Data protection watchdog the Information Commissioner’s Office (ICO) has warned businesses using drones to photograph or film outside that they may be flouting the law if they don’t first conduct a robust privacy assessment.
The ICO made the recommendations in a new document, In the picture: A data protection code of practice for surveillance cameras and personal information.
It claims that so-called Unmanned Aerial Systems (UAS) mounted with cameras need to have a “strong justification for their use."
A privacy assessment should cover things such as whether the recording can be switched on and off when appropriate and ideally the device should be procured along “privacy by design” methods, it added.
Users should also consider the entire system rather than just the UAS itself, so secure encrypted storage of any data and disposal of that data once it has been used.
The report continued:
“The use of UAS have a high potential for collateral intrusion by recording images of individuals unnecessarily and therefore can be highly privacy intrusive, ie the likelihood of recording individuals inadvertently is high, because of the height they can operate at and the unique vantage point they afford. Individuals may not always be directly identifiable from the footage captured by UAS, but can still be identified through the context they are captured in or by using the devices ability to zoom in on a specific person.”
Individuals also need to know they are being filmed, which will require the placing of signage in the area being filmed, or other “innovative” workarounds, said the ICO.
The report also covers other emerging or fast-changing technologies including body worn video (BWV) cameras – which are dubbed “more intrusive than the more ‘normal’ CCTV style surveillance systems."
Also covered are Autonomic Number Plate Recognition (ANPR) systems and surveillance cameras.
“The technology may change but the principles of the DPA remain the same,” wrote ICO head of strategic liaison, Jonathan Bamford.
“CCTV and other surveillance systems need to be proportionate, justifiable and secure to be compliant. Today’s code will help to make sure that this continues not just today, but for the years ahead.”