US agency releases privacy 'best practices' for drone use

The National Telecommunications & Information Administration released Thursday a list of voluntary privacy best practices for commercial and non-commercial drone users, in the wake of concerns that drones could encroach on individual privacy and open a new front in the collection of personal data for commercial use. The privacy guidance, arrived at in consensus with drone organizations and companies like Amazon and Google's parent Alphabet, recommends that drone operators who collect personal data should have a privacy policy that explains what personally identifiable information they will collect, for what purpose the data is collected and if it will be shared with others, including in response to requests from law enforcement agencies. The guidelines also encourage drone operators to avoid using or sharing personal data for marketing purposes without consent of the individual. Drone operators should also not use personal data without consent for "employment eligibility, promotion, or retention; credit eligibility; or health care treatment eligibility other than when expressly permitted by and subject to the requirements of a sector-specific regulatory framework." Data collected should also not be held beyond a reasonable period, without the consent of the individual, or in exceptional circumstances, such as legal disputes or safety incidents.