As is the case with almost every disruptive technology introduced today, unmanned aircraft systems (UAS, commonly known as drones) have raised privacy concerns. For the past several years, lawmakers at the state and local levels have attempted to address these concerns through legislation. And as UAS become more common in 2017, many expect to see more UAS privacy bills.
Understanding Privacy Legislation
There are several reasons why it is important for insurance companies operating UAS to understand the differences in the types of privacy legislation. First, insurance companies operating in more than one jurisdiction must understand which, if any, laws apply, as there are still wide variances among jurisdictions. Moreover, the laws are being written so that they apply even if images can be taken and made publicly available from other platforms.
In addition, some types of UAS privacy legislation are so broad that they may go beyond the authority of a state or local government to enact. The U.S. Constitution grants the federal government powers to make laws and regulations that states and localities cannot supersede, making any such state or local law “without effect.” This concept is known as federal preemption.
The potential for federal preemption over state and local laws pertaining to UAS is particularly relevant. According to a 2015 Federal Aviation Administration (FAA) UAS fact sheet, “Substantial air safety issues are raised when state or local governments attempt to regulate the operation or flight of aircraft. If one or two municipalities enacted ordinances regulating UAS in the navigable airspace and a significant number of municipalities followed suit, then fractionalized control of the navigable airspace could result. In turn, this ‘patchwork quilt’ of differing restrictions could severely limit the flexibility of the FAA in controlling the airspace and flight patterns, and ensuring safety and an efficient air traffic flow.”
Unfortunately, it is not always clear whether a federal law preempts a state or local law or whether the two laws can coexist. Courts often are asked to decide the issue, and, in many cases, courts have found that the FAA’s authority to protect the national airspace preempts the power of states and local authorities to regulate aircraft or aircraft operations. Since UAS are considered aircraft by the FAA, some believe the FAA should have jurisdiction over all privacy issues associated with UAS. However, thus far, the FAA has been more concerned about maintaining the safety of the national airspace than directly addressing privacy issues.
There are likely several reasons why the FAA has not asserted its authority on UAS privacy. First, since the FAA has not had to address these types of privacy concerns with respect to manned aircraft, it is not well-suited to deal with these complex and dynamic issues. Moreover, privacy in the U.S. has traditionally been addressed at the state or local level. The 2015 FAA fact sheet, citing Skysign International Inc. v. City and County of Honolulu, states, “Laws traditionally related to state and local police power—including land use, zoning, privacy, trespass, and law enforcement operations—generally are not subject to federal regulation.”
As a result, state and local laws that are related directly to privacy or trespass are likely to be upheld by the courts. However, courts may strike down laws that only relate indirectly to privacy or trespass and that the courts believe infringe upon the right of the FAA to regulate the national airspace or flight operations.
Creating a Reasonable Expectation of Privacy
Some legislation would make it illegal to take an image in violation of an individual’s reasonable expectation of privacy. One of the major challenges with this type of UAS privacy legislation will be understanding what an individual’s “reasonable expectation of privacy” is when in public.
Historically, courts have found that any expectation of privacy from overhead images taken by an aircraft is unreasonable unless they have taken measures to not be seen from above. While many of these cases applied to the government’s collection of such images, the analysis and concept has been more broadly applied. For example, in Dow Chemical Co. v. United States, the U.S. Supreme Court found that the Environmental Protection Agency was justified when it overflew a facility and collected evidence without a warrant.
Similarly, in California v. Ciraolo, the court held that data obtained from an aircraft hired by the police to fly over a private home without a warrant could be used in a trial. Specifically, the court found that “[i]n an age where private and commercial flight in the public airway is routine, it is unreasonable for respondent to expect that his marijuana plants were constitutionally protected from being observed by the naked eye.”
In Ciraolo, it is worth noting the court found that the aircraft was flying at approximately 1,000 feet. Three years later, in Florida v. Riley, the court affirmed this reasoning, stating that a warrant was not needed to fly a helicopter at 400 feet over a home to collect information. The court noted that a member of the public could have operated a helicopter at 400 feet and made the same observations, and that the helicopter did not interfere with the normal use of the property.
