๐ฃ
Piyo ๐ฃ (Beginner Pilot)
๐ฃ Piyo: I fly drones for inspections and photography. When I collect video/images with my drone, what privacy laws apply? Can I use facial recognition? How do I store the data?
๐ฆ
Poppo ๐ฆ (Compliance Expert)
๐ฆ Poppo: Excellent question. Privacy is increasingly important in NZ drone operations. Let me explain the Privacy Act, surveillance rules, facial recognition limits, and data storage obligations.
Privacy Act & Drone Operations
Legal Foundation: Privacy Act 2020
The Privacy Act 2020 is NZ's primary privacy law. It applies to most organizations (businesses, charities, etc.) that handle personal information.What Counts as "Personal Information"?
Personal information is any information about an identified person or reasonably identifiable person:
- โ Name, address, phone, email
- โ Facial images (face is personally identifiable)
- โ License plate (traceable to person)
- โ Fingerprints, biometric data
- โ Medical records, financial details
- โ Video recording someone in public (especially if identifiable)
- โ Aerial view of building exterior (not personal info, unless people are clearly visible)
Privacy Act Principles (Personal Information Management Code - PIMC)
If you handle personal information (which drones often do), you must follow these principles:
| Principle | What It Means | Drone Examples |
|---|---|---|
| 1. Collection | You must collect info lawfully, fairly, honestly | Get permission before filming someone's face |
| 2. Use & Disclosure | Only use info for the purpose collected | If filming building, don't use faces for other purposes |
| 3. Access & Correction | People have right to see their personal info | If requested, provide copies of photos showing them |
| 4. Accuracy | Keep info up-to-date & accurate | Store metadata (date, location) correctly |
| 5. Retention | Don't keep info longer than necessary | Delete drone footage after project complete |
| 6. Information Security | Protect info from loss, misuse, corruption | Encrypt sensitive video files, use passwords |
| 7. Openness | Be transparent about what you collect | Tell people "drone filming in progress" |
| 8. Individual Participation | Respect people's right to participate in decisions | Allow people to opt-out if requested |
| 9. Data Accuracy | Correct errors quickly | If someone says photo is mislabeled, fix it |
| 10. Unique Identifiers | Don't use identifiers unnecessarily | Don't assign ID numbers to faces unnecessarily |
Surveillance & Facial Recognition
What Privacy Laws Say About Surveillance
Surveillance drones (recording people without consent in public spaces) are increasingly scrutinized by NZ courts and the Privacy Commissioner.High Court Ruling (2022): Neilson v Waipa District Council
A landmark case established principles:
- Public space โ No privacy โ Being in public doesn't eliminate privacy expectations
- Aerial surveillance has different rules โ Hovering overhead has heightened privacy concerns vs. street-level photography
- Purpose matters โ Covert surveillance vs. open security filming have different privacy implications
- Disclosure required โ Tell people if you're recording them
Facial Recognition & Biometric Data
Facial recognition is heavily restricted: What you CAN do:- โ Store photos/videos for identification/security purposes (with consent or lawful purpose)
- โ Use facial recognition for your own security (e.g., verifying event attendees)
- โ Identify individuals in photos with their permission (e.g., "Which guest is this?")
