FAA Privacy

As a uniquely transformative technology, drones have the capacity to enrich our daily lives with innovative services, safer infrastructure, new forms of recreation, and countless  economic opportunities. These positive characteristics, however, cannot erase the risks drones pose to individual privacy. But the FAA opted not to include any privacy provisions in Part 107 for one important reason: it couldn’t.

Drone technology sparks concerns about personal privacy, data privacy, private property rights, and intellectual property rights—often stemming from cameras and other high-tech equipment installed on drones. But there appears to be little agreement about the extent to which drone integration poses risks for privacy intrusions, how privacy concerns should be addressed, and the FAA’s role in efforts to address these concerns.

In response to its Notice of Proposed Rulemaking entitled Operation and Certification of Small Unmanned Aircraft System, the FAA received voluminous commentary that revealed deep discord on privacy issues from the public, industry stakeholders, and other agencies with authority and expertise. See 80 FR 9544, Feb. 23, 2015.

Many commenters raised concerns about drone operations over private property without approval from businesses, institutions, or property owners. Some asserted that the FAA should include provisions in Part 107 to protect privacy; others suggested the FAA address privacy in a future rulemaking. Still others took the position that privacy regulations are beyond the scope of this rulemaking and FAA authority or asserted that existing law already adequately addresses privacy issues.

Many commenters emphasized that privacy concerns are best addressed at the state level. Some recommended a federally commissioned review of 1) the technological neutrality of FAA drone proposed rules led by the Department of Commerce and 2) of the adequacy of comparative technology-neutral privacy regulations led by the Department of Justice.

Among policymakers, industry, advocacy groups and members of the public, it is clear that a substantial debate is ongoing regarding the extent to which drone operations pose truly novel privacy issues, and whether those issues are addressed by existing legal frameworks.

 surveillance drones

FAA Authority Concerning Privacy Rights

The FAA’s authority to make rules is specifically tied to its safety mission: to provide the safest, most efficient aerospace system in the world. Concerns that drones pose risks to individual privacy are typically related to technology and equipment that may be installed on a drone or manned aircraft, but are unrelated to the safe flight of the aircraft. Indeed, pilots have placed cameras and other sensors on aircraft for a variety of purposes for decades (e.g., news helicopters, aerial surveys, film/television production, and law enforcement). Yet the FAA has never extended its reach to regulate the use of cameras and other sensors extraneous to the safe operation of aircraft to protect individual privacy.

Stated bluntly, the FAA simply lacks rulemaking authority to issue or enforce regulations specifically aimed at protecting privacy interests between third parties. [1] Part 107, in particular, is being conducted under the 1) FAA Modernization and Reform Act of 2012 (FMRA), 2) 49 U.S.C. § 40103(b)(1) and (2), and 3) 49 U.S.C. § 44701(a)(5). Each statute focuses on the safe operation of aircraft in the National Airspace System (NAS). So, in light of the FAA’s long-standing mission and authority as a safety agency, it would be overreaching for the FAA to enact regulations concerning privacy rights.

In § 332(a) of the FMRA, Congress required the FAA to develop a comprehensive plan to safely accelerate the integration of civil drones into the NAS. That mandate includes specific direction regarding the contents of the plan, which addressed the safe and efficient integration of drones into the airspace. But it did not require consideration of privacy implications.

What is more, under FMRA § 332(b), Congress directed the FAA to issue a final rule on small drones that allows for civil drone operations in the NAS. And FMRA § 333 directs the FAA to determine whether drone operations posing the least amount of public risk could safely be operated in the NAS.

If the FAA determines, pursuant to § 333, that certain drones may operate safely in the national airspace system, then the FAA must establish requirements for the safe operation of these systems in the NAS, prior to completion of the drone comprehensive plan and rulemaking required by § 332.

Furthermore, 49 U.S.C. 40103(b)(1) and (2) charge the FAA with issuing regulations 1) to ensure the safety of aircraft and the efficient use of airspace; and 2) to govern the flight of aircraft for purposes of navigating, protecting and identifying aircraft, and protecting individuals and property on the ground. Additionally, 49 U.S.C. 44701(a)(5) requires that the FAA prescribe regulations it finds necessary for safety in air commerce and national security.

In essence, none of the drone-related provisions of the FMRA directed the FAA to consider privacy issues when addressing the integration of small drones into the airspace, or mandated the inclusion of privacy considerations in the drone comprehensive plan. Reading such a mandate into the FMRA would be a significant expansion beyond the FAA’s long-standing statutory authority as a safety agency.

That is not to say the federal government is ignoring privacy concerns. On February 15, 2015, President Obama issued the Presidential Memorandum, “Promoting Economic Competitiveness While Safeguarding Privacy, Civil Rights, and Civil Liberties in Domestic Use of Unmanned Aircraft Systems.” That memorandum directed the National Telecommunications and Information Administration (“NTIA”) to establish a multi-stakeholder engagement process—including stakeholders from the private sector—to develop and communicate Best Practices for privacy, accountability, and transparency issues regarding commercial and private drone use. On May 18, 2016, the stakeholders came to a consensus and issued a document on Best Practices for privacy and other issues surrounding drone use.


 [1] When the FAA is collecting, maintaining, and using information about individuals, the FAA must comply with the Privacy Act of 1974, 5 U.S.C. 552a, and other applicable legal requirements related to privacy.