In which new or innovative ways do you think RPAS will be used in the future?



Similar documents
Civil Aviation Authority. Regulatory Enforcement Policy

Best Practices for. Protecting Privacy, Civil Rights & Civil Liberties. Unmanned Aircraft Systems Programs

European Commisson involvement in civil drones. Jean-Pierre LENTZ DG Enterprises RPAS 2014 Concerence

Opening the European Sky to UAS From military to civilian

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION. of

RECOMMENDATIONS COMMISSION

A. Background. In this Communication we can read:

The 7 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 15 th 2012

ASTRAEA the findings so far

RIGA DECLARATION. ON REMOTELY PILOTED AIRCRAFT (drones) "FRAMING THE FUTURE OF AVIATION" Riga - 6 March 2015

How To Respond To The Nti'S Request For Comment On Big Data And Privacy

Space Applications and Technologies Expo Rome, Italy February 4 6, 2010

ETNO Reflection Document in reply to the EC consultation on Future networks and the Internet early challenges regarding the Internet of things

International Working Group on Data Protection in Telecommunications

E-PRIVACY DIRECTIVE: Personal Data Breach Notification

SURVEILLANCE AND PRIVACY

ANNEX ENLETS. Work programme European Network of Law Enforcement Technology Services /13 EB/hm 2 ANNEX DG D 2C LIMITE EN

SESAR Studies & Demonstration Projects on RPAS & Cyber-Security

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

COMMISSION RECOMMENDATION. of

Summary of feedback on Big data and data protection and ICO response

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 3 February /12 LIMITE JAI 53 USA 2 DATAPROTECT 13 RELEX 76

DRAFT WHITE PAPER ON CIVIL AVIATION CRAFTING NEW POLICY FOR SA AVIATION

REFORM OF STATUTORY AUDIT

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking

The potential legal consequences of a personal data breach

Green paper on the management of biowaste in the European Union

INFORMATION GOVERNANCE STRATEGY

EUROPEAN CIVIL RPAS OPERATORS FORUM

European GNSS Applications in Horizon 2020

The RFID Revolution: Your voice on the Challenges, Opportunities and Threats. Online Public Consultation Preliminary Overview of the Results

A Risk Management Standard

The RFID agenda of the European Commission. Florent Frederix European Commission Directorate General Information Society and Media

Under European law teleradiology is both a health service and an information society service.

RPAS-EASA update EUROCAE, WG-73, 12 February, Eric Sivel, Innovation and Research Programme Manager

Committees Date: Subject: Public Report of: For Information Summary

COUNCIL OF THE EUROPEAN UNION. Brussels, 22 November /06 DATAPROTECT 45 EDPS 3

Volunteer Managers National Occupational Standards

BEREC Monitoring quality of Internet access services in the context of Net Neutrality

SESAR RPAS R&D ROADMAP DEVELOPMENT

Opening the airspace to UAS - ASTRAEA s next phase

Crime Statistics Data Security Standards. Office of the Commissioner for Privacy and Data Protection

Minister Shatter presents Presidency priorities in the JHA area to European Parliament

Overview of NM and CDM

Data Protection Act. Conducting privacy impact assessments code of practice

DELIVERING OUR STRATEGY

Privacy impact assessment and risk management

Accountability: Data Governance for the Evolving Digital Marketplace 1

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

Initial appraisal of a European Commission Impact Assessment

I. Personal data and its use in the business to business environment.

Position Paper. Orgalime response to the Public consultation on the. collaborative economy - Digital Single Market Strategy follow up assessment

Lobbying: Sweet Smell of Success?

EASA THE EUROPEAN ADVERTISING STANDARDS ALLIANCE ADVERTISING SELF-REGULATION IS BETTER REGULATION

Article 29 Working Party Issues Opinion on Cloud Computing

Concept of Operations for Drones A risk based approach to regulation of unmanned aircraft

EXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS No. 2199

Memorandum! Is Big Data the right recipe for Europe?

European Union Law and Online Gambling by Marcos Charif

Response of the German Medical Association

European Commission initiatives on e- and mhealth

The new EU Clinical Trials Regulation How NHS research and patients will benefit

The eighth data protection principle and international data transfers

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

13.0. Safety Management and Airspace Protection

COMMITTEE ON STANDARDS AND TECHNICAL REGULATIONS (98/34 COMMITTEE)

Official Journal of the European Union L 13/3

Professional Capability Framework - Senior Social Worker

Organisation for Joint Armament Co-operation Executive Administration

DOC NO: INFOSOC 52/14 DATE ISSUED: June Resolution on the open and neutral Internet

European ADS-B Regulation

Microsoft Response to DCMS Communications Review for a Digital Age

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

AUGUST FOLLOW-UP ON NEW RULES AND REGULATIONS by Rudi Schuegraf

RPAS Symposium, March 2015

Communication Satellites for European Defence and Security: Challenges and Opportunities