However, this principle seems to be evolving, due in large part to privacy concerns associated with UAS. For example, in May 2016, the National Telecommunications and Information Administration (NTIA) published “Voluntary Best Practices for UAS Privacy, Transparency, and Accountability,” (Voluntary Best Practices) which was intended to protect “covered data,” defined as “information collected by a UAS that identifies a particular person.” Section 2a of the Voluntary Best Practices states, “In the absence of a compelling need to do otherwise, or consent of the data subjects, UAS operators should avoid using UAS for the specific purpose of intentionally collecting covered data where the operator knows the data subject has a reasonable expectation of privacy.”
It is important to note that the Voluntary Best Practices do not exclude the collection of covered data of an individual while that person is in public. Moreover, it was evident from the discussions that occurred in the meetings that many stakeholders did not feel it was unreasonable for a person to expect not to be imaged by a UAS in public.
Similarly, a Florida law passed in 2015 to address privacy concerns associated with UAS states in part that “a person is presumed to have a reasonable expectation of privacy on his or her privately owned real property if he or she is not observable by persons located at ground level in a place where they have a legal right to be, regardless of whether he or she is observable from the air with the use of a drone.”
As a result, if a person in Florida takes steps to avoid being seen from the road (i.e., a fence), he or she has a reasonable expectation of privacy to not be imaged by a UAS operating overhead. This grants Florida citizens even greater protection than afforded by the U.S. Supreme Court in Dow Chemical and Ciraolo.
Legislation that precludes UAS operators from collecting images of individuals if they have a reasonable expectation of privacy will prove the most challenging for insurance companies. Operators will first want to determine whether the legislation applies to them, as it may only apply to governmental use of UAS or have carve-outs, such as in Florida. Businesses also will need to determine if and how a “reasonable expectation of privacy” is defined in the legislation. If it is not defined, operators will need to closely follow applicable court cases, as what is considered reasonable likely will evolve.
Making It Illegal to Conduct Surveillance
Another type of legislation makes it illegal to use UAS to conduct surveillance. One of the biggest challenges with this type of legislation for an operator will be knowing what constitutes “surveillance” within a jurisdiction. For example, the Florida law referenced earlier prohibits the use of UAS to “use a drone equipped with an imaging device to record an image of privately owned real property or of the owner, tenant, occupant, invitee, or licensee of such property with the intent to conduct surveillance on the individual or property captured in the image….”
Surveillance is defined in the law as “1. With respect to an owner, tenant, occupant, invitee, or licensee of privately owned real property, the observation of such persons with sufficient clarity to be able to obtain information about their identity, habits, conduct, movements, or whereabouts, or 2. With respect to privately owned real property, the observation of such property’s physical improvements with sufficient visual clarity to be able to determine unique identifying features or its occupancy by one or more persons.”
Fortunately, the Florida law contains a number of exceptions from the broad surveillance ban. These exceptions include the use of a UAS by a person or business licensed by the state, by an employee or contractor for assessing property for ad valorem taxation, and for aerial mapping. Without these exceptions, the use of UAS for inspections of property in Florida would likely be prohibited as it would constitute “the observation of such property’s physical improvements with sufficient visual clarity to be able to determine unique identifying features or its occupancy by one or more persons.”
North Dakota also recently enacted a law prohibiting the use of UAS for “domestic surveillance.” Specifically, this law, passed in 2015, states, “A law enforcement agency may not authorize the use of, including granting a permit to use, an unmanned aerial vehicle to permit any private person to conduct surveillance on any other private person without the express, informed consent of that other person or the owner of any real property on which that other private person is present.”
On its face, this law seems to apply only to those operators who need approval from law enforcement to conduct surveillance in North Dakota, such as private investigators. However, it is written so broadly that it could be interpreted to apply to using UAS for any surveillance.
In New Hampshire, legislators introduced a bill that would have prohibited the non-governmental use of drones to conduct surveillance without an individual’s permission. The legislation states, “No person shall use a drone to conduct surveillance without the prior consent of each affected person and each owner or possessor of affected buildings or structures or parts thereof.”
Though the bill was defeated, it further exemplifies legislators’ attempts to limit or even prohibit the use of UAS to conduct surveillance by those outside of the government.
Insurance companies that use drones to inspect property are likely to face several challenges in jurisdictions that prohibit the use of UAS for surveillance. One of the biggest challenges may be understanding what constitutes surveillance in a jurisdiction, as the term “surveillance” is quite broad. Operators should seek to have the term clearly and narrowly defined in the legislation. In addition, the legislation should specifically exclude the use of UAS to inspect property for insurance purposes.