What are the Privacy and Regulatory Implications of Unmanned Aircraft Systems (UAS)?

01 March 2016

Gabriel Voisin

Unmanned Aerial Systems ("UAS") have become well known through their military use – perhaps it is because of this that the oft-applied term "drone" raises considerable emotion in some quarters. However, industry has now started to look at the civilian applications of UAS. While they come in a variety of shapes and sizes, the key element of a UAS is an unmanned aerial vehicle ("UAV") – or at least one without a pilot on board. Some of these are piloted remotely and are known as Remotely Piloted Air Systems ("RPAS"), whereas others fly autonomously following pre-programmed flight paths. They are generally cheaper to produce than conventional manned aircraft, can be kept airborne for extended periods of time, and do not risk the lives of the crew which pilot them. For the following article, we will collectively refer to the system as "UAS" and the platform as a "UAV".

The use of UAS is extending beyond the military into a number of other sectors, for instance:

  • Journalism – UAS can be used to capture footage (e.g. TV companies used UAS to film areas that were inaccessible to film crews after the passage of hurricane Katrina).
  • Scientific research – UAS can be fitted with a variety of  sensory equipment and can be used to conduct research in conditions inhospitable to humans or for length periods which humans could not endure (see illustration);
  • Agriculture – UAS can be used for crop survey or to administer phytosanitary treatments on plantations;
  • Advertising – UAS  can be used to tow banners across the sky; 
  • Surveillance by law enforcement agencies or private companies – Surveillance is already a major use of UAS in the military and the same technology could be applied to commercial use. They are being used by paparazzi;
  • Insurance and disaster relief – to bring urgent supplies when other means of communications are interrupted, or for damage assessment; and
  • Infrastructure inspection – in the oil and gas industry, utilities or for transport systems.

In the European Union, use of UAS raises legal questions. The following legal issues can be identified: 

  • Aviation regulations regarding the use of UAS; 
  • Data protection implications where the UAS is capturing personal data; and
  • CCTV regulations where domestic law would regard video capture by UAS as equivalent to CCTV.

Privacy and regulatory implications for Unmanned Aerial Systems and Unmanned Aerial Vehicles by country

The links below summarise the law in regard to each of these issues for the various European and Asian jurisdictions in with Bird & Bird are based.

As outlined below, each country concerned will have its own set of issues and legal restrictions to be considered before UAS can be used. Within Europe, the EASA A-NPA contemplates individual Member States having the flexibility to apply regulatory variations, at least for open and specific categories, to meet their local requirements. From a privacy perspective, one of the main difficulties is around the duty to inform individuals subject to UAS activities.

Theoretically, under EU and Member State laws, UAS controllers must provide individuals with information about data processing. However, this does not apply when individuals have already been informed, or when informing them proves impossible or would involve disproportionate efforts. UAS controllers could benefit from this exemption.

However, they will still have to engage in general information campaigns in an adequate way. As Google did with its Google Street View service, UAS controllers could arrange a dedicated and visible section of their websites to inform the public of their activities. The notice would have to contain the following information: details of the entity responsible for processing UAS data; purposes of processing; the type of data; the duration of processing; the rights of data subjects to access, rectify or erase their data and the right to object.

UAS are also viewed with growing concern in some quarters of society. As a result, industry and entrepreneurs have started looking at ways to circumvent UAS technologies. For example, recently a New York based entrepreneur introduced a line of ‘anti-drone’ clothing intended to thwart aerial surveillance, in particular thermal imaging. This work highlights the growing unease felt on the ground at the possibility of the sky swelling with new surveillance technologies, such as UAS.



Australia - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES - The Civil Aviation Safety Authority (CASA) is responsible for the regulation of UAS (referred to as UAVs) in Australia. 
This covers aircraft, UAS ground control systems, communications/datalink systems, maintenance systems and operating approval.

Regulation comprises, principally, the Civil Aviation Act 1988 (Cth) (CASA Act) and the Civil Aviation Safety Regulations 1998 (CASR 1998). The Airspace Act 2007(Cth) is also relevant. The relevant part of the CASR is Part 101 which deals with unmanned aircraft, model aircraft and rockets. Part 101 is currently under review and has been since 2011. The review is expected to result in some significant changes to the current regulations including the introduction of weight limits to make the regulations less onerous for small operators.

Part 101 currently provides for the approval/certification by CASA of UAV operations in certain circumstances: see

Data Protection Requirements

POSSIBLY - Australian privacy legislation does not currently contain anything specific relating to UAS but CASR 1998 Part 101 provides that:

  • A person may not operate a UAS within 30 metres of a person not directly associated with its operation – CASR 101.245 – penalty units 10 ($1700 maximum fine for a person) – if not operated within line of sight;
  • A person may not operate a UAS in line of sight within 30 metres of a person not directly associated with its operation – 50 penalty units ($8500 maximum fine).

As the limitation on flying a UAV within a specified distance of persons is based on safety related considerations, not privacy-related ones, CASA does not consider that it regulations could be made under the CASA Act to prohibit the operation of an aircraft or UAV for the purpose of protecting the privacy of persons.

CCTV Requirements

POSSIBLY – There is no specific legislation dealing with CCTVs in UAS.

Australian privacy legislation does not cover private individuals using CCTV in UAS.  However, government organisations and private sector organisations with a turn over exceeding AUD3 million per annum will be subject to the Privacy Act 1988 (Cth) and must inform anyone whose image (which is personal information) will be recorded by CCTV of that fact, how that personal information will be used, and the use must be connected to, and proportional to, a legitimate activity.

Back to top of page


EU - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

IN PART - The European Commission ("EC") announced its vision for creating a harmonised regulatory environment for all the 28 Member States in April 2014.  Current EU Member States' UAS legislation would therefore be replaced by harmonised and common EU rules. This ambition builds on the roadmap previously published by the European RPAS Steering Group. Both ICAO and the US authorities are undertaking similar exercises, but it is likely to be some years before there is a consistent international airworthiness and operational regime.

To achieve the EC objective, a recent conference in Riga (Latvia) on 5-6 March 2015 produced consensus among the European aviation community on five principles for introducing harmonised UAS rules in EU airspace in 2016/2017. Among those principles, the conference delegates declared (i) that UAS should be "treated as new types of aircraft with proportional rules based on risk" and (ii) that the European Aviation Safety Agency ("EASA") should produce a basic regulatory framework "without delay".

