Skip to content

Brought to you by

Dentons logo

Drone Law Canada

The latest information and developments in drone regulations and the drone industry.

open menu close menu

Drone Law Canada

  • Home
  • About Us

Privacy laws and drones: Legal considerations and best practices for commercial drone operators

By Kathryn McCulloch
September 25, 2019
  • Articles
Share on Facebook Share on Twitter Share via email Share on LinkedIn

Overview

The data collection capabilities of drones are unprecedented. Cameras and imaging payloads can capture and transmit data and high-resolution images, enabling drone operators to identify and track people and vehicles. Further, drones with radiocommunication payloads can potentially intercept communications or collect data from Wi-Fi access points.

These capabilities raise new and difficult privacy challenges, including:

  • Identifying when information captured by drones, alone or in combination with other information, is “personal information” (as defined by the relevant legislation);
  • Obtaining meaningful consent from data subjects where necessary;
  • Informing individuals about the collection, use and disclosure of their personal information, and ensuring that drone operators remain accountable for their practices; and
  • Limiting collection and reducing the potential for indiscriminate over-collection of personal information.

Canada’s privacy laws apply to commercial and recreational drone operators alike, and should be considered before all operations. This article focuses on the central privacy concerns for commercial operators, and discusses: i) the most relevant privacy legislation for drone operators; ii) most common privacy torts committed by drone operators; and iii) best practices to avoid breaches of privacy.

Relevant law – PIPEDA

In Canada, the federal Personal Information Protection and Electronic Documents Act(PIPEDA), as well as substantially similar provincial legislation in the provinces of British Columbia, Alberta and Québec, establish rules on how private-sector organizations may collect, use or disclose “personal information” in the course of commercial activities.

What constitutes “personal information”?

One important threshold issue is whether information and data collected by drones is “personal information.”  “Personal information” is information about an identified or identifiable individual, either alone or in combination with other information. For example, a grainy image of a vehicle captured by a drone may not constitute  “personal information” on its own. However, if the drone captures the same vehicle parked in a driveway of a house overnight and then at an office building during the day, all of the information can be combined to identify the vehicle’s owner and track the owner’s movements, thereby constituting “personal information.”

PIPEDA’s 10 principles

Every organization subject to PIPEDA must comply with 10 principles. The most notable principles for commercial drone operators are:

  • Accountability: An organization is accountable for personal information under its control, and must implement a governance structure and privacy policies to demonstrate compliance with privacy law;
  • Consent: Consent (express or implied) of an individual is required to collect personal information. Whether consent be express or implied depends on the sensitivity of the information, the reasonable expectations of the individual in the circumstances and the risk of harm. Consent must be informed, free and meaningful;
  • Limiting collection: An organization cannot collect information beyond what it needs to provide the goods or services offered;
  • Safeguards: Personal information must be protected by security safeguards at a level appropriate to its sensitivity;
  • Openness: An organization must proactively make available their policies and procedures on information management in clear and accessible language;
  • Individual access: Individuals have the right to obtain access to their personal information upon request; and
  • Remedies: Individuals must have recourse to complain about compliance concerns.

Privacy torts

In Canada, statutory torts and common law torts are available for breaches of privacy by individuals and organizations. In tort law, an individual can launch an action in court to obtain a civil remedy, such as damages, against the person who committed the act or omission (e.g., an invasion of privacy).

Certain provinces have established a statutory tort for the invasion of privacy, which allows an individual to bring a civil action for improper access to or use of personal information. For example, under the Privacy Act in British Columbia, an individual has a right to sue for invasion of privacy. It is a tort for a person to use the portrait (or image) of another for commercial purposes without consent.

Individuals can also use common law torts to seek redress for breaches of privacy. This includes the tort of “intrusion upon seclusion” and the novel tort for “disclosure of private facts.” These torts and others (such as the tort of trespass) are potentially available to individuals who have their privacy invaded by drones.

The tort of intrusion upon seclusion may occur where:

  • The drone operator’s conduct was intentional (including recklessness);
  • The drone operator invaded, without lawful justification, the plaintiff’s private affairs or concerns; and
  • A reasonable person would regard the invasion as highly offensive, causing distress, humiliation or anguish.

The tort of disclosure of private facts may occur where:

  • The drone operator publicized an aspect of the plaintiff’s private life;
  • The plaintiff did not consent to the publication;
  • The matter publicized or its publication would be highly offensive to a reasonable person; and
  • The publication was not of legitimate concern to the public.

There are no reported court cases in Canada alleging a drone operator had committed any of these privacy torts. When it does occur, the accused drone operator will be well advised to follow certain best practices of operations to avoid committing privacy breaches.

Steps to avoid privacy breaches

The following are actions that drone operators can take to limit the risk of breaching privacy laws or privacy rights of individuals in the course of their operations:

  • Restrict the use of drones in privacy sensitive areas (e.g., residential areas, schoolyards, shelters, hospitals, etc.);
  • Inform nearby public of presence of drones and types of operations;
  • Use blurring technologies for faces and vehicle license plates when collected;
  • Implement a mechanism to allow individuals to request that their images be blocked or taken down (e.g., for images that are posted online);
  • Limit collection and retention of information that identifies a person (referenced above as “personal information”) to only what is necessary for the operator’s commercial purposes;
  • Ensure appropriate security measures for data collected; and
  • Institute mandatory privacy training for employee drone operators.

For further information, please do not hesitate to reach out to Jawaid Panjwani, Kathryn McCulloch, or any other member of Dentons’ Aviation or Privacy team.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Kathryn McCulloch

About Kathryn McCulloch

Kathryn's clients range from Fortune 500 and multi-national corporations to start-up companies and individuals. With a strategic focus on reaching early resolution to claims, Kathryn looks to achieve timely resolution of disputes through alternative dispute resolution tools, including formal and informal mediation. Kathryn’s key areas of practice and knowledge include aviation, drone (RPAS) regulation, banking, estates, commercial leasing and oppression actions.

All posts Full bio

RELATED POSTS

  • Articles

Hiring a drone services provider? Key liability risks for your business

By Kathryn McCulloch
  • Articles

Recent development in drone delivery commercialization in Canada

By Kathryn McCulloch, Alessandro Bozzelli, and Caitlin Choi
  • Articles
  • Legislation

Counter-drone technology: is it legal in Canada?

By Kathryn McCulloch

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

  • Articles
  • Cases
  • Commentary
  • Events
  • General
  • Legislation
  • Regulations
Dentons logo

© 2022 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site