Drone reforms needed to protect privacy
The Australian August 17, 2017
Rapid technological developments have made drones far more accessible and widely used recreationally and commercially. As a result, drones pose a serious threat to personal privacy.
Serious invasions of privacy range from inadvertent surveillance and collection of personal information through photographs to criminal conduct such as stalking. The Australian Privacy Commissioner, Timothy Pilgrim, has said that the community is becoming more aware and concerned about drone use and its associated privacy risks.
The Australian Civil Aviation Safety Authority is Australia’s aviation safety regulator but its responsibility is limited to aviation safety; drone privacy issues do not fall within its purview. It will not investigate breaches of privacy.
The Office of the Australian Information Commission is the Australian government agency primarily responsible for privacy. Individuals covered by the Commonwealth Privacy Act 1988 can make complaints to the OAIC.
However, drone privacy is only protected to a limited extent at the federal, state and territory levels. The Privacy Act is the primary statute that regulates privacy in Australia. However, there are issues in terms of its application to the regulation of drones.
First, it predominantly focuses on protecting the appropriate handling of ‘‘personal information’’ contained in a record rather than behavioural privacy protection. This has been acknowledged by Dr Roger Clark from the Australian Privacy Foundation. The Privacy Act only applies where drones collect footage containing identifying information.
More significantly, the Privacy Act only regulates Australian government agencies and some private sector organisations. Commissioner Pilgrim has recognised that drones operated by individuals are not subject to privacy laws. Small businesses with an annual turnover of less than $3 million are also largely unregulated, which poses serious problems.
The increasing availability of low-cost drones means that in practice, drones are, and will be, largely operated by individuals and small businesses. Current privacy laws do not provide overarching protection to Australians; there is no avenue of redress if harm occurs in these circumstances.
Some states and territories have enacted privacy laws. However, these also generally apply only to government agency activities.
Further, anti-stalking laws only apply in limited circumstances. For example, in Queensland, it is illegal to record someone without their consent if they are in a private place or conducting a private act.
Tort law provides limited protection where drones trespass or injure a person or property.
Some states and territories regulate the public use of surveillance devices. The scope of these laws, and their application to drones, varies considerably between jurisdictions. In Western Australia, inadvertent recording of private behaviour that occurs through lawful aerial photography is exempt.
Tasmanian and Queensland legislation only protects against devices that make audio recordings. Other states’ laws are also concerned with visual recordings.
Privacy laws in Australia are deficient in protecting against the invasive use of drones. Surveillance and tort laws do not aid in addressing this deficiency.
There have been persistent calls for privacy law reform, and change is required. In the 2014 Eyes in the Sky report, the Commonwealth House of Representatives standing committee warned that drones have the potential to pose a serious threat to the privacy of Australians by intruding — intentionally or inadvertently — on private personal or business activities.
The standing committee recommended — as did the Australian Law Reform Commission that same year — the reform of laws on harassment and stalking by introducing a tort of privacy for unreasonable interference in private spaces. This would address interruption of privacy and misuse of personal information.
The Law Reform Commission proposed that this tort of privacy should only apply to serious invasions of privacy in order to balance the right to privacy with freedom of expression, open justice, and national security. Commissioner Pilgrim said this should be achieved by extending the existing privacy complaint framework to actions by individuals where there are serious invasions of privacy.
Commissioner Pilgrim additionally suggested developing Australian Privacy Principles (APPs) with respect to drone use. Registered APP codes are binding and provide industries already covered by the Privacy Act with additional rules for handling personal information. Where there is non-compliance, entities covered by APP codes are subject to all regulatory powers available in the Privacy Act.
In 2014, the standing committee recognised that it is imperative to amend privacy laws to more adequately address drone privacy issues. To date, however, there has been no such amendment.
In December last year, the Australian government rejected the standing committee’s suggestion of a new tort of privacy. The government considered that it would increase the regulatory burden and that it is sufficient for individuals covered by the Privacy Act to report to the OAIC.
Developments in technology and the vastly increasing use of drones present serious privacy issues. Without more comprehensive regulation, Australia’s privacy protections will remain insufficient to balance drone use and the privacy of citizens.