On 12 March 2015, EASA issued a proposal – the "Concept of Operations for Drones" aiming to present a skeleton of what the new UAS EU harmonised rules could be.  It proposed three categories of operations and their associated regulatory regime:

  • open, which would be overseen by police rather than by aviation authorities and is in any event subject to operation within visual line of sight. Toys of less than 500g designed to be operated by children of less than 14 years would be out of scope;
  • specific, which are overseen by a national aviation authority, which engage greater risk but allows a clearly defined operational activity to be carried out based on a safety risk assessment. It does not appear to envisage beyond line of sight operations or those requiring a detect and avoid system; and
  • certified, which entails a certification process akin to that currently employed for manned aviation: the document clearly contemplates that any systems incorporating detect and avoid technology would have to go through this level of approval, but gives no further detail of what criteria must be met.

On 31 July 2015 EASA published EASA-NPA 2015-10 as the formal consultation on the future regulatory framework. Largely, this adopts the structure outlined in the "Concept of Operations for Drones". It is more detailed than the latter and introduces three weight-based sub-categories for the "open" category. The heaviest "open" category UAVs will be 25kg and all are to be operated within visual line of sight. In principle, commercial and recreational use will be regulated in the same way. Responses to the consultation were due by 25 September.

The next step will be for EASA to present concrete regulatory proposals for the open category to the Commission in December 2015, with a view to amending the Basic Regulation during 2016.

Back to top of page


Belgium - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES – UAS used for recreational purposes are subject to the following provisions:

  • Use of UASDecree of 15 September 1994 on air traffic rules; CAA measure of 1 June 2005 ("Circulaire") CIR/GDF-01. 
  • Manufacturing of UAS: no specific rule (possible application of the Toys Safety Act of 9 February 1994 to the manufacturing of UAS sold for recreational purposes).

The use of UAS in Belgian airspace is subject to an authorization being obtained from the Belgian C.A.A. and from the Belgian Telecommunications Institute (IBPT).

Data Protection Requirements

POSSIBLY – The use of a UAS to capture or record images of individuals for the purpose of surveillance in a public open space (e.g. a park) or in a private space open to the public (e.g. a shop) is prohibited, except if used by police services (Camera Surveillance Act of 21 March 2007).

Belgian data protection law applies to the capture of images with no surveillance purpose: a valid ground for processing data would be needed (e.g. legitimate interest of the controller), information should be given to the data subjects, and the Belgian Data Protection Commission would have to be notified of the data processing activity.

Note that the Belgian Data Protection Commission has issued FAQs on this subject.

CCTV Requirements
NO- The use of UAS for CCTV purposes is prohibited except if used by police services.

Back to top of page


China - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES - Although there is no uniform national law regulating the use of unmanned aircraft systems (hereafter "UAS") in China, there are a number of regulations and rules applying to the use of UAS  issued by State Council, Civil Aviation Administration of China (hereafter "CAAC") and regional governments.

Rules relating to Air Traffic Control of Civilian Unmanned Aircraft Systems (hereafter "the Rules") and Interim Provisions relating to Administration of Civilian Unmanned Aircraft Systems issued by CAAC in June 2009 provide the general guidelines in relation to UAS. In particular, the UAS is considered as an aircraft under applicable law.

CAAC has launched the Provisions for the Operation of Light and Small Unmanned Aircraft (for Trial Implementation) (the UAS Operation Rules) and became effective on December 29, 2015. Light and small civil UAS are defined in the UAS Operation Rules as UAS with a maximum empty weight of 116 kg or less, with a maximum take-off weight of 150 kg or less, and a calibrated air speed of no greater than 100 kilometers per hour.

Data Protection Requirements

POSSIBILY - There are no specific data protection regulations which apply to UAS nor there are any comprehensive data protection legislation in the PRC. Information security technology - Guideline for personal information protection within information system for public and commercial services ("Guideline") sets out a comprehensive guidance on the relevant data protection obligations.  The Guideline does not carry any legal effect and is adhered to by organisations on a voluntary basis.

According to the Guideline,  any data user shall obtain the prior express consent of a data subject prior to any collection of personal sensitive information and any data user shall not transfer any personal information outside of the PRC without the express consent of the data subject, or unless otherwise permitted under the applicable laws and regulations.

CCTV Requirements

POSSIBILY - There is no codified national law which apply to UAS. However, there are various provisions protecting citizens' right to privacy in general principle under multiple national laws.

Art 42 of Law of the People's Republic of China on Penalties for Administration of Public Security makes it a punishable offence to secretly take photos in violation of other people's privacy. The right to privacy protected under Tort Liability Law of the People's Republic of China includes the right against unlawful shooting of citizens' private life.



Czech Republic - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES – UAS in the Czech Republic are regulated primarily by Act No 49/1997 Coll on Civil Aviation and particularly its implementing regulation (Aviation Rules – L2).

Aviation Rules – L2 contains "Supplement X", which specifically describes aviation rules for UAS.

These rules are binding on all UAS that fall within the definition specified in Supplement X (shortly: UAS represents any system constituting an unmanned aircraft and a control station or any other component necessary for the aircraft to fly).

Supplement X is not binding on UAS that can be classified as "model aircraft" (save for those provisions concerning delimitation of airspace which is binding on all UAS without exception). UAS would be classified as a model aircraft when it is :

  • unable to carry a person;
  • used only for competition, sport or recreational purposes;
  • not equipped with any facility enabling an automatic flight;
  • under the visual contact of the pilot for the entire duration of the flight;
  • of a total mass less than 20 kg.

Civil use of UAS is subject to prior authorization by the Czech Civil Aviation Authority (the "CAA"), again except for model aircraft. In this respect, the CAA issues three main types of authorizations:

  • flying permit for UAS (Article 52 of the Civil Aviation Act);
  • authorization to perform aerial work (Article 73 of the Civil Aviation Act) – aerial work includes e.g. aerial photography, terrain monitoring etc.; and
  • authorization to perform aerial activities for own use (Article 76 of the Civil Aviation Act).
Data Protection Requirements

POSSIBLY – There is no specific legal treatment regarding the protection of personal data gathered by UAS.

However, if certain data gathered by UAS qualify as personal data, provisions of the Act No. 101/2000 Coll on Protection of Personal Data (the "DP Act") would apply.

In this context, the Czech Data Protection Authority issued its Position No. 1/2013 which addresses the processing of personal data gathered by UAS within the remit of the DP Act.

