Rescue mission


You are a national authority wanting to use drones on rescue missions during an emergency or after a natural or humanitarian disaster. For example, you deploy a drone equipped with thermal imaging, a mobile phone signal sensor and GPS capabilities to search for hikers lost in the woods.

Below you will see some of the main privacy and data protection issues that could arise in this situation and tips/ safeguards for how to avoid them. Keep in mind the detailed information provided in the Handbook.


    Transparency, visibility and accountability:  Drones can remain undetected by individuals on the ground, who may not be aware that a drone is in operation or that it is collecting their personal data. This is especially true in the forest where trees could obstruct the visibility of the drone. Even if people notice it, they are unlikely to be able to identify the operator or the specific mission that is being undertaken.

    Bodily privacy:  This can be threatened when drones are fitted with equipment that, aside from visual information, has also thermal (e.g. thermal sensors) or other capabilities, e.g. facial recognition, biological and chemical sensors.

    Privacy of location and space: Persons have the right to move freely without being identified, tracked and monitored, even in public spaces. Use the drone to look for and pursue specific people only in emergency circumstances.


    There is a risk of collecting significant amounts of personal information about people in the woodland, including location data, body characteristics and other personally identifiable information.

    Lawfulness, fairness, transparency:  Your collection and processing of personal data must be lawful, based on one of the options laid down by EU law. It must be fair, meaning that it must not cause any harm to the individuals. It must also be transparent – people have to know if their images have been captured, by whom and why.

    Purpose limitation: People have the right to know exactly for what purpose their data is collected and, once you inform them of the reason (security, safety and rescue missions), you cannot use their data for a different incompatible purpose (e.g. examining visitors to the park for marketing purposes) without informing them again and ensuring your actions are lawful (see above).

    Storage limitation: You should not keep the footage of people in a manner that would allow their identification for longer than necessary to achieve your legitimate purpose. However, consider if there are other legitimate reasons to keep the information, for example for insurance needs, archive necessities or other legal requirements.

    Integrity and confidentiality:  Where you have footage of identifiable people, you should make sure that that data is stored in a secure and protected manner. It should be protected from unauthorised access by both third parties, as well as your own employees.

    Accountability: Remember that, if you collect personal data and can choose what to do with it, you will be accountable if you don’t follow any of these principles.


    TIPS  - Consider how best to inform persons that they may be subject to surveillance in the event of a rescue mission, e.g., have signs at the entrance to a park / walking path and add information on the website of the location, if there is one.

    TIPS - Do not fly too close to persons so as to make them feel uncomfortable or cause them harm.

    TIPSYou must act in accordance with the applicable rules of law. Take time to understand those. Since some of the information you may collect, for example the thermal body images of the people in the park, may be considered sensitive data, special rules may be applicable.  

    TIPS - Once the mission (i.e. the legitimate purpose) is finished, discard data that you collected, unless it is necessary for subsequent investigations or legal actions constituting a legitimate purpose. If any data needs to be stored, ensure that personal data are stored and processed securely and protected from disclosure and unlawful intrusion. Only store the minimum personal data necessary.

    TIPS - Do not share data on identifiable persons with third parties without those persons’ consent or without another legal obligation requiring you to do so.

    TIPS - Consider taking steps, such as blurring as soon as possible to minimise the amount of personal data collected from people inadvertently captured by the sensors of the drone. However, pay attention not to remove information that may be necessary at a later stage for investigations, insurance purposes or pursuant to other legal requirements.

    TIPS - Individuals recorded should have a right to access the material concerning their own personal data and to request that the data controller delete that material. They should be informed of this right. However, pay attention to any other legal requirements you may be subject to.

    TIPS Be aware who the data controller and processor is, especially if you are carrying out this activity together with another company. Remember that data controllers and data processors are subject to various legal obligations in the EU.