Walsall Housing Group has become the first housing association in the country to secure permission from the Civil Aviation Authority to fly drones over their housing stock. Though other authorities have ruled out using the equipment for cost reasons, Walsall have stated that they estimate the cost savings to be around £20,000 a year.
The move has led to a debate over the legal ramifications, with particular regard to the Data Protection Act 1998. Whilst the legal obligations on domestic drone users are fairly light and essentially extend to a requirement to use them in a responsible way which protects the privacy of others, the requirements on commercial use are more stringent.
The Information Commissioners Office’s (ICO) CCTV Code of Practice provides that as drones are privacy intrusive, justifications for their use are imperative. As such, a company or housing association will ideally need to undertake a ‘privacy impact assessment’ or similar to determine whether drones are appropriate, or whether another method would minimise the privacy impact. This would operate in much the same way as a risk assessment.
The same Code also offers several additional recommendations to ensure compliance with Data Protection:
- Any data captured should be securely stored
- Recording should be limited only to the defined purpose
- Retained data should only be kept for its stated use
- Consider ‘privacy by design’ – eg. Methods or technologies which allow restricted views or a specific focus.
- Data access should be restricted to only those who need it
- Consider ways to provide fair processing information to those likely to be affected.
The guidance from the ICO indicates that Housing Associations, and all other companies looking to integrate drones into their processes, should be aware of the data implications. Whilst HAs like Walsall Housing Group evidently see a cost advantage, that net benefit may in some cases be eroded by the additional administration costs of satisfying their information obligations.