According to Position No. 1/2013, the DP Act will be applicable if data of identified or identifiable individuals (that is the definition of "personal data") are collected through UAS:

  • DP Act would however not apply in those situations listed in Article 3 of the DP Act (e.g. processing of data by public authorities, processing by individual for private use, random collection of data rather than systematic processing – e.g. in the event of monitoring of animals, landscape and industrial or agricultural premises);
  • DP Act would also not apply in the event that pictures of identified or identifiable individuals by a camera-equipped UAS are broadcasted without actually taking a recording.

Processing of personal data by UAS would fall under the general rules set out in the DP Act. These generally require (a) having a valid ground (purpose) for the processing; (b) processing only for a particular purpose, within the necessary extent and only for a limited period; (c) fulfilling notification obligations towards the data subjects as well as the Data Protection Authority; and (d) having in place adequate technical and organizational measures to ensure security of the data.

In addition, the protection of privacy as a fundamental human right under the Civil Code and Czech constitutional laws can also come in place (e.g. in the event of processing of data by an individual for his private use, which would fall outside the scope of the DP Act).

CCTV Requirements

POSSIBLY – There is no specific legal regulation relating to the use of CCTV in the Czech Republic. Use of CCTV equipment, including in connection with UAS, is typically regulated within the context of the DP Act.

The Czech Data Protection Authority issued the following guidelines concerning the use of CCTV which is treated in a stricter manner than other usual types of processing of personal data. Also, there is a specific and more detailed form required by the Data Protection Authority for notifications of CCTV.

It should be noted that provisions of the DP Act would equally apply to both video and audio CCTV recordings.

Back to top of page


Denmark - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES – UAS are subject to the following regulation in Denmark:

Further information, including information on how to obtain dispensation from the rules, can be found at the Danish Transport Authority.

Data Protection Requirements
POSSIBLY - There are no specific data protection regulations which apply to UAS. However, personal data collected through UAS would have to comply with the Danish Act on Processing of Personal Data, where personal data means any information relating to an identified or identifiable natural person, including photographs/videos. Personal data may only be collected and processed for specified, explicit and legitimate purposes. Depending on the personal data collected, and the processing, a prior authorization from the Danish DPA may be required.
CCTV Requirements
POSSIBLY - The Danish TV Monitoring Act regulates private use of CCTV by which is meant continuous monitoring by remote-controlled or automatic video or photo, including where this is done with UAS. Generally use of CCTV is prohibited except in business areas, by vending machines, and when used by financial institutions. When CCTV is used in areas where there is public access clear information of the use of CCTV is required. The Danish Criminal Act generally prohibits CCTV of persons, who are not in publicly accessible areas, including offices and private homes, without consent.

Back to top of page


Finland - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements
YES
  • Use of UAS: Aviation Act (864/2014) – New provisions of the Act regarding UAS will become effective at a date which shall be decided later.
  • The Aviation Act regulates generally on the use of certain types of UAS. For instance, the use of a UAV within the scope of the Act requires authorisation granted by the Finnish Transport Safety Agency or another institution described in the Aviation Act. Further regulation will be issued by the Finnish Transport Safety Agency.
Data Protection Requirements
POSSIBLY - At the moment, there is no regulation or administrative guidance regarding data protection implications of UAS. Recording images of individuals could be regarded as automatic processing of personal data in accordance with the Finnish Personal Data Act (523/1999). Depending on the processing in question and whether Personal Data Act is applicable, processing of personal data would require a lawful ground such as a permission given by the Finnish Data Protection Board.
CCTV Requirements

POSSIBLY - At the moment, there is no regulation or administrative guidance regarding CCTV and UAS. 

  • There is no legislation on CCTV generally. As recording images of individuals could be regarded as automatic processing of personal data under the Finnish Personal Data Act, the Act may apply to data collected via CCTV.

UAS could be regarded as CCTV and regulation applicable to CCTV would be applicable to UAS as well. On the other hand, regulation which may limit the use of UAS (e.g. in densely populated areas) may also, in practice, limit the possibilities to use UAS for CCTV purposes.

Back to top of page


France - Privacy and Regulatory Implications for Unmanned Aircraft Systems
Aviation Requirements

YES – UAS are subject to the following regulations:

If a device recording any type of data from outside the visible spectrum (e.g. radar, thermograph, infrared) is used by a UAS, authorisation is required. This authorisation is valid for no more than 3 years.

If a device recording any type of data from within the visible spectrum (e.g. photographs and videos taken from an image/video recording device/camera) is used by a UAS, then a declaration shall be done two weeks before the operations take place, unless the UAS is deployed for recreational use on an occasional basis.

Data Protection Requirements 
POSSIBLY – If a UAS captures and records images of individuals, French data protection law would apply: a valid ground for processing data would be needed (e.g. legitimate interest of the controller), information should be given to the data subjects, and French Data Protection Agency would have to be notified of the data processing activity. The notification requirement would be satisfied by way of a filing which specifies the purpose of the activity, the categories of personal data processed, the data subjects, the recipients to whom the personal data may be disclosed and the retention period of personal data. The notification is valid for an unlimited period of time. Note that the CNIL has issued a public statement on this issue which can be found here (in French). 
CCTV Requirements
POSSIBLY - If CCTV is used by a UAS to monitor places open to the public (e.g.: amusement park), an authorization from the police headquarters (“Prefecture de Police”) would also be needed. The authorization is valid for 5 years and will have to be renewed before expiration. The above applies even if the images are not recorded. Note that we are not aware of any police authorisation having been issued in this respect. Like for the UK, the public notice requirement is likely to be difficult to satisfy. 

Back to top of page


Germany - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES – UAS are subject to the following regulations:

According to s. 15 a para.3 GAR the use of UAS which are not operated for sports or recreational purposes, is generally prohibited if the UAS is used: (i) out of sight of the controller; or (ii) the total mass of the device is more than 25 kilograms.

However, it is – as an exception to this rule – possible to obtain an authorization to use UAS from the competent local Aerial Authority. Such a license will only be granted if the intended use does not constitute a risk to public order and security (and in particular does not infringe on personal rights of individuals and, accordingly, German data protection law). 

Data Protection Requirements

POSSIBLY - There are no specific data protection regulations which apply to UAS, nor any specific guidance on the subject.

