DroneRules Pro: Supporting GDPR compliance through privacy culture among drone professionals in Europe

1. Fly respectfully consider privacy Fly safely follow flight safety rules Fly responsibly be insured DroneRules Pro: Supporting GDPR compliance through privacy culture among drone professionals in Europe Christina Hitrova christina.hitrova@trilateralresearch.com Bonn, 4 July 2018
2. Overview • What do drones have to do with privacy and data protection? • What is the DroneRules PRO project? • How can the DroneRules PRO project help? • How can you get involved? This presentation is funded by the European Union’s COSME Programme (2014-2020).
3. Fly respectfully consider privacy Fly safely follow flight safety rules Fly responsibly be insured What do drones have to do with privacy and data protection?
4. Privacy and data protection • What is privacy? Everyone has the right to respect for his or her private and family life, home and communications. - EU Charter of Fundamental Rights,Article 7 • What is personal data protection? 1. Everyone has the right to the protection of personal data concerning him or her. 2. Such data must be processed fairly for specified purposes and on the basis of the consent (…) or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. (…) - EU Charter of Fundamental Rights,Article 8 • Protected by national constitutions and international treaties This presentation is funded by the European Union’s COSME Programme (2014-2020).
5. How do drones impact privacy and data protection?
6. Why is this important for the drone industry? • The General Data Protection Regulation (GDPR) - protects personal data through its entire lifecycle – “Personal data” – Has “teeth” – sanctions up to € 20 Million or 4 % of the total worldwide annual turnover • Future laws – EASA Prototype Regulation and Annex – requires respect privacy and data protection and consideration of privacy risks – Regulation for making available on the market of UA intended for use in the ‘open’ category – requires privacy-enhancing features This presentation is funded by the European Union’s COSME Programme (2014-2020).
7. Fly respectfully consider privacy Fly safely follow flight safety rules Fly responsibly be insured What is the DroneRules PRO project?
8. DroneRules PRO: Key project facts • Duration: December 2017 – November 2019 • Funding COSME COS-DRONES-2016-03-02 • Partners • Goals: (1) To create a privacy culture among Europe’s drone professionals with information and educational resources (2) To protect rights and freedoms of people (3) To support the growth and development of drones This presentation is funded by the European Union’s COSME Programme (2014-2020).
9. DroneRules PRO: Project work • E-learning course & resources • In collaboration with stakeholders and experts Resource development • 6 hands-on training sessions in UK, BE, DE, IT, PL • Evaluation of resources Training • Optimisation and finalisation of project resources • Publication Finalisation This presentation is funded by the European Union’s COSME Programme (2014-2020). Dec 2017 – Mar 2019 Mar – Jul 2019 May – Sept 2019
10. Fly respectfully consider privacy Fly safely follow flight safety rules Fly responsibly be insured How will the DroneRules PRO project help?
11. DroneRules PRO resources Drone operators Drone manufac- turers Drone pilots Privacy Code of Conduct Pre-flight checklist Privacy Impact Assessment (PIA) template Privacy-by- design guide E-learning course with tailored modules This presentation is funded by the European Union’s COSME Programme (2014-2020).
12. E-learning course • Goal: Empower drone professionals!Teach them how to assess their operations, identify risks and implement safeguards. • Modules tailored to operators, pilots and manufacturers • Content will include: – Concepts, principles, requirements, risks – Safeguards – Interactive games / tests This presentation is funded by the European Union’s COSME Programme (2014-2020).
13. This presentation is funded by the European Union’s COSME Programme (2014-2020).
14. 5 tips on flying responsibly • Inform people on the ground of your activities. • Minimise personal data captured and retained. • Limit personal data use and data storage. • Protect personal data. Anonymise it. Secure it. Do not share it (freely). • Respect people’s rights and put procedures in place to that end. This presentation is funded by the European Union’s COSME Programme (2014-2020).
16. PIA template • For drone operators & pilots • Software • Plan your (high- risk) mission responsibly • Risks & safeguards • DPIA can serve as documentary proof of risk management Pre-flight checklist • For drone pilots • Last-minute checklist • Have we considered everything we need to do? • Have we done it? Privacy-by-design guide • For drone manufacturers • Privacy- enhancing drone features • EASA regulation compliance • Drones that help drone pilots and operators comply with their own obligations This presentation is funded by the European Union’s COSME Programme (2014-2020).
18. Privacy Code of Conduct • Best practices for drone pilots and operators • Scope: – Planning the mission – Flying the mission – Handing, sharing and erasing data • An industry-standard-to-be • We are calling for your feedback! Get in touch to get a copy! This presentation is funded by the European Union’s COSME Programme (2014-2020).
19. Fly respectfully consider privacy Fly safely follow flight safety rules Fly responsibly be insured How can you get involved?
20. Drone Rules PRO Advisory Board • On the look for new members to support the project and: – Review and provide feedback on resources – Join training sessions – Support dissemination and promotional activities – Help expand the network of the project • Flexible contributions welcome This presentation is funded by the European Union’s COSME Programme (2014-2020).
21. Current Advisory Board members Name Organisation Expertise Peter van Blyenburgh UVS International Industry association Uwe Meinberg CURPAS (Germany) Industry association Gonçalo Antunes Matias APANT (Portugal) Industry association Benjamin Benharrosh Delair Tech Industry Anne-Marie Haute Pilgrim Technology Industry Jules Kneepkens TEASAS Civil aviation regulation Christian Janke Embry-Riddle Aeronautical University – Worldwide Industry educator Giuseppe D’Acquisto Italian Data Protection Authority Data protection & regulation Stian Kringlebotn Norwegian Data Protection Authority Data protection & regulation Andrej Tomšič Slovenian Data Protection Authority Data protection & regulation Adolfas Kuzborski CAA Lithuania Regulation
22. Thank you for your attention Contact: Christina Hitrova Christina.Hitrova@trilateralresearch.com This presentation is funded by the European Union’s COSME Programme (2014-2020).

