Don’t have personal information flying around: get up to speed with drone regulations

Don’t have personal information flying around: get up to speed with drone regulations

Don’t have personal information flying around: get up to speed with drone regulations

An increase in drone usage leads to an increase in privacy infringement concerns.

The Protection of Personal Information (POPI) Act regulates how personal information is processed. Processing is the automated or non-automated activity of collecting, recording, organising, storing, updating, distributing and even deleting personal information. 

The classification of drones

Drones are classified as a remotely piloted aircraft system (RPAS) that is regulated by the South African Civil Aviation Authorities Regulations. RPAS is defined as an unmanned aircraft piloted from a remote pilot station, excluding model aircraft and toy aircraft.

Drones are unique in that they are characterised by their ability to gain access to places which a person under normal circumstances cannot access, along with the fact that they can stream live footage without the relevant person even being aware of it, never mind consenting to it. Since another characteristic is that the drone can be operated from a distance, it will be difficult to identify the drone operator in order to lodge a complaint of privacy infringement.

Important tips for drone operators

If you are a drone operator, whether for commercial or non-commercial purposes, be careful not to do the following without permission or consent:

  • Fly over private property;
  • Fly over a person or group of people;
  • Follow people around;
  • Fly over a nuclear power plant, prison, police station, crime scene, court of law, national key point or a strategic installation;
  • Operate a drone near an airport;
  • Record live footage or take photos of people who will be identifiable;
  • Record residential addresses, car number plates or any other element that can allow identification of a person; and
  • Share any personal information of an individual on the internet or with any other individual (remember that location information is also classified as personal information).

What should you know about the current South African Civil Aviation Authorities Regulations regarding drones?

  • Anybody over the age of 18 can purchase a drone.
  • It is the responsibility of the drone owner to acquaint themselves with the drone regulations. The retailer must inform the buyer to do so.
  • The operator must abide by privacy laws and will be legally liable in the event of non-compliance.
  • If the drone is used solely for non-commercial purposes, the following regulations apply:
    • The drone owner may not have any commercial interest;
    • No licensing is required;
    • There is no obligation to have the remotely piloted aircraft approved and registered;
    • The drone must be operated on property owned by the operator or other property where the operator has permission to operate a drone;
    • The drone may not be further than 500 meters away from the operator; and
    • The drone may never be higher than any obstacle within 300 metres from the operator.
  • If the drone is used for any commercial purpose, the following regulations apply:
    • The drone must be approved and registered with the South African Civil Aviation Authorities;
    • The drone operator must have a remote pilot aircraft (RPA) licence;
    • Operators must be older than 18 years in terms of the licence requirements;
    • A revalidation check is required before the expiry of the licence; and
    • Operators are required to maintain a pilot logbook that captures the details of each flight.

Conclusion

The review conducted by the regulator in 2017 again identified an increase in drones flying over private property and following people around without permission despite these regulations being in place. This is directly as a result of consumers not being informed as to how these regulations should be implemented.

It is worth mentioning that it is always valuable for South Africans to look at the European regulations and legislation in order to anticipate where the industry’s legislation is heading.  If you need more information about drone regulations in other countries, it is recommended that you consult the European regulations. We will keep you informed about the latest developments in this industry.

Whilst the main focus of the POPI Act is on compliance, our approach at SERR Synergy is to implement compliance in such a way that it provides business value to our clients and allows for improvement in efficiencies and effectiveness by means of compliance requirements.

About the Author: Monique Rossouw completed her BConsumer Science degree at the University of Pretoria. She joined our team in July 2018 and currently holds the title of “Information Compliance Advisor”. She specialises in compliance with the Consumer Protection Act as well as the POPI Act and PAIA. This includes compiling compliance status reports and policies along with the other assessment aspects relating to consumer protection requirements. She compiles and submits PAIA manuals to the Human Rights Commission and implements Information Security Management Systems (ISMS) to identify risks associated with information security in each department of the organisation.   

Sources:

http://geoawesomeness.com/gdpr-drone-pilots-8-guidelines/

http://www.polity.org.za/article/processing-personal-information-in-terms-of-popi-2014-03-07

https://www.pressreader.com/south-africa/citypress/20190127/282368335865545

Huneberg, S. (2018). “The rise of the drone: Privacy concerns” in Nagel, C.J. Journal of contemporary Roman-Dutch law. Morningside: LexisNexis (Pty) Ltd. p 263-280.

You May Also Like

 
Beginners guide to practical Cybersecurity
December 10, 2018
Every 40 seconds, a company gets hit by ransomware, with hackers breaching up to 12 million files per minute. Unfortunately, it's far more sophisticated and disruptive to your business operations.
 
The modern battlefield of Direct Marketing
March 05, 2019
One often feel overwhelmed by all these rules and how to comply with legislation, but in essence  the main objective of the Consumer Protection Act (CPA) is simply to provide a fair and sustainable market place for consumers.  Bearing this in mind, it is far easier to comply wi
 
A checklist when preparing for POPI and Data Laws
September 04, 2017
The Protection of Personal Information Act (POPI) may not yet be effective, but businesses need to make compliance a top priority for 2017.  Irrespective of whether POPI has been fully implemented, businesses are required to exercise a duty of care in respect of the personal in