However, it is conceivable that certain data gathered by UAS could be considered personal data (in particular if images of individuals are captured/recorded), in which case the data would have to be processed in accordance with the German Data Protection Act (“Bundesdatenschutzgesetz” – “GDPA”).

In this context it should also be noted that an authorization  (cf. Aviation requirements above) will only be granted if the user declares that the use of UAS does not infringe data protection law.

CCTV Requirements 

YES – According to s. 6 b GDPA, CCTV, if used by a UAS to monitor places open to the public, is only lawful as far as: (1) necessary for: (i) public bodies to perform their duties; (ii) to exercise the right to determine who shall be allowed or denied access; or (iii) to pursue legitimate interests for specifically defined purposes; and (2) there are no indications of overriding legitimate interests on the part of the subject of the data.

The specific information obligations required by German data protection law (i.e. providing the public notice of the CCTV system) might be difficult to implement when UAS are being used.

The monitoring of dwellings and other spaces especially protected from view (e.g. a hedge-protected garden) is prohibited under section 201 a of the German Criminal Code (“Strafgesetzbuch”). Such monitoring requires the individual's consent.

Back to top of page


Hong Kong - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES – UAS are subject to the Air Transport (Licensing of Air Services) Regulations (Chapter 448A).

The use of UAS (i.e. unmanned aircraft systems, or "UAS") weighing over 7 kg requires prior application (28 working days in advance) to and endorsement by the Civil Aviation Department of Hong Kong (the "CAD"). The CAD has provided general operational parameters for safe operations of non-recreational UAS, regarding area, altitude and time of operations, control of the UAS, weather criteria, pilot qualification, operations manual, etc.

Flying UAS weighing 7 kg or below (without its fuel) for recreational purpose can be classified as model aircraft flying and no application to the CAD is required. But the CAD has also provided guidance on the safe use of radio-controlled model aircraft flying, which includes restricted area of flying the model aircrafts, altitude and time of operations, choice of flying sites, etc.

If the use of UAS is for "hire or reward", the user must obtain a permit granted by the Director-General of Civil Aviation and comply with any condition imposed, in accordance with Part 3 of the Air Transport (Licensing of Air Services) Regulations (Cap.448A). 

Data Protection Requirements

POSSIBLY – There are no specific data protection regulations which apply to UAS. Collection of personal data through UAS should comply with the six Data Protection Principles in the Personal Data (Privacy) Ordinance (the “PDPO”).

The Hong Kong Office of the Privacy Commissioner for Personal Data recently released a Guidance on CCTV Surveillance and Use of Drones  (the "Guidance") in March 2015.

The Guidance provides suggestions on responsible use of UAS, including flight path, recording and data retention, security and notice of purpose and operation details. 

CCTV Requirements

POSSIBLY – There is no specific legal regime relating to CCTV in Hong Kong.

If CCTVs that have recording functions are used in UAS, such use has to comply with the PDPO. Data user has to justify the use of CCTV by considering whether such use is necessary and whether there are less privacy intrusive alternatives.

The Guidance provides guidelines on the application of the PDPO for CCTV, including the positioning of CCTV cameras, proper handling of recorded images, transfer of CCTV records to third parties and transparency of privacy policy and practice.

Back to top of page


Hungary - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES - Civil use of UAS is subject to prior authorization of the Aviation Authority according to the general rules of Act 97 of 1995 on Aviation. An authorization must be obtained prior to 30 days of putting it into operation. For non-civil purposes, i.e. national defence, police enforcement, custom law enforcement, border security activities and disaster management, the Aviation Office is in charge as set out in Article 5/A(2) of No. 263/2006 Government Decree on the National Transport Authority. Other relevant legal instrument is No. 4/1998 Government Decree on the Use of the Hungarian Airspace.

Under the Aviation Act, UAS qualify as aviation vehicles (Article 71, point 5.). Article 22 of the Aviation Act also sets out that aviation activity can only be carried out after obtaining authorization except for certain cases provided for the law (e.g. application for sport and solely individual purposes). Two forms of authorization shall be granted: authorization to the ad hoc use of the airspace enabling the operator to use the airspace and authorization of activity setting out the limits of the use. As for the 'solely individual exemption', the Authority interprets this in quite vague manner as this is not expressly defined by the law. Use of a UAV for solely recreational activity, for example in one's own garden, may be subject to the exemption. However, it is unlikely that the Authority would authorize uses exceeding the territory of one's private premises, above residential areas, use UAS for photography or a race or event involving several UAS. All activities which do not fall within the narrow interpretation of 'solely individual use' are therefore to be considered commercial activities triggering authorization requirement. Summarising, the Hungarian Aviation Authority's approach on use of UAS therefore is quite strict. The Ministry of National Development has launched a legislative process to adopt a new legal instrument on UAS, among others to clarify the uncertainties on the issue of individual use.

Data Protection Requirements
POSSIBLY - The Hungarian Data Protection Act (Act 112 of 2011 on the informational self-determination and the freedom of information) may apply on the use of UAS nevertheless is controversial whether the use of UAS solely for private purposes is subject to this legislation. The Hungarian National Data Protection Authority (the 'NAIH') considers important to adopt legislation concerned the authorization regime and data protection issues as to the state, commercial and individual use of UAS. These Recommendations were issued with the aim to assist the legislation process in the area of UAS as the Ministry of National Development has been working on draft legislation on UAS as mentioned above (the adoption thereof has not been made public yet). The NAIH views civil use of RPAS in three categories: (i) governmental, (ii) commercial and (iii) private (i.e. leisure/recreational). 
CCTV Requirements
POSSIBLY - CCTV rules may also apply on footage and pictures recorded by UAS but it is also controversial whether private use is subject to Hungarian data protection legislation.

Back to top of page


Italy - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements
YES - Civil applications are being intensively developed, but UAS are still mainly used for experimental and recreational purposes. The Italian Civil Aviation Agency (Ente Nazionale per l'Aviazione Civile) adopted a Regulation on December 16th, 2013 designed for Remotely Piloted Aerial Vehicles (RPAV) with maximum take-off mass of less than 150 kg and those aimed or modified for research, experimental or scientific purposes. Administrative and safety requirements are more demanding for the class of RPAV with a take-off mass of 25 kg or greater, essentially making them subject to the same kind of airworthiness and operation requirements provided for manned aircraft. 
Data Protection Requirements

YES - As long as UAS collect and process information (e.g. images, video, sounds) relating to natural persons that are or can be identified, even indirectly (i.e. car plate), the usage of such technologies shall comply with all requirements generally ruled by the Italian Data Protection Legislation, provided that the data controller is an entity established in Italy.

