The evolving challenge: Drones and data protection

The evolving challenge: Drones and data protection | Insurance Business Australia

The evolving challenge: Drones and data protection

Drones pose challenging risk management and insurance questions. Clyde & Co says one major reason is because they are an aviation product that crosses over into other industries. According to the global law firm, Australian and international regulatory bodies and insurers are still struggling to address the implications.

“Something that is consuming a lot of time and attention at the moment is privacy,” said Dr Tony Tarr (pictured above), a Brisbane based senior consultant at Clyde & Co with extensive insurance law experience dealing with the development, regulation and insurance of drones.

In February, Clyde & Co announced the publication of Drone Law and Policy. The firm’s media release described the book as the “first of its kind” for outlining drone risks and the evolving regulatory frameworks in Australia, the US, UK and Europe. Tarr was a contributor and editor.

Privacy and data protection are key concerns, said Dr Tarr, because few countries have data protection regulations that are sophisticated enough to deal with the implications of drones.

“The exception is Europe that’s got quite general data protection regulations that drill down into privacy and data protection issues,” he said.

Read more: Drones: first ever book lifts lid on insurance implications

The surveillance abilities of drones are the crux of the issue.

“There’s increasing sophistication in their surveillance equipment and their capacity to invade spaces and areas that would otherwise be impossible for non-invited individuals to attend. This is causing major concerns,” said Dr Tarr.

The case of the Chinese global drone company, DJI, provides an example, he said. The company is still a major supplier of drones to US law enforcement agencies despite the fact the Pentagon has referred to Chinese drones as a security threat. Dr Tarr said the concerns focused around the Shenzhen headquartered company’s use of data.

“Those were concerns associated with the extent to which data collected by drones and utilizing artificial intelligence was distilling from millions of bytes of material those crystal pieces that are of utility, such as power station connectivities and other information around, for example, mining assets,” said Dr Tarr.

According to a Washington Post report in February, DJI is currently facing the prospect of further action by US regulators over its ties to Beijing’s security apparatus that could ‘‘severely limit” its access to US markets.

“DJI was among eight Chinese companies added to a US investment blacklist by the Treasury Department in December over sales of its drone equipment to police in Xinjiang, where US officials said it has been used for surveillance of ethnic Uyghurs,” said the report.

The report also described how the company was already on the Commerce Department’s Entity List, restricting its access to US components.  Since 2017, the US Defense Department has placed a ban on the purchase of DJI drones.

Dr Tarr said this ongoing controversy has caused changes “relative to the ownership and production of drones within the United States.” He said this has led to the US-Canadian drone company Draganfly inheriting much of the work that previously went to DJI.

There are other impacts.

“More recently I noticed that two or three of the Gulf countries have passed particular data protection laws, again, driven by the intrusive nature of drone activity and their capacity to procure all sorts of information about individuals and so forth,” he said.

The insurance implications are still unfolding.

Dr Tarr said some insurers are currently working “quite assiduously” to develop or refine their bespoke policies to accommodate when breaches occur in relation to the collection of data. These situations, he said, can be circumstances where the insurer has failed to comply with data retention regulations, often inadvertently.

“We are working with various global insurers on matters like this,” said Maurice Thompson (pictured below), another drones expert who contributed to and co-edited the book.

Melbourne-based Thompson heads up Clyde & Co’s Australian energy, maritime, natural resources group and its aviation division. He also founded the firm’s Global Drones Group.

Thompson described this privacy issue as a “cross sector problem that aviation classically won’t be able to grapple with by itself.” 

He said aviation regulators are regulating who can fly, not who is flying and collecting data.

“So the regulation side of it might say you can do this, but then you might have privacy legislation that says you can’t be doing it,” he explained.

Read next: Gallagher highlights significance of commercial drone insurance

Thompson said the privacy legislation, sometimes more than a decade old, might never have contemplated a drone. Then, he said, in the US and Australia, there’s also the issue of the different regulations in different states.

“So all of a sudden you have this ridiculous scenario where the aviation regulator has said, ‘You can fly your drone.’ But then as you go state-to-state, each state saying, ‘But you can’t fly it here because you’re actually grabbing data and that’s not allowed,’” said Thompson.