image) will fall within the scope of data protection legislations. But the same also applies if the drone collects any type of data (such as location, house fronts, phone number, vehicle registration plate, IR image, etc) that can be linked to an individual and therefore, this one becomes identifiable/identified.
- What are the principles to consider when collecting personal data? Data protection rules establish several key principles you should comply with. These are: the principle of fair, lawful and transparent processing, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, accountability. Before processing any personal data, have a look at their definitions in Article 5 of GDPR.
Persons who consider that the processing of their personal data relating to him or her infringes GDPR, they can have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement. In addition, each person shall have the right to an effective judicial remedy where he or she considers that his or her rights under GDPR have been infringed as a result of the processing of his or her personal data in non-compliance with GDPR.