Business and human rights:

RPAS Stakeholder Hearing Third-party liability insurance requirements

CEN and CENELEC response to the EC Consultation on Standards in the Digital Single Market: setting priorities and ensuring delivery January 2016

Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS. April

COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY,

APUC Supply Chain Sustainability Policy

Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. Space, Security and GMES Security Research and Development

Transcription:

Written evidence Submitted by Trilateral Research & Consulting On the House of Lords Select Committee on the European Union call for evidence on Civil use of remotely piloted aircraft systems (RPAS) in the EU 1. Trilateral Research & Consulting is a specialist research consultancy focused on issues related to risk, security, privacy, data protection and new technologies. We have conducted more than 20 research projects for the European Commission (under the 6th and 7th Framework Programmes), a range of tenders for the European Commission, the Information Commissioner s Office and the UNHCR as well as private sector services. All of Trilateral s research is focused on providing policy recommendations for the safe and responsible deployment of new technologies, with a particular focus on respect for privacy, data protection and other fundamental rights. Trilateral has examined the civil deployment of RPAS in an EC-funded project called PRESCIENT Privacy and Emerging Fields of Science and Technology and a tender for DG Enterprise on the Privacy and data protection issues associated with civil RPAS. We have peer-reviewed publications on the civil use of RPAS and our researchers are recognised experts in this field. Do you agree with the priorities identified in the European Commission s Communication for opening the aviation market to the civil use of RPAS? Are there other priorities which should have been included? 2. Trilateral agrees that safety is a key consideration with respect to civil RPAS, and the protection of people and their property should be the primary priority of the policy push in this area. This includes integrating RPAS into the single European sky and protecting the security of RPAS and their operations. This also includes a clear identification of the liabilities of different stakeholders involved in the RPAS sector, as a clear liability structure will support compliance by relevant organisations. The protection of citizens fundamental rights should also be understood as a key priority in relation to the integration of civil RPAS into European airspace. Any use of RPAS for civil purposes which does not adequately respect fundamental rights is essentially operating outside of European and Member State law, and as such, should be treated as seriously as breaches of safety regulations. However, RPAS operators and manufacturers are often well informed about aviation regulations and less well informed about privacy, data protection and other fundamental rights. This situation needs to be rectified both at the European and national levels. Supporting the market in relation to RPAS manufacturing and services is also important, but it should not be prioritised over considerations of safety or fundamental rights. What are the advantages and disadvantages of regulating RPAS at the national, EU or international levels, for example in the International Civil Aviation Organization (ICAO)? Are the EU s actions, proposed or otherwise, consistent with developments in non-eu countries, for example in the United States? 3. As Trilateral s expertise is focused on privacy and data protection, we will limit our answer to this question accordingly. The advantage of regulating RPAS at the national level is that privacy and data protections laws are clearer for RPAS operators and manufacturers, and there is greater likelihood of relevant jurisprudence in this area to assist in answering practical queries. Furthermore, many countries have laws or soft 1

law measures (e.g., codes of conduct) relevant to RPAS operations that could be used to provide guidance on privacy, data protection and other fundamental rights issues. For example, the UK has the CCTV Code of Practice developed by the Information Commissioner s Office. 1 These laws and other measures can assist RPAS representatives in identifying when privacy is likely to be infringed, when personal data is being collected, and what measures they should consider to mitigate these issues. Furthermore, each country has a specific agency, e.g., a Data Protection Authority or other body, to whom citizens, organisations or other interested parties can raise questions, issues and complaints. From the perspective of citizens and local and national authorities, national regulation might be more attractive. 4. However, regulation at the European level offers many advantages, particularly from the perspective of industry stakeholders that are operating across European borders. Specifically, there is no harmonisation of, for example, the definition of personal data between different Member States in the European Union. Furthermore, because RPAS are, themselves, such complex devices that can collect a myriad of different types of data, this lack of harmonised definition has significant impacts on the predictability of the regulatory environment. This is especially true as the RPAS industry grows, expands and matures. Regulation at the European level would provide more legal certainty and a predictable environment. In which new or innovative ways do you think RPAS will be used in the future? 5. Many of the new and interesting ways that RPAS will be used in the future will be to make the collection of data mobile. This includes the collection of personal data or data relating to people, as well as data that have little to do with people (e.g., environmental data, etc.). One of the most interesting and potentially troubling aspects of RPAS is their ability to operate undetectably and to enter spaces that were previously difficult or impossible to access. For example, RPAS could fly inside buildings, can access private gardens, and can also access areas of a crowd that might have been difficult to surveil from the edges (e.g., protests, concerts and other events). As such, RPAS may fundamentally change the nature of surveillance, and have significant impacts of privacy, data protection and fundamental rights. 2 In addition to the expanded use of visual payloads, the sensors and other technologies that can be connected to an RPAS are many, particularly as these other technologies become miniaturised. These could be used to infringe many different types of privacy, including privacy of location and space, privacy of behavior and action, bodily privacy, privacy of association, privacy of data and image and privacy of communication. 3 6. Many RPAS operators and manufacturers are beginning to consider their RPAS as machines through which they can collect massive amounts of data. Much of this data is being collected and processed in real time and is coming from a variety of sensors. As such, it meets the core definition, originally offered by Gartner, of big data in the 1 Information Commissioner s Office, CCTV Code of Practice, Wilmslow, 2008. There is also a draft, revised version that is currently the subject of public consultation. 2 Finn, Rachel, and David Wright, Unmanned aircraft systems: Surveillance, ethics and privacy in civil applications, Computer Law & Security Review, Vol. 28, No. 2, 2012, pp. 184-194. 3 Finn, Rachel, David Wright and Michael Friedewald, Seven types of privacy, in Serge Gutwirth, Yves Poullet et al. (eds.), European data protection: coming of age?, Springer, Dordrecht, 2013. 2

