FAA compromise bill drops key drone privacy provisions

A Federal Aviation Administration reauthorization bill that was passed by the Senate on Wednesday has excluded key privacy provisions, including a requirement that commercial and government users of drones must disclose if they collect personally identifiable information of a person.

The bill, which is a compromise short-term extension to ensure continued funding at current levels to the FAA, was passed by the Senate and goes to President Barack Obama to be signed into law, two days before the current authorization is to expire. It was earlier passed by the House of Representatives.

But Senator Edward J. Markey, a Democrat from Massachusetts and a member of the Commerce, Science, and Transportation Committee, on Wednesday said that the new bill, called the FAA Extension, Safety, and Security Act of 2016, was “a missed opportunity.” It does not include drone privacy provisions that he authored and were included in the Senate version of the FAA reauthorization bill that passed in April this year, the senator said in a statement. 

Civil rights groups have demanded drone privacy regulations, in the wake of moves to to liberalize the use of the unmanned aircraft for commercial and other purposes. On Wednesday, the Electronic Privacy Information Center said that the reauthorization had grounded privacy safeguards, though its proposal to require remote identification of drones had been included in the new bill.

The provisions in the bill passed by the senate in April would require that government and commercial drone operators should disclose if they collect personally identifiable information about an individual, including by using facial recognition. Operators would also be required to disclose how they would use the personal data, its use for advertising or marketing purposes, and when the sensitive information would be destroyed, according to Markey. 

The April bill would also require that government operators should disclose their drones’ location, purpose of flight and technical capabilities, such as cameras or license plates readers.

Last week, leaders of the House Transportation and Infrastructure Committee and the Senate Commerce, Science, and Transportation Committee announced a bipartisan and bicameral agreement on an extension of the FAA authorization through Sept. 30, 2017, while Congress brokers a long-term reauthorization of the FAA.

The FAA released in June its final rules for the operation of what it describes as “small unmanned aircraft,” limiting their weight to 55 pounds (25 kilograms) and to flying only during day at less than 400 feet within visual line-of-sight of operators. Some companies have said these rules, which take effect in August, make large-scale deployment of drones for deliveries unfeasible.

The bill passed Wednesday would  prohibit drones from interfering with emergency response activities, such as wildfire suppression and law enforcement, and provides for civil penalties of not more than US$20,000 for those found in violation. Drones are also to be used for firefighting and restoration of utilities.

The legislation also has provisions for the setting up of  a pilot program for mitigation of airspace hazards at airports and other critical infrastructure using unmanned aircraft detection systems. 

The FAA in consultation with other agencies shall also convene industry stakeholders to arrive at consensus standards for remotely identifying operators and owners of unmanned aircraft.

The FAA extension will provide short-term stability for the commercial drone industry, said Brian Wynne, president and CEO of drone advocacy group, Association for Unmanned Vehicle Systems International, in a statement. “Its provisions will help expand commercial operations, advance research and keep the airspace safe for all users – manned and unmanned,” Wynne added.

The National Telecommunications & Information Administration released in May a list of voluntary privacy best practices for commercial and non-commercial drone users, which were arrived at by drone organizations and companies like Amazon and Google’s parent Alphabet. It was recommended, for example, that drone operators that collect personal data should explain in a privacy policy what personally identifiable information they will collect, for what purpose and if it will be shared with others, including law enforcement agencies.