There is no specific legislation in Italy on data protection issues that may arise from use of UAS, except for a very generic wording contained under section 22 of the Regulation on RPAV on ENAC dated December 16th, 2013. This section expressly refers to the provisions and principles stated by the Italian Data Protection Legislation (Decree no. 196 of 30 June 2003) and requires (i) that use of UAS capable to collect personal data must comply with the principles underlying the Italian data protection legislation, i.e. obligation to use of modalities that allow identification of an individual only in case of necessity, and (ii) that the filing of the authorization to their use should contain evidence if this feature.

Apart from that the Italian Data Protection Authority ("Garante") has not yet ruled on this issue albeit the Garante was the Rapporteur within the Article 29 Working Group on Data Protection of the result of a questionnaire circulated internally in the Group last year  (available on the Garante's website as doc. Web no. 2982766).

CCTV Requirements
YES - with reference to data protection profiles, also if performed through a UAS, a CCTV system must comply with all requirements provided by the Italian Data Protection Authority with its general provision on “video surveillance”, issued on 8 April 2010. 

Back to top of page


The Netherlands - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES – As of 1 July 2015, UAVs up to a weight of 150 kg are subject to general civil aviation regulation regarding inter alia pilot licensing, airworthiness certification and flight operations.

UAS-specific requirements are included in the Remotely Piloted Aircraft Regulation (Regeling op afstand bestuurde luchtvaartuigen). 

Foreign UAS operators can apply for individual exemptions based on article 8 Convention for International Civil Aviation.

UAV used for recreational purposes, that qualify as model aircraft and that weight less than 25 kg are exempt from most general civil aviation requirements and are regulated under the Model Aviation Regulation (Regeling Modelvliegen). 

Currently, only VLOS operations to an altitude of 120m are allowed, with limitations regarding distance from pilot, crowds, build up areas and controlled airspace.

Plans were announced recently to introduce new regulations exempting UAV weighing less than 4 kg (for both recreational and commercial use) from general civil aviation requirements. No licence would be required for VLOS operation of such 'mini drones' to a distance of 100m and an altitude of 50m. 

These regulations are currently planned to come into force on 1 October 2015, but have not yet been published so that the definitive content thereof is currently unknown.

In anticipation of the new regulation, individual exemptions are awarded to qualified UAS operators. Some individual exemptions under the pre 1 July 2015 UAS regime – that included a full ban on commercial UAS use – may not have expired yet. 

Data Protection Requirements
YES – Although no specific data protection regulations concerning UAS exist, the Dutch Data Protection Act (Wet bescherming persoonsgegevens) applies to the extent UAS are used to process personal data (e.g. images or sounds).
CCTV Requirements

POSSIBLY – CCTV for public order purposes is regulated in the Municipalities Act (Gemeentewet), but regulation is currently limited to 'fixed' cameras. An amendment to the act has been submitted to parliament to extend this to non-fixed cameras. This amendment may provide a basis for local government use of UAS for camera observation.

To the extent captured images qualify as personal data, the Dutch Data Protection Act applies. The Dutch Data Protection Authority has announced it will publish new guidance in 2015 on CCTV use, motivated inter alia by the availability of UAS camera observation.

General law enforcement and criminal investigation legislation may provide a basis for use of UAS camera observation for law enforcement purposes.

The Dutch Copyright Act (Auteurswet) may provide individuals with rights under the portrait right regime in regards pictures taken of them using UAS cameras.
Using recording devices to secretly record images from a person in a residence or another non-public location is a criminal offense pursuant to the Dutch Criminal Code (Wetboek van Strafrecht).

Back to top of page


Poland - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements
YES – UAVs are subject to the following regulation: the Aviation Law of 3 July 2002 and subsequent secondary legislation.
The Aviation Law imposes a number of obligations. The detailed scope depends on the way in which the UAV is used. For example:
  • Professional UAV operators have to obtain a certificate of competency, be examined by an aero-medical specialist and conclude a third-party insurance agreement;
  • Flights performed beyond visual line of sight (e.g. using on-board cameras) are subject to authorization from the President of the Polish Air Navigation Services Agency;
  • UAVs weighing more than 150 kg have to be registered in the Civil Aircraft Register and marked with registration numbers.

The Polish Civil Aviation Authority published a report covering the regulation of UAVs. 

Public consultation regarding changes to UAV aviation requirements are running.

Data Protection Requirements

POSSIBLY – If certain data gathered by UAVs amounts to personal data (i.e. recorded images of identifiable or identified individuals), the Polish Personal Data Protection Act applies. 

In this situation, a valid reason for processing data will be required (e.g.: legitimate interest of the controller, or even prior consent, although this is problematic in practice). The data subject needs to be notified of the data processing (again this is problematic). Polish law does not provide an exemption from the obligation to inform individuals on the grounds that it proves impossible or would involve disproportionate effort. If the personal data are stored in an electronic data filing system (such as a database), notification of such a system may be needed to GIODO (Polish Data Protection Authority). Data processing in relation to UAVs should be proportionate and adequate. 

As a general rule, the private use of UAVs is not restricted by the personal data protection regulations.

CCTV Requirements
POSSIBLY – There is no specific legal regulation relating to CCTV in Poland. However, the Personal Data Protection Act, and general rules on protection of privacy, apply to CCTV systems. Monitoring of private premises should be avoided. A valid basis for processing data will be required (e.g. legitimate interest, or prior consent) and individuals should be informed about the processing (again problematic). CCTV data processing should be always proportionate and adequate. GIODO may need to be notified with the data filing systems covering CCTV data.



Singapore - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES - The Unmanned Aircraft (Public Safety and Security) Act 2015 came into force on 1 June 2015 empowering the Civil Aviation Authority of Singapore to regulate all classes of unmanned aircraft, which are defined as those without an operating crew on board – clearly contemplating a future with passengers or other personnel on board but who do not "pilot" the aircraft. The jurisdiction extends to both autonomous and remotely piloted vehicles and unlike most other legislation on the subject expressly encompasses flight indoors.