Notas del editor

As you may know, people have certain fundamental human rights, guaranteed to them, which are intended to protect their dignity and autonomy. You may have heard of the right to life or the right to free speech.

Similar to this, in Europe and within the European Union people are guaranteed the right to privacy and the right to personal data protection.

The right to privacy means that people have the right for their private and family life, home and communications to be respected. They have a right to be left alone and not be surveilled, especially in a private setting. This is a broad right encompassing all situations in which people have an expectation to be unobserved.

The right to personal data protection is another fundamental right, guaranteed to people in the EU. It is a more focused right and protects individuals by laying down some minimum standards regarding how personal data relating to individuals should be collected and handled. Compared to the right to privacy, the right to personal data protection is more targeted and application-heavy. It protects only personal data and it prescribes specific principles which should be followed in practice, when handling such data. These center around being fair and transparent when handling the data and empowering the individual to determine how such data is used.

These rights, in one shape or another, are protected through various documents on the national and international levels, including by constitutions and international treaties, such as the EU Charter of Fundamental Rights. All people in Europe have them and this can impact your activities as drone professionals.
Commercially, drones can be used in a variety of contexts – in construction, to capture entertainment and sports events, for real estate. You know better than me how diverse drone capabilities and applications can be. However, drones have the potential to impact the privacy and personal data of people on the ground. This is for a few reasons:

First, drones are highly maneuverable. This means that previously inaccessible spaces, such as gardens with fences or secluded areas in a park or on a beach can now be accessed and directly observed or recorded. This could raise concerns especially in situations where private spaces are impacted, such as people’s homes, gardens, cars, work places.
Second, drones vary in size and design. This means that sometimes they may remain unnoticed by individuals on the ground and become silent observers of their behavior. Needless to say, this can raise significant privacy concerns.
Thirdly, drones have extremely diverse capabilities. Depending on the payload they are carrying, drones can capture photos, videos, thermal or location data, sometimes even audio data. Some software empower drones to even track and monitor individual behavior, as you see here on the slide. Then the data captured features individuals, and especially if it allows the identification of individuals, privacy and personal data concerns can arise.
Finally, the combination of the design, maneuverability and diverse capabilities of drones leads to a lack of transparency for individuals on the ground. Often, they may have no way of knowing who is operating the drone, for what purpose, what kind of data that drone is collecting and whether the drone’s sensors are pointed in their direction. In such circumstances individuals can feel uneasy, observed and, lacking a responsible person to turn to, they become powerless to actually control what happens with their personal data.
On the 25th May this year the General Data Protection Regulation (GDPR) entered into force. This is a EU-wide single law that protects the personal data of individuals by laying down concrete rules, principles and requirements as to how that data should be handled throughout its entire lifecycle – from collection, to processing, storage, sharing and erasure.

