On 29 March, the Hong Kong Privacy Commissioner for Personal Data (the “Commissioner“) published a guidance note that supplements previous guidance on the use of closed circuit television systems and for the first time addresses the increasing use of unmanned aircraft systems (“UAS“, or, more popularly, “drones”). The Commissioner’s guidance is the first significant regulatory engagement on the use of UAS by a Hong Kong regulator.
The guidance is timely, as the potential commercial applications for UAS are now becoming more fully understood and are clearly vast, ranging from infrastructure maintenance, crop management and security through to the more headline catching possibilities of delivery of consumer products to your doorstep.
The Consumer Electronics Association forecasts the global market for consumer UAS will approach USD 300m by 2018 on factory-to-dealer sales of just under a million units, up from an anticipated USD 84m in global revenues on sales of 250,000 units in 20141.
Earlier this year, the e-commerce giant Alibaba announced the launch of commercial UAS delivery testing in China from its warehouses in Beijing, Shanghai and Guangzhou. Less well-publicised, Hong Kong is itself something of an innovator in the UAS space. In 2013, the Civil Engineering and Development Department acquired a number of UAS vehicles for property surveying purposes, citing tremendous efficiency gains from UAS imaging, particularly in difficult terrain2.
The possibilities raised by UAS raise significant regulatory concerns, but current regulations are very limited in their scope and do not yet address important issues of privacy. The Commissioner’s guidance is a first step in Hong Kong towards a broader debate about UAS.
The Hong Kong Regulatory Regime For UAS
The expected increase in use of UAS calls the basic regulatory parameters into question. Hong Kong’s urban density and unique geographical features make safety a key concern. For commercial UAS flights in Hong Kong the CAD rules stipulate that no flights are permitted within five kilometres of an aerodrome, over 300 feet above ground and in visibility conditions of less than five kilometres. There is also a requirement that the pilot of the drone must have qualifications to show that he has the required training to fly the device. That being said, the CAD does not issue separate pilots licenses for the operation of UAS. The UAS operator must make an application to the CAD with the relevant information to support the application and to demonstrate their flying experience. Each application is then reviewed by the CAD on a case by case basis. A flight plan must also be submitted to the CAD at least 28 days before take-off although it can take up to 90 days to get flight approval.
The CAD’s rules are clearly directed at pilot qualifications and safety concerns. It is not clear that the department is under any duty to consider privacy concerns when it issues its permits. In a blog entry he made last year concerning UAS4, Hong Kong’s Privacy Commissioner for Personal Data expressed his concern that the privacy rights of individuals in Hong Kong need to be better protected as the use of UAS increases. In the Commissioner’s view, UAS present unique privacy challenges and their ability “to collect data with great resolution and granularity at distant vantage points, often for long periods, and on a continuous and covert basis, enables them to conduct effective aerial surveillance of persons of interest in a sustained and surreptitious manner.”
The Commissioner’s new guidance adds further force to these comments, and suggests some specific compliance measures that UAS operators should take, including carrying out privacy impact assessments as part of flight planning, minimising the amount and types of personal data collected by the drone to that which is essential and taking measures to ensure that data is secure should the drone be lost. The Commissioner also suggests means of alerting the public to the presence of UAS collecting personal data, such as incorporating flashing lights into the aircraft to signal that recording is taking place and pre-announcing through social media and other means that a UAS flight is taking place.
A Bird’s Eye View Of Global UAS Regulation
In February 2015 the Federal Aviation Administration (the “FAA“) issued proposals for new UAS regulation in the United States. These proposals would require UAS to be kept within the operator’s line of sight at all times while airborne and prohibit flights over crowds of people. Significantly though, while the new proposals establish safety procedures, despite extensive lobbying from experts and members of the public, the proposals do not address any privacy concerns, a matter which the FAA understands to be beyond the scope of its rule making powers.
The International Civil Aviation Organisation has embarked on the development of international standards to regulate UAS, particularly in airspace used by manned aircraft. The work covers areas such as certification of UAS, competency requirements of the UAS operator/pilot, and guidance on UAS operations, but privacy concerns do not form part of the review.
Blue Sky Thinking About UAS Regulation
1 “Let Them Fly: CEA Applauds FAA’s Ruling on Drones” 25 September 2014
2 ‘Drone’ aircraft bring survey boost December 23, 2013
3 Editorial “Drone Invasion Needs Regulation” July 13, 2014, South China Morning Post
4 The Commissioner’s Blog, 29 April 2014
For further information please contact:
Mark Parsons, Partner, Hogan Lovells
Peter Colegate, Hogan Lovells