On 2 June 2015 Part XA of the Air Navigation Order was introduced to govern unmanned aircraft operations and activities, and requires UAVs over 7kg only to be operated in accordance with a UA operator permit, except for some limited operations indoors. Some leisure or research activity conducted by UAVs below that threshold, at low level and away from danger areas or aerodromes, is wholly outside the permit regime. In addition to the operator permit an activity permit is required: the operator permit establishes the competence to use the UAV and the activity permit controls the specific operations being undertaken. Additionally, smaller UAVs require these permits when used for business purposes. Applications for these permits can be made online.

Data Protection Requirements

YES – The Singapore Personal Data Protection Act 2012 ("PDPA") applies to the extent that personal data is collected, used or disclosed (collectively, "processed") by UAS. The treatment for processing the personal data through UAS is the same as the treatment for processing all other types of personal data under the PDPA, which is that the organization responsible for such processing will be required (unless exempted under the PDPA) to comply with the 9 data protection obligations under the PDPA - Consent, Notice, Purpose Limitation, Accuracy, Access & Correction, Protection, Retention, Transfer Limitation and Openness (collectively, the "DP Obligations").

The PDPA does not impose any special or unique requirements to be complied with for processing personal data through UAS specifically. There are no exemptions from the DP Obligations for processing personal data through UAS specifically. However the PDPA exempts organizations from needing to obtain consent from individuals to process their personal data if their personal data is publicly available. "Publicly available" means personal data that is generally available to the public with few or no restrictions, such as a park that is open to the public.

CCTV Requirements

YES – As with UAS, the treatment for processing personal data via CCTV is the same as the treatment for processing all other types of personal data under the PDPA, which is that the organization responsible for such processing will be required (unless exempted under the PDPA) to comply with the DP Obligations. The PDPA does not impose any special or unique requirements to be complied with for processing personal data through CCTV specifically.

There are no exemptions from the DP Obligations for processing personal data through CCTV specifically

Under the Air Navigation Act (the "ANA"), the Minister the power to designate any area within Singapore as a "protected area", in which case an additional permit is required for any kind of photography or video recording. 

Under the ANA, taking photos over protected areas is an offence, regardless of whether the operator and photographer knew or had reason to believe that the area was protected, or that the UAV had photographic equipment on-board.

For completeness, in addition to having a permit, it is also a defence if the photograph was taken unintentionally because of weather conditions or other unavoidable causes.

CCTVs may also be regulated as strategic goods under the Schedule of the Strategic Goods (Control) Order 2013 if they are designed for surveillance.
We are not aware of any other regulatory frameworks that may act to regulate CCTVs in the context of UAS.

Back to top of page


Slovakia
Aviation Requirements

YES – UAS are subject to regulation under the Civil Aviation Act, No. 143/1998 as amended (section 7 (2)). 

The Slovak Transport Authority (Dopravný úrad) has issued new secondary legislation – regulation No.1/2015 dated 19 August 2015, which sets out the conditions for flight operation of UAVs in the airspace of the Slovak republic. 

The main aspects of regulation of UAVs in Slovakia are:

  • Operation of a UAV weighing over 20 kg is permitted if the UAV is registered in the register of UAVs at the Transport Authority or if registered in the similar register of a foreign state, and the operator possesses a competency certificate and resolution on conditions of safe operation  of UAV issued by the Transport Authority;
  • Conditions for flight operation of UAVs weighing over 150 kg are stipulated in Regulation (ES) No. 216/2008 and Directive of the European Parliament and Council (ES) č. 785/2004; 
  • Toy aircraft is a UAV weighing 0,5 kg or less and is a toy;
  • Separate conditions are set for flight operation of UAV in controlled air space;
  • Strict separation of UAVs from regular aircraft;
  • Strict regulation on the safety of other aircraft, persons and assets on the ground and safety of the environment; 
  • UAV flight should be carried out at least 1500m from a residential area;
  • UAVs cannot be used for human transport or transport of dangerous loads;
  • It is forbidden to operate UAV beyond visual sight of the flight operator, or at a distance [SP1] of more than 1000m, or within 50m of other objects, or at night;

Use of UAVs for the purpose of taking photographs, filming or other recording from the unmanned aircraft vehicle is subject to approval of the Transport Authority as well as the Ministry of Defence of the Slovak republic (Subject to the Act on protection of classified matters No 215/2004 as amended, section 64). 

Data Protection Requirements

POSSIBLY - Act on Protection of Personal Data, No. 122/2013 Coll. - Data protection act (DPA).

Capturing personal data (e.g. taking pictures of individuals) would require a valid ground for processing, for example a legitimate interest of the controller and also the consent of the affected individual.

The Data Protection Authority in Slovakia - Office for Personal Data Protection of the Slovak Republic would have to be notified of the data processing activity. 

This activity would need to comply with the right to protection of personal rights and privacy: disclosing personal data of the data subject cannot violate the data subject’s right to protection of personal rights and privacy; making personal data public cannot be contrary to the legitimate interests of the data subject (Section 12 of the DPA and Sections 11-16 of the Civil code and Protection of personality under Civil code No. 40/1964 Coll. as amended by later acts).

CCTV Requirements

POSSIBLY - There is no specific legal regime relating to CCTV in Slovakia. The Act on Protection of Personal Data may apply to CCTV Systems.

The use of UAS for the purpose of taking photographs, filming or other recordings from a UAV is subject to approval of the Transport Authority as well as the Ministry of Defence of the Slovak republic (Subject to Act on protection of classified matters No 215/2004 as amended, section 64).

Back to top of page


Spain - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES - On 4 July 2014 the Spanish government approved a regulatory framework for commercial operations of UAS which was complemented by a Law passed on 17 October 2014. For now operations that can be carried out are limited exclusively to non-controlled air space and to non-populated areas. 

The regime establishes different requirements depending on the weight of the aircraft upon take-off classifying the aircraft in different categories:

  • over 25kg but below 150kg for all purposes (and over 150kg exclusively for fire extinguishing and surveillance activities) shall be operated in accordance with the requirements and limits set in the relevant airworthiness certificate obtained from the Spanish Security Air Agency (AESA);
  • over 2kg and up to 25kg must be kept within line of sight at all times by the pilot which is considered to be 500 meters horizontally and 400 feet vertically; and
  • only UAS below 2kg of weight may be flown beyond the line of sight of the pilot, however only up to 400 feet and provided that technical means are put in place to guarantee location at all times. Notice to Airmen (NOTAM) needs to be obtained informing other air operators of the area and conditions where the UAS is going to fly.