- โ Automatically identify strangers' faces without their knowledge
- โ Create face-matching databases without consent
- โ Use facial recognition to track individuals across multiple properties
- โ Share facial data with third parties without permission
- Express written consent from the person
- Demonstrated legitimate purpose
- Strong security safeguards
Practical Privacy Guidelines for Drone Operators
Scenario 1: Roof Inspection (No People Visible)
Privacy risk: Low Process:- Inspect roof from above
- Capture images of roof surface, gutters, damage
- No people visible in footage (kept away from flight zone)
- โ Store images securely (encrypted, password-protected)
- โ Delete images after inspection report delivered (retain for 1-2 years for liability)
- โ Don't share raw footage without client consent
Scenario 2: Real Estate Photography (Building Exterior & Surroundings)
Privacy risk: Medium What you capture:- Building exterior (OK)
- Garden/landscaping (OK)
- Neighboring properties in background (CAUTION)
- Parked cars with visible license plates (CAUTION โ license plate is personal info)
- Neighbors in yards/driveways (CAUTION โ people are personal data)
- Disclose to property owner: "Drone filming in progress; neighboring properties may be partially visible"
- Neighbor notification (optional but recommended): "Aerial photography on [date]; your property may be visible in background"
- Data protection:
- Blur or obscure faces of any incidental people (if clearly identifiable)
- Consider obscuring neighbor license plates
- Don't identify neighbors by name/address
- Storage: Keep original files for 1-2 years (legal protection), then delete
- Disclosure: Only share with property owner unless they consent to sharing with real estate agents/public
Scenario 3: Event Filming (Wedding with 100+ Guests)
Privacy risk: High What you capture:- Faces of all guests clearly identifiable
- Bride/groom in intimate moments
- Guest names (if reading place cards)
- Pre-event consent:
- Event organizer (bride/groom) must approve drone use in writing
- Consider sending notice to guests: "Professional videography in progress, including drone footage"
- Consent collection:
- Implied consent by attending event (they know they're being filmed)
- Explicit consent for sensitive shots (e.g., ask before filming bride's emotional moments)
- Data protection:
- Store video securely (password-protected, encrypted if sensitive content)
- Don't publicly share footage without guest consent
- Provide copies to clients only; don't post on YouTube/social without written permission from recognizable people
- Facial recognition:
- Don't use facial recognition to identify guests
- If using guest names in captions, get explicit permission
- Example bad: "Here's John Smith dancing [auto-identified via facial recognition]"
- Example good: "Here's a guest enjoying the dance floor [no automatic identification]"
- Retention:
- Delete footage 2-3 years after event (unless archived per client request)
- Don't reuse footage for marketing without explicit consent
- Third-party sharing:
- Don't sell/license footage to wedding photography companies without guest permission
- Don't share with cloud storage services unless encrypted & access-restricted
Scenario 4: Security Surveillance (Monitoring Property)
Privacy risk: Very High What you capture:- People entering/leaving property
- License plates of vehicles
- Potentially neighbors in adjacent properties
- Signage & disclosure:
- Post clear "CCTV in operation" or "Drone surveillance in progress" signs at property entrance
- Notify visitors explicitly: "This property is monitored by drone surveillance"
- Lawful purpose:
- Document the security purpose: "Monitoring for theft, trespass, property protection"
- Ensure surveillance is proportionate (don't use surveillance beyond necessary scope)
- Data protection:
- Encrypt all footage
- Restrict access (only authorized security personnel)
- Password-protect storage
- Don't share with public or other organizations without legal requirement
- Retention policy:
- Document how long you keep footage (e.g., "60 days maximum")
- Automatically delete after retention period
- Exception: Footage of actual incident retained for investigation/prosecution
- Third-party impact:
- If surveillance captures neighbors' property, document this & seek consent if possible
- If capturing public street (front boundary), generally acceptable but disclose
- Privacy Commissioner compliance:
- Prepare written security/surveillance policy
- Document business purpose & proportionality
- Be prepared to justify why aerial surveillance is necessary
Data Storage & Security Best Practices
Encryption Standards
Minimum encryption for sensitive drone data:| Data Type | Encryption Standard | Tool Example |
|---|---|---|
| Video files (footage containing people) | AES-256 (military-grade) | VeraCrypt, BitLocker, macOS FileVault |
| Personal metadata (names, addresses) | AES-256 | Password manager + encrypted drive |
| Client information | AES-128 minimum (consumer-grade acceptable) | Encrypted folders, cloud encryption (Google Drive, OneDrive) |
| Backup/archive | AES-256 recommended | External encrypted drive, encrypted cloud storage |
Storage Location Options
| Option | Security Level | Cost | Recommendation |
|---|---|---|---|
| Local encrypted drive (external HDD) | High | NZ$200-500 | โ Good for active projects |
| Local encrypted SSD | Very High | NZ$300-800 | โ Best for fast access |
