Piyo : Poppo, I'm doing real estate photography with drones. Am I allowed to capture images of neighbors' properties? What about privacy laws?

Privacy Act Obligations for Drone Operators

If Collecting Personal Information

You must:
  1. Inform individuals that you're collecting their personal data

  • Physical notice (e.g., sign at event)
  • Verbal announcement (e.g., "Drones filming today")
  • Written notice (e.g., contract clause)

  1. Collect only necessary information

  • Don't record more data than needed
  • Don't film other areas incidentally
  • Minimize collection of identifiable data

  1. Use information for stated purpose only

  • If filming for client, use photos only for client's purposes
  • Don't republish without consent
  • Don't sell data to third parties

  1. Keep data secure

  • Encrypt photos/videos
  • Limit access to authorized personnel
  • Secure storage (encrypted drives, password-protected servers)

  1. Permit individuals to access their data

  • If person requests copy of their photos, provide them
  • Respond within 30 days (Privacy Act requirement)
  • May charge reasonable cost

  1. Delete data when no longer needed

  • After client project complete, can delete photos (unless contractually required to retain)
  • Secure deletion (not just move to trash)
  • Document deletion

If NOT Collecting Personal Information

You don't have Privacy Act obligations if:
  • Photographing only property/landscapes
  • Capturing crowd scenes (individuals not identifiable)
  • Filming public infrastructure
  • Capturing no personal data
  • Specific Privacy Scenarios

    Aerial Photography for Real Estate Sales

    Standard practice:
    • Photograph property (building, grounds)
    • Incidentally capture neighboring properties
    • Capture public streets/infrastructure

    Privacy Act status:
    • LEGAL — no personal data captured (buildings are property, not people)
    • LEGAL — street view (public space)
    • LEGAL — neighbor's house (property, not people)

    Violation example:
    • Photographing through neighbor's windows
    • Capturing pool/garden revealing private activities
    • Recording voices/activities of identifiable people

    Safe practice: Frame shots to show target property and surrounding context without focusing on neighbor's private areas.

    Agricultural Drone Operations (Crop Spraying)

    Data collected:
    • GPS coordinates of farm
    • Crop health data (via multispectral imaging)
    • Spray application patterns

    Privacy Act implications:
    • LEGAL — collected on agricultural property
    • LEGAL — data not personally identifiable
    • Exception: Farm worker names/training records (if employment-related)

    Safe practice: Collect data on your client's farm only. Don't share with third parties without consent.

    Surveying Urban Properties

    Data collected:
    • Building dimensions and locations
    • Infrastructure visible in images
    • Neighboring properties incidentally captured

    Privacy Act implications:
    • LEGAL — property surveying (not personal data)
    • CONDITIONAL — if capturing identifiable people (e.g., faces in windows)
    • LEGAL — public streets visible in photos

    Surveillance vs. Photography

    When is Drone Imagery "Surveillance"?

    Surveillance = systematic monitoring for security/tracking purposes Triggers stricter rules:
    • Intentional monitoring of specific person/location
    • Repeated observation over time
    • Data used for tracking/profiling
    • Security footage (continuous recording)

    Examples:

    Operation Surveillance? Privacy Obligation
    One-time real estate photo No Minimal
    Wedding videography (event) No Consent from organizer
    Neighbor behavior monitoring YES Criminal offense
    Farm security (perimeter monitoring) YES Warning sign required
    Building construction monitoring No Normal privacy rules
    Police/government border patrol YES (exempted) Exemption applies

    Surveillance Regulation (State-Specific)

    Surveillance Devices Act 1999 (NSW) — example state law Prohibits secret surveillance that interferes with privacy:
    • Intentional recording of private conversations
    • Secretly monitoring person's activities
    • Installing surveillance device on someone else's property
    • Systematic monitoring without consent

    Data Security & Retention

    Secure Storage Requirements

    Privacy Act requires:
    1. Encryption

    • Photos/videos on external drives: encrypted
    • Cloud storage: password-protected, encrypted
    • Server storage: firewalled, backed-up, encrypted

    1. Access Control

    • Only authorized personnel access data
    • Passwords changed regularly
    • Multi-factor authentication (recommended)
    • Log access to sensitive data

    1. Incident Response

    • Data breach plan in place
    • Notify affected individuals if breach occurs
    • Report to OAIC (Office of Australian Information Commissioner) if serious

    Retention Period

    Keep data as long as:
    • Client project ongoing
    • Client requires retention (specified in contract)
    • Legal hold applies (litigation, dispute)