The GDPR protects only personal data – that is, any data that allows the identification of a person. What is personal data can be a very broad notion. It encompasses information through which individuals can be identified by you or by others. In the context of drones, personal data can be a single piece of information or a combination of the entire scene you captured – the top of a person’s head, their clothing, their location, their car plate number or house number, the time of your activities.
You should be careful when capturing personal data and you should plan how to handle and protect such data. Sanctions are envisioned for responsible parties (called data controllers) who breach the requirements of the GDPR. These sanctions can amount to up to € 20 Million or 4% of your company’s worldwide annual turnover in extreme cases of not complying with the law.

In addition to the GDPR, EASA and EU legislators are at present discussing two future legal acts, which include references to privacy and privacy-enhancing drone features.
Relevant for drone operators and pilots, the EASA Prototype Regulation (laying down rules and procedures for the operation of unmanned aircrafts) requires that pilots operate with due respect for the privacy and data protection of individuals on the ground. In certain cases, a certification for pilots is required. Drone operators carry these responsibility to ensure that pilots comply with these requirements. For higher risk operations, the Regulation requires an impact assessment be carried out, which should consider, among others, privacy risks.
For drone manufacturers, legislators are discussing a regulation for making available on the market of unmanned aircraft for use in the ‘open’ category. For the more powerful drones, this Regulation requires that they be equipped with certain privacy- and transparency-enhancing features. These include geo-awareness (or geo-fencing) capabilities or electronic identification transmissions, which inform those around of the drones location and who is controlling it.

As you can see, the drone industry has to consider privacy and data protection within its activities and this requirement will likely increase with the adoption of new laws, specifically directed to you. So why am I telling you all this?
The DroneRules PRO project is a 2-year project, funded by the European Union’s COSME Agency. The project consortium is comprised of the following partners.

These four partners are collaborating to produce the project resources for you.

The chief goal of the DroneRules PRO project is to foster a privacy culture among the commercial drone industry in Europe by creating educational and information resources that are tailored to the drone sector and its needs. These resources will assist the drones industry in adjusting to new legislative requirements, such as the GDPR.
In addition, the project will ensure that the rights and freedoms of individuals on the ground are sufficiently protected.
By combining these two goals, the project will ultimately support the growth and development of the drones industry in Europe.
The project will take place as a 3-stage process.
Presently, we are in the first stage of the project – developing the information and educational resources. These will be an interactive e-learning course, as well as complementary and stand-along tools and templates, designed to fit into the work of drone professionals We work closely with stakeholders and experts in the field to ensure the quality and relevance of these resources.

In the next stage of the project, between March and July 2019, we will carry out at least 6 hands-on training sessions in 5 countries – in the UK, Belgium, Germany, Italy and Poland. These training sessions will not only seek to inform drone professionals of their legal responsibilities and how to comply with them. They will seek to evaluate the resources developed together with drone pilots, operators and manufacturers, as well as public authorities and industry associations, which are likely to reuse the resources.

Finally, between May and September 2019, we will optimize the resources with the feedback we have received and finalise them. The resources will then be made publicly available.
The DroneRules PRO project seeks to inform and educate all different actors within the drone industry – drone operators, drone pilots and drone manufacturers. To achieve this, we will develop multiple resources, each tailored to a different group or groups of professionals.

First, the e-learning course is the jewel in the crown of the DroneRules PRO project. It is an interactive and tailored module-based e-learning tool, which will teach users how to fly responsibly and respect privacy and data protection rules and principles.
The goal of the e-learning course is to empower drone professionals to assess their own operations as they plan and carry them out. By educating them, the course should allow them to identify the risks that their activities give rise to and implement the necessary safeguards to ensure they act responsibly and in compliance with the law.

To ensure that users receive relevant information in an understandable manner, some of the course modules will be developed in different versions, running in parallel. Each version will be tailored to the needs and operations a particular group of drone professionals – operators, pilots or manufacturers.

The content of the course will cover privacy and data protection concepts, requirements and risks, as well as safeguards, strategies and best practices for mitigating such risks and complying with legal requirements. Interactive games and tests will be interwoven throughout the entire course. I will now show you some examples.
Here are some examples of how interactive testing will be used to check the users’ knowledge and inform them, whenever they have give a wrong answer.

