On November 14, 2013, the Federal Aviation Administration (FAA) announced the Final Privacy Requirements for unmanned aircraft system (UAS) Test Sites.
To comply with the Final Privacy Requirements, Test Site operators must comply with all applicable privacy laws. Test Site operators will be required to maintain a record of all UAS operating in the Test Sites. The Test Site operators must require that all UAS operators have a written plan for the use and retention of all data collected by the UAS. Additionally, the Test Site operators must conduct an annual review of the Test Site operations. The purpose of this review is to verify compliance with the privacy policy and practices. The Test Site Operator must share the outcome of the review in a public forum which provides the opportunity for public feedback.
The Final Privacy Requirements also contain a contractual provision that allows the FAA to suspend or modify the operational authority for a Test Site if charges are filed by law enforcement, including the U.S. Department of Justice or a state’s law enforcement authority, against a Test Site operator for potential violations of privacy laws. If the proceedings show that the Test Site operator violated the privacy laws, then the FAA may terminate the operational authority.
The FAA had published proposed requirements on February 22, 2013. The public comments to the draft requirements included recommendations that there should be no privacy requirements and recommendations that the FAA impose strict privacy requirements.
In response to comments that the FAA should focus on safety and not regulate privacy, the FAA stated that the FAA will require Test Site operators to comply with the Final Privacy Requirements. Congress mandated that the FAA establish Test Sites to further UAS integration into the national airspace system (NAS). It is the FAA’s position that the Final Privacy Requirements advance this mandate by helping inform the dialogue regarding the impact of UAS on privacy.
In addressing comments that law enforcement agencies who use the Test Sites should have warrants to conduct surveillance or gather evidence, the FAA stated that the Final Privacy Requirements state that the Test Site operator must comply with all applicable privacy laws.
The FAA declined to provide more strict requirements than those set forth in the Final Privacy Requirements. The FAA reasoned that privacy laws and tort law may address some privacy issues. Further, the FAA contends that since Test Site operators must be public entities they will be responsive to local stakeholders’ concerns and therefore develop privacy policies tailored to the local concerns. Additionally, elected officials can enact additional privacy laws and regulations if needed. According to the FAA, forty-three states have enacted or are considering legislation that regulates UAS.
The FAA also declined to create a public registry or database of UAS operations at Test Sites. The FAA believes that such an action would not be appropriate. Each Test Site operator will be required to maintain a record of UAS operating at its Test Site.
For more information on UAS or the Test Site program, please contact Ronce Almond at (202) 457-7790.