sense that it is high volume, high velocity and is of significant variety 4 However, like all new information and communication technologies, this collection and processing of big data related to people raises significant risks when the following issues emerge. 1. When the data processing by RPAS is focused on the usual suspects whose rights are often infringed by new surveillance and monitoring technologies (protesters, consumers, people marginalised by race, class, gender or other social categorisations) 5 2. When the data collected is linked to other data sets to create profiles of specific groups of people or to identify individual people 6 3. When the big data sets are processed and used to infer causal relationships without sufficient theoretical support. 7. Each of these issues may cause harm to people on the ground by infringing upon their fundamental rights, including rights to the protection of personal data and rights to privacy. Research on media reports about the use of RPAS in Europe, the US and Canada has already revealed that RPAS operations by authorities in particular already target protesters, youth on council estates, squatters and other marginalized populations. 7 The deployment of RPAS on a large-scale will likely augment this disproportionate attention. Furthermore, many big data processing activities focused on people aim to discriminate between different categories of people in order to tailor products and services. 8 Additionally, as more and more data is collected, the linking of this data may reveal intimate details about a person s habits, preferences, etc. resulting in a privacy infringement. 9 It may also impact upon people s life chances in that decisions may be made about individuals based on profile information that has little relationship with their real circumstances. This is particularly problematic as the processing of large data sets often result in the identification of spurious relationships relationships between data points that are the result of chance but which emerge simply because the data set is so large. 10 Therefore, the linking of emerging big data applications with RPAS data collection may result in significant impacts on people s fundamental rights and life-chances. What is your view of the estimate by the AeroSpace and Defence Industries Association of Europe that RPAS activities will create about 150,000 jobs in the EU by 2050? What are the factors that might restrict the growth of the RPAS market? 8. Trilateral is not in a position to provide estimates of the commercial market for civil RPAS. However, we do feel that a lack of understanding of manufacturers and operators liabilities with respect to privacy and data protection may introduce costs that could negatively impact the growth of the RPAS market. Specifically, the 4 Laney, Douglas, The Importance of 'Big Data': A Definition, Gartner, 2012. https://www.gartner.com/doc/2057415?ref=clientfriendlyurl 5 Finn and Wright, op. cit., 2012. 6 Finn, Rachel, and Kush Wadhwa, The Ethics of Smart Advertising and the Regulatory Initiatives in the Consumer Intelligence Industry, Info, Vol. 16, No. 3, 2014, pp. 22-39. 7 Finn and Wright, op. cit., 2012 8 Finn and Wadhwa, op. cit., 2014. 9 Ibid. 10 Boyd, Danah, and Kate Crawford, Critical Questions for Big Data: Provocations for a Cultural, Technological, and Scholarly Phenomenon, Information, Communication, & Society, Vol. 15, No. 5, p. 662-679. 3

