Drones—privacy and data protection
Produced in partnership with Joseph Dalby of 36 Civil
Drones—privacy and data protection

The following Information Law guidance note Produced in partnership with Joseph Dalby of 36 Civil provides comprehensive and up to date legal information covering:

  • Drones—privacy and data protection
  • Why do drones raise privacy issues?
  • The legal framework for drone privacy and data protection issues
  • Air Navigation Order 2016
  • General Data Protection Regulation
  • Surveillance
  • Ownership of data recorded by drones
  • Data sharing and publishing
  • Drone manufacturing
  • The Basic Regulation

Drone is the term of art commonly used to describe an uncrewed (or unmanned) aircraft that is flown under power (usually electric) and controlled remotely.

Other terms are sometimes used, often formally, to describe a drone, the most common being:

  1. remotely piloted aircraft system (RPAS)

  2. unmanned aerial vehicle (UAV)

  3. unmanned aircraft system (UAS)

UAV means the drone itself and is regarded as a sub-set of the UAS—the entire fully autonomous system incorporating the drone. The other elements of the system include command and control links, sensors and or data recording devices, and a computer or tablet device for data storage.

This Practice Note considers the following privacy and data protection issues arising in relation to the civilian use of drones:

  1. Why do drones raise privacy issues?

  2. The legal framework for drone privacy and data protection issues

  3. Air Navigation Order 2016

  4. General Data Protection Regulation

  5. Surveillance

  6. Ownership of data recorded by drones

  7. Data sharing and publishing

  8. Drone manufacturing

  9. The Basic Regulation

Note that the term 'drone' is also used to refer to military unmanned aerial vehicles. Military drones are not covered by this note.

A drone does not require a camera or any other type of recording device on board to be treated as such and the most basic types of drone will not necessarily cause any threat to data privacy or trigger any data protection issues.