The Commonwealth Department of Infrastructure, Transport, Regional Development, Communications and the Arts (the Department) recently completed public consultation on draft privacy guidelines for commercial and recreational drone operators.
Drone use in Australia has grown exponentially in recent years, with operators utilising remotely piloted aircraft in areas such as search and rescue, media, surveying, logistics and home delivery services. This proliferation has caused a corresponding increase in community sensitivity to the impact of drone use on privacy.
There is no drone-specific privacy law in Australia. Rather, there is a patchwork of Commonwealth, state and territory legislation and common law which may apply to drone operations, including with respect to personal information, surveillance, trespass and nuisance.
The guidelines are intended as an educational tool to provide operators with a set of easy-to-understand parameters for operating drones in line with reasonable community expectations for privacy.
The Guidelines contain 6 best practice Drone Privacy Principles (DPPs) which are summarised below:
|DP1||Informing others or obtaining consent when collecting data.||For commercial operators this includes having a communications strategy and creating an easily accessible means for individuals to express their concerns.|
|DP3||Using data only for the original purpose.||The guidelines refer drone users to Part 3 of the Australian Privacy Principles under the Privacy Act 1988 which govern dealing with personal information once it has been obtained.|
|DP4||Handling data securely.||Commercial operators are advised to de-identify data once no longer needed and to use reasonable safeguards.|
|DP5||Knowing laws and rules.||Users are reminded to fly in accordance with CASA drone safety rules. While these are not strictly privacy-related, compliance may enhance privacy (for example by staying at least 30 metres from bystanders when flying).|
|DP6||Being aware of the Privacy Act and the Australian Privacy Principles (APPs).||The APPs establish guardrails around the collection, use and disclosure of personal information and sensitive information, which apply to Commonwealth Government agencies and organisations with an annual turnover exceeding $3 million (APP Entities).
The APPs also provide individuals with the right to seek access or correction to personal information held by the APP Entity, as well as the ability to make complaints about interference with the individual's privacy.
The DPPs are based on similar concepts to those used in the APPs and refer users to the APPs for further information. Among other things, the APPs set out a framework regulating:
- the collection of personal information, including when an individual should be notified about the collection of the individual’s personal information, and the matters to be included in the notification;
- the use and disclosure of personal information collected, including when consent is required;
- how an APP Entity can use or disclose personal information for a direct marketing purpose;
- how long personal information can be retained; and
- the right of individuals to seek access or corrections to personal information held by an APP Entity.
- As the name suggests, the guidelines will not be mandatory, but will instead act as a voluntary, recommended code of conduct.
- The DPPs have a broader reach than the existing APPs under the Privacy Act. The DPPs apply to all drone users, including recreational hobbyists and small businesses. By contrast, the APPs do not generally apply to individuals or businesses whose turnover does not exceed $3 million per annum.
- The guidelines ultimately released by the Department may differ from those released during the public consultation process.
Further information on the draft guidelines is available here.
This article was written by Jayne Heatley, Partner and Luke Dale, Partner.