Law enforcement agencies should not be allowed to use drones for surveillance, digital rights group Internet Freedom Foundation said in its recommendations to the draft drone rules. It also recommended prohibiting the integration of facial recognition technology with drones for surveillance purposes. The Ministry of Civil Aviation had released draft drone rules last month and has invited comments to it until July 10. The rules are an effort to form dedicated regulation around drone usage, as they are currently regulated as part of Civil Aviation Requirements (CAR), enacted in December 2018, under the Aircraft Act.

IFF’s recommendations come in the wake of several law enforcement agencies using drones to surveil people. Notably, the Delhi Police had used the machines for surveillance during the riots that broke out in Delhi earlier this year, and during the national capital’s assembly elections. Problematically, the Delhi Police hired these drones from the open market, which, as we had earlier pointed out, means that the technical capability of these drones, and the companies supplying them remain unknown. Before that, the Delhi Police had also used drones to photograph people protesting against the controversial Citizenship Amendment Act. Several law enforcement agencies including in Delhi, Mumbai, Punjab, Kerala and Telangana also used drones to enforce COVID-related lockdowns.

Other recommendations by IFF

The current draft says that drones should be used in a way that they don’t infringe on the privacy of an individual or property. However, IFF noted that this provision will not be enough to ensure privacy. They recommended:

Capture images from drones only after seeking consent: “Imagery may be captured by an unmanned aircraft of an individual and/or their property when it is personally identifiable only after taking their consent,” the organisation noted. It suggested that the government can notify a form for  recording this consent.

Inform the purpose of capturing images: IFF said that the person who is providing consent should be informed of the purpose of the photography. “A special declaration should be provided if the photography is being done by government authorities. The special declaration should provide the individual with a list of all authorities with whom the personal data collected could be further shared,” it recommended.

Store personal data only till it’s needed: The personally identifiable data collected as part of drone surveillance should only be stored till it is necessary to fulfil the purpose of the photography. “Subsequently, the personally identifiable data should be deleted,” the organisation noted.

Personal data processing should have adequate security safeguards: Processing of personally identifiable data should be done under appropriate security of the personally identifiable data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures including security and technical audits, IFF recommended.

  • “The personally identifiable data collected should be processed lawfully, fairly and in a transparent manner and only for fulfilling the purpose as disclosed to the individual. It should not be further processed in a manner that is incompatible with those purposes,” it added.

Document processes in a cyber security policy: Such practices should be documented within a cyber security policy and made available to persons whose personal identifiable information is being captured, the organisation said.

More from our extensive coverage of drones: