Rescue mission

You are a national authority wanting to use drones on rescue missions during an emergency or after a natural or humanitarian disaster. For example, you deploy a drone equipped with thermal imaging, a mobile phone signal sensor and GPS capabilities to search for hikers lost in the woods.

Below you will see some of the main privacy and data protection issues that could arise in this situation and tips/ safeguards for how to avoid them. Keep in mind the detailed information provided in the Handbook.

Privacy and Data Protection

PRIVACY

Transparency, visibility and accountability: Drones can remain undetected by individuals on the ground, who may not be aware that a drone is in operation or that it is collecting their personal data. This is especially true in the forest where trees could obstruct the visibility of the drone. Even if people notice it, they are unlikely to be able to identify the operator or the specific mission that is being undertaken.

Bodily privacy: This can be threatened when drones are fitted with equipment that, aside from visual information, has also thermal (e.g. thermal sensors) or other capabilities, e.g. facial recognition, biological and chemical sensors.

Privacy of location and space: Persons have the right to move freely without being identified, tracked and monitored, even in public spaces. Use the drone to look for and pursue specific people only in emergency circumstances.

DATA PROTECTION

There is a risk of collecting significant amounts of personal information about people in the woodland, including location data, body characteristics and other personally identifiable information.

Lawfulness, fairness, transparency: Your collection and processing of personal data must be lawful, based on one of the options laid down by EU law. It must be fair, meaning that it must not cause any harm to the individuals. It must also be transparent – people have to know if their images have been captured, by whom and why.

Purpose limitation: People have the right to know exactly for what purpose their data is collected and, once you inform them of the reason (security, safety and rescue missions), you cannot use their data for a different incompatible purpose (e.g. examining visitors to the park for marketing purposes) without informing them again and ensuring your actions are lawful (see above).

Storage limitation: You should not keep the footage of people in a manner that would allow their identification for longer than necessary to achieve your legitimate purpose. However, consider if there are other legitimate reasons to keep the information, for example for insurance needs, archive necessities or other legal requirements.

Integrity and confidentiality: Where you have footage of identifiable people, you should make sure that that data is stored in a secure and protected manner. It should be protected from unauthorised access by both third parties, as well as your own employees.

Accountability: Remember that, if you collect personal data and can choose what to do with it, you will be accountable if you don’t follow any of these principles.

SAFEGUARDS

TIPS - Consider how best to inform persons that they may be subject to surveillance in the event of a rescue mission, e.g., have signs at the entrance to a park / walking path and add information on the website of the location, if there is one.

TIPS - Do not fly too close to persons so as to make them feel uncomfortable or cause them harm.

TIPS – You must act in accordance with the applicable rules of law. Take time to understand those. Since some of the information you may collect, for example the thermal body images of the people in the park, may be considered sensitive data, special rules may be applicable.

TIPS - Once the mission (i.e. the legitimate purpose) is finished, discard data that you collected, unless it is necessary for subsequent investigations or legal actions constituting a legitimate purpose. If any data needs to be stored, ensure that personal data are stored and processed securely and protected from disclosure and unlawful intrusion. Only store the minimum personal data necessary.

TIPS - Do not share data on identifiable persons with third parties without those persons’ consent or without another legal obligation requiring you to do so.

TIPS - Consider taking steps, such as blurring as soon as possible to minimise the amount of personal data collected from people inadvertently captured by the sensors of the drone. However, pay attention not to remove information that may be necessary at a later stage for investigations, insurance purposes or pursuant to other legal requirements.

TIPS - Individuals recorded should have a right to access the material concerning their own personal data and to request that the data controller delete that material. They should be informed of this right. However, pay attention to any other legal requirements you may be subject to.

TIPS – Be aware who the data controller and processor is, especially if you are carrying out this activity together with another company. Remember that data controllers and data processors are subject to various legal obligations in the EU.

Disclaimer

The purpose of this site is to provide a centralised information platform for entities, including private and professional users, interested in the various existing rules of European Union (EU) Member States related to activities with drones.

Information posted on this site does not alter, fulfil, or replace States’ reporting and notification requirements, or other similar obligations, as provided by the Chicago Convention on International Civil Aviation, its Annexes, or any other applicable instruments of law.

This site is purely informational in nature and its contents are made available without warranties of any kind, either express or implied.

The content of this website, including all materials uploaded in the online library, shall not be considered as the official position of the Executive Agency for Small and Medium Enterprises (EASME) or the EU Commission nor any person acting on behalf of EASME or of the EU Commission is responsible for the use which might be made of this content.

The Commission is in the process of updating some of the content on this website in light of the withdrawal of the United Kingdom from the European Union. If the site contains content that does not yet reflect the withdrawal of the United Kingdom, it is unintentional and will be addressed.

The information on this site is compiled and provided by the DroneRules Consortium, applying great diligence and care. However, the DroneRules Consortium does not warrant that the contents are accurate, valid, reliable, complete, comprehensive, correct or up-to-date, that this website will be available at any particular time or location, that any defects or errors will be corrected, or that the content is free of viruses or other harmful components. Any opinions posted on this site, explicit or implied, reflect the opinion of the indicated author’s alone or, in case no individual indication is provided, the opinion of the DroneRules Consortium.

DroneRules Consortium shall not be liable for any direct, indirect, punitive, incidental, special or consequential damages (including, but not limited to, damages for loss of business profits, business interruption, or loss of programs or information) that result from the use or inability to use such site, or from the use or non-use of the information provided herein, in particular for, but not limited to, errors or omissions in the contents of the website, consequences of its use or non-use, or inaccurate transmission or misdirection.

Rescue mission

Privacy and Data Protection

About DroneRules.eu

Disclaimer

Cookies