The French police have been condemned by the French Data Protection Authority for their use of drones to monitor quarantine compliance
On 14 January 2021, the French Data Protection Authority (CNIL) issued a deliberation sanctioning the Ministry of Interior for unlawfully using drones with cameras to monitor compliance with quarantine measures. The Ministry was found to have used drones with no legal basis and had failed to communicate to CNIL that its data protection impact assessment had shown that there was a high risk to the rights and freedoms of individuals.
A common method of avoiding data protection and privacy issues with drones is to blur the images collected, so that individuals are not identifiable. However, the Ministry only applied this blurring technique after images containing identifiable individuals had been collected, so personal data was being stored. The CNIL is not permitted to fine a public body, however a sanction was issued as well as an order to cease the use of drones.
Drones remain one of the rapidly developing technologies which pose real risk to individuals’ privacy rights and will be caught by the provisions in the UK GDPR where they are collecting personal data (except where they are being used for purely household purposes). Those working with drones will need to be aware of the legislative restrictions and obligations under data protection law. The ICO has a recommendation page setting out some tips on how to use drones responsibly.
