Policy reflection paper on civil drones and regulations in EU

RPAS technology is expected to be a key to the future competitiveness of the European aeronautics industry. RPAS offers a real opportunity to foster job creation and a source for innovation and economic growth for the years to come. The lack of harmonized regulations across Europe forms one of the main obstacles to RPAS market and to integrate them in European non-segregated airspace. The difficulty of validation of the RPAS technology is another main aspect, since a malfunction of a RPAS mid-flight could cause severe damage to humans and property. As the rise of drone use is expected to increase in the near future, it is important to address their implications with respect to privacy and citizen’s rights regulations.

In light of the foregoing criticism and problematic nature of the use of RPAS, a holistic strategy and targeted policies on a European level should be implemented including practical steps. It is crucial for the European Commission to give citizens confidence that high levels of protection in terms of safety, security and privacy will be assured. In H2020, R&D, projects are needed to ensure the progressive integration of RPAS into civil aviation. To achieve this, it is important for the European Commission to define specific actions under Horizon 2020 and COSME to support the development of RPAS and ensure that the stakeholders involved (in particular SMEs) will have a comprehensive view of these tools and establish the necessary cooperation mechanisms ‎[5].

The European Commission should assess the way of how RPAS applications are compliant with data protection rules, by consulting experts and relevant stakeholders (put this under bracket) who are mainly manufactures and operators on the one side and civil society of the other side. Of high importance is also the assurance by the European Commission – within the limits of “available resources “ ‎[5] – that R&D will be taken into account in the SESAR2020 Programme[1] as necessary (ibid.). It will examine the regulatory preconditions to integrate RPAS, covering important issues (ethics, data protection, privacy integrity) and ensure a coherent and effective policy. A Code of Practice, that will have the legitimation from stakeholders, is needed to cover the procedures and authorising surveillance.

Future policy measure should focus on:

• The need for privacy by design, which is a concept that encourages organizations to inscribe or to build privacy in and across products and business ecosystems. More accurately, privacy protections can be operationalized through a combination of technical solutions during product development and “embedding privacy” into an organization’s operation. Whilst in many jurisdictions there are specific rules about operating and licensing a drone, there are yet no drone-specific data protection regulations. That raises the need to push forward initiatives and working documents such as “Opinion 01/2015 on Privacy and Data Protection Issues relating to the Utilisation of Drones” .
• Adopting a holistic, value-sensitive and normative approach by the Privacy by design towards safeguarding privacy when dealing with (new) potentially privacy-intrusive systems^[2].The approach of privacy by design is particularly important with regard to drones as the most significant concerns about their use lie exactly in the advanced equipment such machines may carry. It is suggested such a mechanism may motivate those who deploy RPAs for civil applications “to focus on what they should do, rather than what they may do”^[3].
• Discussing RPASs themselves in the context of privacy by design^[4], since till now the public debate about privacy concentrated on suggestion of organizational measures and mainly on the restriction of drones’ use to specific operations. The Recommended Guidelines for the use of Unmanned Aircraft issued in 2012 by the International Association of Chiefs of Police Aviation Committee constitute a first attempt to deal with this issue, but apart from some recommendations to enhance transparency^[5], they focus on system requirements and operational procedures on a very generic way^[6]. They contain very few statements concerning the way they could technologically be adapted to legal requirements.
• Supplying the industry with less generic system requirements and operational procedures allowing for easier adaptation to legal requirements.
• Forcing industry & Government to jointly conduct risk evaluations taking into consideration current societal values and concerns as well as future expectations of the notion of privacy.
• Insuring more involvement and empowerment of the National Data Protection Authorities in the process of regulation and control of the drones use, but in a manner that doesn’t hinder their development.
• Creating citizen observatories and online information platforms (one stop shops) in order to provide legal and technical information on responsible use of drones.
• Establish codes of conducts and professional charters for ethical use of RPASs for RPASs operators and professionals in the field.