| Cloud storage (encrypted, NZ-hosted) | Medium-High | NZ$20-100/month | โ Good for backups & redundancy |
| Cloud storage (Amazon/Google, unencrypted) | Low | NZ$0-20/month | โ Not recommended for sensitive data |
| USB stick (encrypted) | Medium | NZ$50-100 | โ ๏ธ Easy to lose; backup only |
- 3 copies of data (original + 2 backups)
- 2 different storage media (local + cloud)
- 1 copy offsite (cloud backup in case house fire destroys local copies)
- Primary: Encrypted SSD in locked cabinet
- Backup 1: Encrypted external HDD (stored separately, not on-site)
- Backup 2: Encrypted cloud storage (offsite backup)
Data Retention Guidelines
How long to keep drone footage:| Data Type | Minimum Retention | Maximum Retention | Notes |
|---|---|---|---|
| Client project footage (delivered) | Until client receives copy | 1-2 years after project | Keep for warranty/liability proof |
| Client project raw files | 6 months after delivery | 1-2 years | Delete after client confirms satisfaction |
| Security footage (routine monitoring) | 7-30 days | 60 days maximum | Automatic deletion is best practice |
| Security footage (incident recorded) | Until investigation closed | 2-3 years or per legal requirement | Law enforcement may request retention |
| Test/training footage | Not required | 30 days recommended | Delete when not needed |
| Marketing footage (with consent) | For business use | 5-10 years | Can retain while actively marketing |
Access Control
Who can access drone data:- Primary operator (always has access)
- Client (for their project files only)
- Staff (only if they have legitimate work need)
- Law enforcement (only if legal warrant/court order)
- Insurance/auditors (only for compliance verification)
- Password-protect storage devices
- Use role-based access (different employees see different files)
- Audit log access (if possible) โ track who viewed what, when
- Encrypt files so even if device is stolen, data is unreadable
Privacy Officer & Documentation
Required Documentation (For Compliance)
If you handle personal information via drones, document:
- Privacy policy (written document)
- What drone data you collect
- Why you collect it (lawful purpose)
- How you protect it (security measures)
- How long you keep it (retention policy)
- Who can access it (access controls)
- Share with clients & staff
- Data breach response plan (in case of data loss/theft)
- Who to notify (client, Privacy Commissioner if serious)
- Timeline for notification (usually within 72 hours for serious breaches)
- How to remediate (fix the problem)
- Privacy assessment (for high-risk operations)
- Document why you need to collect personal data via drones
- Identify privacy risks
- Describe mitigation measures
- Justify proportionality (is surveillance necessary?)
"XYZ Drone Services collects video imagery during professional drone operations. Personal information (images of identifiable individuals) is collected only with consent and for the specified purpose. Data is encrypted, stored securely, and deleted within 12 months of project completion unless client requests longer retention. Individuals have the right to request access to personal information and correct inaccuracies. Questions about privacy? Contact [privacy@xyzdroneservices.nz]."
Privacy Commissioner & Complaints
If someone files a privacy complaint against you:- Privacy Commissioner will contact you (initial investigation)
- You must respond with your data handling explanation (within 10 business days typically)
- Commissioner investigates (interviews, reviews procedures)
- Finding issued โ Commissioner determines if you violated Privacy Act
- If violation found โ You may be ordered to:
- Apologize to affected person
- Pay compensation (NZ$1,000-$50,000+ depending on severity)
- Change practices going forward
FAQ
Q: Is filming someone in public (from drone) without consent a privacy violation?A: Yes, if they're identifiable. Being in public doesn't eliminate privacy expectations (High Court ruling). Disclose drone use, don't record faces without consent, especially from above.
Q: Can I use facial recognition to identify event guests automatically?A: No, not without explicit consent. Privacy Commissioner treats facial recognition as biometric data (highly sensitive). Get written permission first.
Q: How long must I keep drone footage for legal protection?A: 1-2 years minimum (covers most liability claims). After that, delete per your retention policy. Keeping longer requires justified business purpose.
Q: What if footage shows a crime on neighboring propertyโcan I share with police?A: Yes. Law enforcement can request footage for investigations. You can voluntarily share with police (lawful purpose). Document the request in writing.
Q: Can I share event footage on social media (Instagram, TikTok, YouTube)?A: Only if you have explicit written consent from recognizable people in the footage. "I attended your event" doesn't imply consent to publish online. Get permission or blur faces.
Q: Is drone surveillance of my own property a privacy violation?A: Generally no (you own it), but if it captures neighbors' property or public areas, follow disclosure guidelines. Document your security purpose clearly.
Q: Do I need CCTV notice signs for a surveillance drone?A: Yes, recommended (shows transparency). Post "Drone Surveillance in Progress" or "CCTV in Operation" signs so people know they may be recorded.
Q: What's the penalty for Privacy Act violations?