UAS weighing less than 25kg do not need to be registered in the Aircraft Matriculation Register ("Registro de Matrícula de Aeronaves") under the control of the Spanish Civil Aviation General Directorate nor have an airworthiness certificate issued by the AESA.

From a procedural perspective, while UAS weighing 25kg or less are subject to a mere prior notice to the Spanish Security Air Agency within five days at least in advance to the scheduled flight (notice which must include all relevant information regarding the flight and in relation to which the AESA shall issue a written acknowledge of receipt specifying the authorized activity), for those over 25 kg an specific prior authorization from the AESA must be obtained.

Data Protection Requirements

POSSIBLY – Use of UAS are not foreseen in the Spanish Data Protection Act. 

However, personal data collected through UAS would have to comply with Spanish data protections law: a valid ground for processing data would be needed (e.g. legitimate interest of the controller), information should be given to the data subjects and the Spanish Data Protection Agency would have to be notified of the data processing activity.

Please note that data protection regulations are not applicable to images obtained by the media.

CCTV Requirements

POSSIBLY – CCTV requirements are regulated by Data Protection regulations. Certain obligations regarding information requirements would be difficult to comply with. 

Images obtained by private entities must comply with the data quality principle and avoid all unnecessary images of public spaces. Images of public spaces obtained by the police need an administrative authorization.

Regarding sports events, there are specific regulations that foresee the use of mobile cameras (non-fixed) for security reasons. UAS are not mentioned specifically in these regulations, but they may serve as a legal ground to use them.

Back to top of page


Sweden - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES - The Swedish Transport Agency's (Sw. Transportstyrelsen) ("STA") regulation TSFS 2009:88 (as amended) sets out detailed rules on inter alia the design, maintenance and use of civil UAS in Sweden. An English language version of the said regulation is available at STA's website.

In addition hereto, UAS are subject to a number of other regulations, including:

  • the Swedish Transport Agency's regulation TSFS 2014:71; 
  • the Swedish Aviation Act (Sw. luftfartslagen (2010:500)); and
  • the Swedish Aviation Ordinance (Sw. luftfartsförordningen (2010:770)).

In summary, UAS are divided into the following four categories:

  • Category 1A: UAS with a maximum take-off weight of not more than 1.5 kg and which develop a kinetic energy of not more than 150 J;
  • Category 1B: UAS with a maximum take-off weight of more than 1.5 kg but not exceeding 7 kg and which develop a kinetic energy of not more than 1,000 J;
  • Category 2: UASs with a maximum take-off weight of more than 7 kg;

for a UAS to fall under any of the three above categories it is also required that it is operated in such way that the pilot at all times maintains visual contact (if not, the UAS would, irrespective of its MTOW or kinetic energy, fall under Category 3 below),

  • Category 3: UAS that are certified to be operated without the pilot having visual contact with the UAS.

In this context "visual contact" refers to the maximum distance between the pilot and the UAS at which the UAS' position and course at all times can be visually observed (without any form of aid such as cameras etc.) by the pilot and at which the UAS can be safely manoeuvred to avoid collisions with other aircraft, persons or property. STA's current recommendation is that the maximum horizontal distance should not exceed 500 meters while the vertical distance should not exceed 120 meters.

An approval from the STA is normally required for any design, manufacturing, modification, maintenance or operational activity undertaken in respect of an UAS (irrespective of its category classification) that is used or designed:

  • for testing and research;
  • for commercial purposes (including all activities for which consideration is payable);
  • for professional or similar activities which are not considered pleasure or recreation flights; and
  • to be operated without the pilot having visual contact with the UAS (i.e. beyond visual line of sight), meaning that a category 3 UAS always is subject to approval by STA (unless the UAS falls under the applicability of Regulation (EC) No 216/2008, in which case EASA would be the competent authority).

However, the regulatory regimes and requirements do differ between the abovementioned categories.

For example, category 3 UAS must be equipped with a system that can detect other aircraft. The system shall enable the UAS to maintain sufficient separation and take appropriate avoidance actions in accordance with the Swedish Transport Agency's general air traffic rules. There is no similar requirement for category 1-2 UASs.

It is also noted that in case an UAS is equipped with an anti-collision system having the same principal function as other types of anti-collision systems (e.g. ACAS –Airborne Collision Avoidance System), the systems must be compatible with each other so that the resolution advisories provided are coordinated.

Data Protection Requirements

POSSIBLY - There is no specific data protection legislation in respect of UASs in Sweden.

If an UAS collects and/or processes information such as images, videos and data that include information directly or indirectly relating to a (living) physical person, such information would as a general rule be considered "personal data".

Processing of personal data is normally governed by the Swedish Data Processing Act (Sw. Personuppgiftlagen (1998:204)) (the "Data Processing Act"). However, it is currently not clear to what extent the Data Processing Act applies to personal data collected and/or processed by UASs (at least to the extent the collection and/or processing is done through a camera mounted to the relevant UAS).

The reason herefore is that the Swedish camera monitoring act (Sw. Kameraövervakningslagen (2013:460)) (the "Surveillance Act") explicitly exempts the applicability of the Data Processing Act in instances where the Surveillance Act applies; however, whether the Surveillance Act applies to UAS is a matter currently being looked into by the Swedish courts. As per the date hereof, the court has yet to render a judgment. Accordingly, the Swedish legal situation regarding collection and/or processing conducted by cameras mounted on UAS is currently not clear.

For the avoidance of doubt, collection and/or processing of personal data by other means than through a camera would, however, fall under the applicability of the Data Processing Act.

The section below contains some additional background information on the current court cases.

CCTV Requirements

POSSIBLY - The Surveillance Act regulates the use of CCTV in both the private and public spaces.

Generally, the use of CCTV in areas that are accessible to the public requires a license from the County Administrative Board (Sw. Länsstyrelsen) of the county in which the anticipated monitoring would take place. There are, however, exemptions and in some cases a notification would suffice.

In non-public areas, CCTV may be used without a license or notification under certain circumstances.

As mentioned in the column to the left, it is not clear whether the Surveillance Act is applicable to camera surveillance carried out by UAS. The issue at hand is whether such cameras are "permanently mounted" and/or "not possible to be on-site operated"; both being prerequisites under the Surveillance Act.

To date, there have been three different court cases where this matter has been considered; all of them by different County Administrative Courts (Sw. länsrätt) which is the court of first instance in Sweden. In all three cases the court concluded that the Surveillance Act is not applicable since the cameras were not permanently affixed (in one of the cases the court also concluded that the camera could be on site operated.)