Naturally, the visual design of these tools will be further enhanced as the project further develops.
Inform: Whenever you capture or record any information about a person, especially clear images of their face, inform them about it. Draft a public privacy statement to provide further transparency.
Minimise: Always think about what kind of drone to use and how so that you capture the least amount of data about people in the area of your operation. Anonymise data where possible. Blurring faces, house and car numbers may help you alleviate your GDPR obligations.
Limit: The purpose for which you use the data to the purpose you originally stated and limit the storage of the personal data to the minimum period required.
Protect: Provide adequate security for the personal data and do not share it with third parties without informing individuals and ensuring data will be protected with its recipients. Share only anonymised data if possible.
Respect: Ensure that people can exercise their rights to object to data processing, change their mind about it or have their data removed. Remember, people also have the right to access their data, receive a copy of their data and correct it.
In addition to the e-learning course, further resources have already been developed and are being finalised as we speak.

I’d like to draw your attention to the PIA template, the Pre-flight checklist and the Privacy-by-design guide.

A Privacy Impact Assessment template has been developed for drone operators or pilots who plan drone operations.

Next, a pre-flight checklist has been developed for drone pilots, intended as a cheat sheet for pilots in the field.

Finally, a privacy-by-design guide has been compiled for drone manufacturers, supporting them in creating drones that comply with the law and which help pilots and operators fly in a responsible and privacy-aware manner.
Examined one by one, each resource brings something different to the table.

The PIA template will be an interactive software tool. It will allows drone operators or pilots to incorporate privacy and data protection principles and best practices into the very plan and design of their drone operations. The goal of this resource is to ensure that drone operations, especially those that pose high risks to the privacy and personal data of individuals, are planned and carried out in a way to minimise any potentially negative impacts on people on the ground.

Relevant to this is the DPIA, which could serve as a documentary proof that users have engaged in risk management and have planned how to comply with data protection requirements.

Next is the Pre-flight checklist . This is a small document which can be printed. It is a last-minute checklist for drone pilots in the field. It encompasses key questions to make sure that they are aware of everything they need to know or keep in mind while flying the drone and operating its sensors. It is intended to help them put the mission plan, especially its safeguards, into practice.

Flying near private or sensitive spaces
Flying near people
Capturing personal data

Finally, the Privacy-by-design guide is a report, designed to provide manufacturers with concrete advice as to the privacy-enhancing features they can incorporate into the design and build of both the hardware and software of their drones. The goal of this document is to help manufacturers comply with any privacy-relevant legal requirements they may be subject to, as well as to educate them about features they can incorporate, so that their drones support drone pilots and operators who are subject to European data protection requirements.
Finally, the project has developed and is currently improving a Privacy Code of Conduct – a best practice guide and hopefully an industry standard-to-be, aimed at drone operators and pilots.
The Privacy Code of Conduct is intended to give clear guidance, practical tips, do’s and don’t’s for both pilots and operators for their activities.

It has a wide scope and includes recommendations relating to the safeguards and best practices to keep in mind when planning a drone mission, how to carry it out in practice and how to handle, share and erase any personal data captured during a drone flight.

Ultimately, we hope that this document will prove useful and helpful to drone professionals around Europe, winning it stakeholder support among industry representatives.

We would love to hear your thoughts on the Privacy Code of Conduct to help us improve it. If you are curious to see it or would like to give us feedback, please get in touch with me and I’ll make sure you get a copy of it. The Commission is interested in hearing from you since the CoC is intended for you. You can find my email at the end of the presentation.

DroneRules Pro: Supporting GDPR compliance through privacy culture among drone professionals in Europe

Estás leyendo una previsualización.

Eche un vistazo a continuación

DroneRules Pro: Supporting GDPR compliance through privacy culture among drone professionals in Europe

Más Contenido Relacionado

Presentaciones para usted (8)

Similares a DroneRules Pro: Supporting GDPR compliance through privacy culture among drone professionals in Europe (20)

Más de Trilateral Research (20)

Más reciente (20)

DroneRules Pro: Supporting GDPR compliance through privacy culture among drone professionals in Europe

Notas del editor

DroneRules Pro: Supporting GDPR compliance through privacy culture among drone professionals in Europe

Estás leyendo una previsualización.

DroneRules Pro: Supporting GDPR compliance through privacy culture among drone professionals in Europe

Recomendado

Más Contenido Relacionado

Presentaciones para usted (8)

Similares a DroneRules Pro: Supporting GDPR compliance through privacy culture among drone professionals in Europe (20)

Más de Trilateral Research (20)

Más reciente (20)

DroneRules Pro: Supporting GDPR compliance through privacy culture among drone professionals in Europe

Notas del editor