    Delete data when:
    • Project complete and no longer needed
    • Client requests deletion
    • Retention period expires (client-specified)
    • Securely delete (cryptographic erasure or physical destruction)

    Personal Data Deletion

    If individual requests deletion:
    • Respond within 30 days
    • Confirm deletion method (secure deletion, not just moved to trash)
    • Provide confirmation of deletion
    • Client Contracts & Privacy Clauses

      Essential Privacy Clause in Client Contracts

      Every drone photography contract should include:

      `` PRIVACY & DATA PROTECTION:

      1. CLIENT OBLIGATIONS:

      • Client responsible for obtaining consent from third parties
      • Client indemnifies operator against privacy claims
      • Client confirms no private individuals require consent

      1. OPERATOR OBLIGATIONS:

      • Operator collects data only for stated purposes
      • Operator maintains data confidentially
      • Operator deletes data upon project completion (unless specified)
      • Operator secures data during retention period

      1. DATA SHARING:

      • Client owns all photos/videos captured
      • Operator may not share/republish without client consent
      • Client may use images for stated purpose only

      1. DATA RETENTION:

      • Operator retains backup copies for [X days]
      • Client requested retention beyond [X days] incurs additional fees
      • All data deleted securely upon project completion

      Penalties for Privacy Violations

      Civil Penalties

      Privacy Act breaches:
      • OAIC can issue compliance notice
      • Compensation order: up to A$2.5M
      • Reputational damage (public complaints)

      Criminal Penalties

      Surveillance violations (NSW example):
      • Secret surveillance: A$5,500–significant penalties under CASR Part 101 and the Civil Aviation Act 1988
      • Recording conversations: A$5,500–significant penalties under CASR Part 101 and the Civil Aviation Act 1988
      • Installing surveillance devices on property: significant fines under the Surveillance Devices Act

      Case Study: Aerial Photography Gone Wrong

      Scenario: Drone operator filming wedding, captures neighbor's wedding ceremony (next yard over) without consent. Violation:
      • Captured identifiable individuals (neighbor's wedding)
      • No consent obtained
      • Privacy Act breach

      Potential outcome:
      • Neighbor files complaint with OAIC
      • OAIC investigates
      • Operator may be ordered to delete images
      • Compensation order: varies — check with relevant providers
      • Reputational damage

      FAQ

      Q: Do I need consent to photograph someone's house from the air?

      A: No consent needed to photograph the building. But if you capture identifiable people (faces, activities), consent may be required.

      Q: Can I post drone photos on social media?

      A: Only if you own the images (you're the photographer) and no private information is visible. Check contract with client — they may own images.

      Q: What if I accidentally capture someone's face in a crowd shot?

      A: If individuals are not distinguishable (crowd scene), Privacy Act doesn't apply. If specific person is identifiable, you should have obtained consent.

      Q: Can I sell drone photos of real estate to stock photo sites?

      A: Yes, if property is public-facing (for sale, visible from public road) and no private individuals identifiable.

      Q: Do I need to warn neighbors I'm flying a drone?

      A: Not legally required (CASR Part 101 doesn't mandate neighbor notice). However, it's good practice for community relations.

      Q: What if someone asks me to delete their photos?

      A: You must comply within 30 days (Privacy Act requirement). Securely delete and confirm deletion to them.

      Q: Can I use my neighbor's image for my portfolio without permission?

      A: No. You must obtain consent from any identifiable individual. Portfolio use requires written permission.

      Q: Is it legal to monitor my farm with drones (security)?

      A: Yes, but you must post warning signs. "Surveillance in operation" signs are sufficient notice.

      Q: Do I need privacy insurance?

      A: Strongly recommended. Professional indemnity insurance (varies by coverage level and operations type) covers privacy claims.

      Q: Does MmowW help with privacy compliance?

      Key Takeaways

      Privacy Act applies to personal information (identifiable individuals only) Photographs of property/buildings are LEGAL (no personal info = no Privacy Act) Consent required for identifiable people (faces, activities revealing private info) Data must be secure (encrypted, access-controlled, securely deleted) Contracts must include privacy clauses (client obligations, data ownership) Violations can result in A$2.5M compensation (civil) + criminal penalties Professional indemnity insurance critical (A$2,000–A$5,000/year)

      Last Updated: April 2026 | Legislation: Privacy Act 1988 (Cth) | Authority: Office of Australian Information Commissioner