The Swedish Data Protection Authority (Sw. Datainspektionen) has, however, appealed two of the judgments and as of the date hereof, the court of appeals is yet to render a judgment.

In this context it can be noted that the Swedish Data Protection Authority is of the firm opinion that the Surveillance Act should apply to camera surveillance conducted with cameras mounted on UAS.

Back to top of page


Switzerland - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES – Civil UAS are subject to the following regulations :

  • •Aviation Act
  • •Ordinance of the Federal Department of the Environment, Transport, Energy and Communication on Special Categories Aircrafts

No authorization is needed for UAS weighing 30kg or less, although restrictions apply nonetheless (e.g. no flight above civil or military airports, no flight at less than 100 metres of outdoor gatherings of people, mandatory liability insurance covering at least CHF 1 million and permanent visual contact with the UAS). A special derogation may however be granted by the Federal Office of Civil Aviation. Flying UAS weighing more than 30kg is subject to an authorization, regardless of the UAS’s use.

Data Protection Requirements
POSSIBLY – When UAS capture e.g. images of non-anonymous persons, the Data Protection Act (DPA) applies. As a result, the consent of said persons will generally be necessary, and the processing of data will need to meet the general principles of proportionality, purpose and safety of the processed data. An authorization from the Federal Data Protection and Information Commissioner (FDPIC) is not needed, but where a file containing sensitive data is operated, a notification of the processing is needed to the FDPIC.
CCTV Requirements

YES – The DPA applies to the use of CCTV in both the private and public space; as a general rule, surveillance of the public space by private persons is possible only under very restrictive conditions. In addition, the use of the public space is generally within the competence of the cantons, potentially triggering the application of local regulations and the need for special authorizations which are sometimes granted by municipalities.

Furthermore, using recording devices to gather secret or private information belonging to third parties without their consent is a criminal offense pursuant to Art. 179 et seq. of the Criminal Code.

Back to top of page


United Arab Emirates - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES – The General Civil Aviation Authority (the GCAA) has passed Civil Aviation Regulation part VIII, subpart 10 in April 2015 (“Regulation”) as a new “regulatory strategy for the utilization of unmanned aerial systems within the airspace of the UAE”.

UAS operating in the UAE are classified into 3 categories based on: (i) the mass of the UAV, (ii) its capability (or performance) and (iii) the operator of the UAS (privately, commercially or state-operated).

  • Registration: All UAS greater than 0.5 kg (and all UAS for commercial use) must be registered with the GCAA’s licensing department. UAS for commercial use will require additional “GCAA E-Service UAS Operating Approval”. Although it is not clear from the Regulation, there may be additional registration requirements at the Emirate level.
  • Restrictions: (i) UAS may only be flown in areas pre-approved by the GCAA, and at all times away from conventionally controlled airspace (such as airports); (ii) the UAS may only be flown during day time; (iii) UAS may not be flown higher than 400 feet above ground level; (iv) UAS may not be flown within close proximity to “any person, vessel, vehicle or structure”; and (v) there are various frequency band restrictions.

Operator requirements: (i) it is the operator’s responsibility to make sure that all of the UASs components are in working order prior to use; and (ii) the operator must maintain a visual line of sight with the UAS at all times.

Data Protection Requirements
POSSIBLY – There are no specific data protection regulations which apply to the UAS. However, data collected with UAS would have to comply with the Penal Code, Cyber Crimes Law and Copyright Law.
CCTV Requirements

POSSIBLY – There is no specific legal regime relating to CCTV in the United Arab Emirates.  However, the Regulation prohibits the use of video or any image capturing devices for private operators and without prior authorization by the GCAA for commercial operators.

The Penal Code, Cyber Crimes Law and Copyright Law apply.

Furthermore, UAE Federal Act No. 20 of 1991 makes it illegal for any aircraft (including UAS) to be equipped with aerial photographic apparatus without authorisation from the civil aviation authorities.

Back to top of page


United Kingdom - Privacy and Regulatory Implications for Unmanned Aerial Systems
Aviation Requirements

YES – The Civil Aviation Authority (the CAA) has published detailed guidance [SP1] in CAP722 "Unmanned Aircraft System Operations in UK Airspace – Guidance" covering the regulation of UAS in the UK. The most recent issue (6th edition) took effect in March 2015.

UAS operating in the UK must, in general, meet the same safety and operational standards as manned aircraft. The specific requirements vary with the size of the aircraft. The Air Navigation Order contains a specific regime whereby most technical requirements are disapplied for UAS below 20kg, with particular operational limitations if the platform is equipped with surveillance equipment. Commercial use requires permission from the CAA.

Data Protection Requirements
POSSIBLY - There are no specific data protection regulations which apply to UAS, nor any specific guidance on the subject. However, personal data collected through UAS would have to comply with the Data Protection Act: a valid ground for processing data would be needed (e.g. legitimate interest of the controller), information should be given to the data subjects, and the UK Data Protection Agency would have to be notified of the data processing activity.
CCTV Requirements
POSSIBLY - There is no specific legal regime relating to CCTV in the UK. However, the Data Protection Act does apply to CCTV systems. The ICO would have to be notified of the data processing. Certain obligations regarding providing the public notice of the CCTV system might be difficult to implement when UAS are being used. This problem was mentioned by the ICO in their submission to the Joint Committee - pre-legislative scrutiny of the draft Communications Data Bill (at page 55).

Back to top of page


Authors

Kathryn Edghill

Partner
Australia

Call me on: +61 2 9226 9888
Image of Cindy Ling

Cindy Ling

Associate
China and Hong Kong

Call me on: +852 2248 6000
Image of James Wong

James Wong

Associate
China and Hong Kong

Call me on: +852 2248 6000
Chloupek-Vojtech

Vojtech Chloupek

Partner
Czech Republic & Slovakia

Call me on: +420 226 030 500
Repa-Radovan

Radovan Repa

Associate, Bratislava
Czech Republic & Slovakia

Call me on: +421 232 332 800
Profile picture

Frank Simons

Counsel
Netherlands

Call me on: +31 (0)70 353 8800
Kang-Alban

Alban Kang

Partner
Singapore

Call me on: +65 6534 5266
Rob Kinder

Rob Kinder

Associate
United Arab Emirates

Call me on: +971 26108 100

Mark Makarem

Associate
United Arab Emirates

Call me on: +971 26108 100