research conducted for DG ENTR included a survey of civil RPAS practices among industry representatives, including RPAS manufacturers and operators. The associated research is ongoing, and the survey results will be released at the close of the project in late 2014 or early 2015. The survey found that the majority of the 91 self-selected RPAS manufacturers and operators who responded reported basic or poor understanding of European and national privacy and data protection laws. Furthermore, the same survey revealed that at least half of RPAS operators are probably collecting personal data during their missions. This means that there is a significant gap between the practices of civil RPAS operators and their legal obligations. This gap could introduce liabilities to the RPAS sector that could inhibit the growth of the market, while at the same time introducing risks to European citizens that their personal data is not being adequately protected. As such, it carries the potential to negatively impact the industry sector as well as members of the public. Will the existing competences of Member States for the safety of military and civil aircraft, as well as for more general issues such as the allocation and use of radio spectrum, be impacted by the proposed changes in the remit of the European Aviation Safety Agency (EASA)? 9. This is outside the scope of Trilateral s expertise. Are the existing data protection, liability and insurance regimes at EU and Member State levels sufficient to address the concerns raised by the potential greater use of RPAS, or are changes required? 10. The research carried out by Trilateral for the EC s DG Enterprise, in partnership with Vrije Universiteit Brussel, has found that the existing data protection regime, and especially the changes flowing from the proposed Data Protection Regulation, are adequate to address privacy and data protection issues raised by RPAS. However, our analysis reveals that there is a significant gap in RPAS industry representatives understanding of their privacy and data protection obligations and there is a significant gap in enforcement of data protection principles. Specifically, many commercial RPAS operations are posing significant risks to privacy and the protection of personal data. Yet, RPAS operators are not aware of or adequately addressing the following European data protection principles: Transparency Consent Accountability Data security Data minimisation Proportionality Purpose limitation Rights of access, correction and erasure This is a significant problem, as it can harm members of the public and the industry itself. Ensuring that transparency protocols are met will be a significant step in ensuring the accountability of RPAS operators and manufacturers. 11. In addition, the current data protection regime also leaves significant gaps in 4

respect of the household exemption. In the survey conducted by Trilateral for DG ENTR, Data Protection Authorities, Civil Aviation Authorities, RPAS industry representatives and civil society organisations all recognised private use of RPAS as representing the greatest threat to privacy, data protection and safety. This gap has not yet been adequately addressed by the legislation, and instead, individuals who are negatively impacted by RPAS must rely on laws surrounding harassment or stalking for legal recourse. 12. Trilateral also welcomes the addition of an obligation to consider privacy by design in the proposed General Data Protection Regulation as well as the obligation to carry out a Data Protection Impact Assessment (DPIA) or a privacy impact assessment (PIA). If the RPAS industry is adequately educated about these two measures and their associated obligations, we feel that many of the potential negative impacts of RPAS on privacy, data protection and fundamental rights could be identified early and prevented. The strength of such impact assessments is that they enable the regulatory framework to take account of the heterogeneity of RPAS technologies and missions. However, we caution that a PIA must not take a checklist approach and must be accompanied by a commitment to adequate training in order to ensure that RPAS operators are aware of their obligations. 11 13. We recommend that RPAS operators that are likely to collect data about people undertake a privacy impact assessment before conducting each type of operation. This will ensure that privacy, data protection and other fundamental rights are respected at the beginning, planning stages of the data collection, and that companies avoid costly retro-fixes or liabilities by reducing the risks their operations pose. We also specifically recommend that the European Commission or national policy-makers commission a privacy impact assessment framework, similar to the one that was constructed in relation to RFID and smart meters and evaluated by the Article 29 Working Party. Such a framework would assist the RPAS industry in recognising, understanding and meeting their legal obligations whilst protecting the fundamental rights of members of the public. Is EU research and development funding for RPAS sufficiently targeted towards the most important issues, for example, getting the airspace regulatory framework right, as against improving the limited airworthiness of today s small and lightweight RPAS? 14. In addition to the funding that has been allocated to study airworthiness, liability and insurance and privacy and data protection, Trilateral would argue for the allocation of funding to a transparency tool which would enable a holistic regulation of these issues with respect to RPAS. We feel that EU research should set aside funding to construct a recognition system for RPAS that would enable each and every RPAS to be identifiable, both in real time and in the event of a crash. This would require RPAS to carry mandatory, unique identifiers that would also enable the RPAS to be tracked via GPS using a centralised system. 12 It would also require a 11 For more information on privacy impact assessments see Wright, David, and Paul de Hert, Privacy Impact Assessment, Springer, Dordrecht, 2012. 12 Such a system was also suggested by the International Working Group on Data Protection in Telecommunications, Working Paper on Privacy and Aerial Surveillance, 54th Meeting, Berlin, 2-3 September 2013. 5

centralised database of RPAS and their unique identifiers and well as their operators and contact information. Such a system would be a robust transparency tool that would enable citizens to immediately identify the RPAS, the operator and the avenue through which they could find out additional information. There is a significant opportunity to link accountability with regard to safety and liability and the protection of privacy, personal data and other fundamental rights. 15. Finally, as noted above, Trilateral recommends providing funding to commission a PIA framework for RPAS. Given the complexity of RPAS technologies and missions, a PIA framework would offer clear guidance about good practice in assessing the potential impacts of RPAS missions on privacy, data protection and other fundamental rights. Furthermore, such a methodology would also result in a harmonisation of practices across Europe. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information