Australian Government releases Drone Privacy Principles.
Published: 10 August 2023
In June 2023, the Australian Government Department of Infrastructure, Transport, Regional Development, Communications and the Arts (the Department) released a paper titled, ‘Don’t pry when you fly: Privacy considerations for drone use’ (the Paper).
What does the Paper do?
The Paper aims to provides some Guidelines that “consider relevant Australian privacy and surveillance legislation to provide commercial and recreational drone operators with a set of consolidated, easy to follow, baseline measures for operating drones in line with privacy expectations of the communities drones operate in and over.”
The Guidelines do not create any extra obligations. Rather, they aim to assist drone operators and the community to understand and manage privacy concerns of using drones.
The Paper then sets out 6 best practice Drone Privacy Principles (DPPs) for all drone operators (commercial and recreational operators) that aim to assist operators in working towards meeting privacy related obligations, set out as follows:
- Informing others or obtaining consent (where practical, proportional to the drone operation).
- Minimising the viewing, recording and/or collection of data.
- Using data only for the original purpose.
- Handling data securely.
- Knowing laws and rules.
- Being aware of the Privacy Act 1988 and the Australian Privacy Principles (APPs).
The DPPS are not enforceable, rather they provide some concepts to assist drone operators to comply with the web of existing privacy, surveillance, trespass, and nuisance laws.
This seems to be a good effort to simplify and consolidate the patchwork of privacy and surveillance laws into some principles, which if followed, will help keep a drone operator on the correct side of the law.
As a drone detail freak, I twitched when I read the line “No matter the application, whether for business or fun, you should operate your drone (also known as a remotely piloted aircraft (RPA) in a way that respects reasonable expectations of privacy, and protects personal information…” A drone operated for fun is not an RPA but is a model aircraft under the Regulations, which are subject to a different part of the Regulations.
The other technical issue identified was the line referring to not flying over or above “populated areas”, which ought to be a reference to a “populous area”.
You may think who bloody cares and what’s the difference anyway? Well the reason for the quibbles are that:
(1) the RPA and Model Aircraft distinction is an important one; and
(2) “populous area” is defined at Reg 101.025 of the Civil Aviation Safety Regulations 1998 (Cth) whereas the word “populated” is not anywhere in the Regs. So if someone wanted to research this area for themselves off the back of the Paper, there is nothing to find in the Regulations under “populated”. This minor error is clearly innocent but nonetheless inaccurate.
One distinction that the Paper does make but might be worth repeating is the difference between:
(a) the collection and treatment of “personal information” under the Privacy Act 1988 (Cth); and
(b) the capture and storage of audio and/or visual material under the various State and Territory surveillance devices Acts and Criminal Codes.
Importantly the Privacy Act 1988 (Cth) only applies to a limited set of people based on specific organisational criteria. It generally does not apply to a person acting in a private capacity, and therefore may not apply to recreational drone operators.
The Privacy Act does apply to Australian Government agencies and organisations with an annual turnover more than $3 million, as well some small business operators depending on what information they are collecting. As a result, commercial drone operators should familiarise themselves with their responsibilities under the Privacy Act to determine whether data collected through their drone operations may be subject to provisions under the Privacy Act and therefore whether they are subject to the Australian Privacy Principles. We can help with this.
In contrast, whether a drone operation falls within the various State surveillance device laws and Criminal Code provisions depends on how and where the data is captured.
That is, only some operators are captured by the Privacy Act, whereas all operators are subject to the surveillance devices and Criminal Code stuff.
Anything that informs, enlightens or simplifies the regulatory web within which drones operates is fantastic, and it’s great to see these initiatives from a range of Government departments.
You can access the full paper here.
The Drone Lawyer
The lawyers in your corner of the sky
10 August 2023
Disclaimer: this article provides general information, it is NOT legal advice, and is no substitute for reading the source materials. Any advice sought will be provided by Macmillan Lawyers and Advisors. Please be in touch if you have any questions.