The Aerial Gaze: Regulating Domestic Drones in the UK

March 17, 2013


 ‘Drones may help restore our mental model of a privacy violation. They could be just the visceral jolt society needs to drag privacy law into the twenty first century‘  [1]

R. Calo (2011) 

The emerging range of security, law enforcement and civilian applications for unmanned aerial systems (UAS) increasingly moves them beyond the confines of international military campaigns.[2]  Unarmed ‘domestic drone’ uses in national airspace pose a number of challenges to current state regulatory frameworks for privacy, surveillance and aviation safety. Furthermore, the aircraft vary significantly in size, technical capabilities and applications, resulting in a broad and unpredictable variety of new problems. This article seeks to anticipate a number of UK legal issues and tentatively proposes approaches that provide scope to establish a fragmented legal framework.

Drone sizes vary – there are very small experimental micro-ornithopter units like the lightweight 10 cm wingspan ‘Delfly’, consumer targeted quadricopters like the smartphone/tablet controlled ‘Parrot AR’ and military credentialed  ‘Predator’ drones.  The payload varies greatly too, with scope for high definition, infrared, night vision and thermal imaging cameras. Network interception tools that imitate GSM phone towers to record phone conversations and texts have even been demonstrated. [3]

Documented applications of the technologies differ, from search and rescue, monitoring wildlife poaching,[4] policing of public events and even inspection of farmland to ensure compliance with Common Agricultural Policy grant conditions.[5] For law enforcement, the European Union’s Frontex EUROSUR project initiates moves to incorporate drones into a border security and maritime surveillance system that, inter alia, monitors illegal immigration.[6]  There are also uses by journalists, with some of the interesting implications being investigated in the US Nebraska Lincoln University ‘Drone Journalism Lab’. More broadly, a recent list was published by the Guardian indicating over 130 organisations with UK Civil Aviation Authority permission to fly small drones in the UK.[7] These include the BBC, a number of police and fire departments, defence firms and universities.

A recent European Commission Working Document outlined the strategic and competitive importance of expanding the domestic drone industry in Europe. They note the scope for generating new European jobs in the ‘economic downturn’, with 400 drone systems under development in 19 EU Member States alone. The report documents the need for EU action to address the various forces limiting growth, including implementation of legislation to reduce restrictions on drone flights in controlled airspace. [8]

By way of comparison, the US has already implemented modernisation measures with the Federal Aviation Authority (FAA) Modernisation and Reform Act 2012. It stipulates that by 2015 drones should be integrated into national airspace in addition to establishing formal FAA standards for authorisation and support of civil use by police and fire fighters.  The FAA predicts that, within 20 years, 30,000 domestic drones could be flying above the US.[9] Internationally, the UN International Civil Aviation Organisation recently amended the Chicago Convention 1944. Whilst the instrument provides general rules for conventional international air travel, recent modifications to Annexes 2 and 7 now incorporate safety and certification requirements for civilian drones too.   

Safety and privacy

Across Europe, the European Aviation Safety Agency governs drones weighing over 150kg under Regulation (EC) No 216/2008.  For drones under 150kg, it falls to the domestic regulator so, within the UK, it is the Civil Aviation Authority which regulates airworthiness, aircraft registration and flight permission for domestic drones.  Generally, the CAP 722 Unmanned Aircraft Systems Operations in UK Airspace provides extensive advice on best practice and operational standards. Specifically the CAA follows the UK Civil Aviation Authority Air Navigation Order 2009/3015 (ANO 2009/3015) which stipulates that drones cannot be flown outside the direct visual line of sight of the pilot (below 400ft and within a 500m range) in non-segregated airspace, unless an approved ‘detect and avoid system’ is fitted (to avoid collisions with other aircraft). Flight within 150m of built up areas or within 30m of people is prohibited and air traffic control permission is required to enter controlled airspace. Article 167 ANO 2009/3015 provides specific guidelines for operators of small drones used for data acquisition or surveillance. They must obtain permission from the CAA if they are going to fly within 50m of a person, or 150m of an ‘organised open-air assembly of more than 1,000 persons’ or a congested area.  

The CAA plays a gatekeeping role in controlling UK sub 150kg drone use and therefore is in a unique position as a regulatory body. They could address privacy concerns by formally incorporating privacy impact assessments (PIA) into the application approval process. [10] The Information Commissioner Office already provides clear guidance on conducting PIAs by stipulating the necessity of contacting and identifying stakeholders, establishing and analysing privacy risks, ensuring the project is compliant with the relevant human rights laws and seeking solutions to manage these risks. [11] 

Regulatory approaches

More broadly, a number of UK laws could become relevant when considering regulation of surveillance drones, although the scope of application is not always clear. For example, covert use in police investigations would require compliance with the rules on directed and intrusive surveillance in Part II of theRegulation of Investigatory Powers Act 2000 (RIPA).  Section 26(5) of RIPA determines if surveillance is deemed intrusive, and states surveillance which… ‘is carried out by means of a surveillance device in relation to anything taking place on any residential premises or in any private vehicle but… is carried out without that device being present on the premises or in the vehicle, is not intrusive, unless the device is such that it consistently provides information of the same quality and detail as might be expected to be obtained from a device actually present on the premises or in the vehicle’ (emphases added).  This subjective dependency on consistency, quality and detail of drone obtained images could introduce uncertainty into classifying the nature of surveillance, and therefore the application of RIPA, Part II.

Overtly visible surveillance drones hovering overhead might be deemed legally analogous to CCTV? If so, they could be subject to CCTV regulation reforms in the Protection of Freedoms Act 2012.  The Act redefines the scope of CCTV governance, establishes a new surveillance Camera Commissioner and provides for a new code of practice to replace the current Information Commissioner Office CCTV Code. Section 29(6) defines the scope of relevant ‘surveillance camera systems’ as CCTV, ANPR (automatic number plate recognition) and ‘any other systems for recording or viewing visual images for surveillance purposes, and the systems for storing, receiving, transmitting, processing or checking images from the CCTV, ANPR systems etc’. Could this definition be sufficiently broad to cover surveillance drones and their associated ground control systems? If so, drones use could be subject to the new code, including compliance with new standards for equipment, operational requirements and complaint procedures.

The new Surveillance Camera Commissioner will act as an oversight body and s 34 of the Act states it will ‘encourage compliance with the surveillance camera code’; ‘review the operation of the code’ and ‘provide advice about the code, including changes to it or breaches of it’. Unfortunately, s 33 limits scope of the code to local authorities and other public bodies, which will exclude private operators of drones. Furthermore, whilst these bodies must have regard to the code, the commissioner has limited powers of legal sanction  because s 33(2) states that a ‘failure on the part of any person to act in accordance with any provision of the surveillance camera code does not of itself make that person liable to criminal or civil proceedings’. Nevertheless, the code could prove a useful tool for government drone regulation.  

Domestic drone use may also exacerbate existing inadequacies in domestic data protection law. For example, the narrowed definition of personal data from Durant v FSA [2003] EWCA Civ 1746, already limits Data Protection Act 1998 safeguards for individuals when it is not deemed to relate to them, due to lack of focus, or lack of biographical data collection. However, this position may become increasingly unsustainable as mobile airborne surveillance units capture larger numbers of ancillary/incidental subjects from various vantage points.

The growing hobbyist communities. like DIY Drones (where amateurs build and develop their own UAVs), will create questions too.  Under the DPA 1998, will they be required to register as data controllers if they are using cameras that capture personal data? Or will the  exceptions under the DPA, s 36, for data processed ‘by an individual only for purposes of that individual’s personal, family or household affairs (including recreational purposes)’, exempt them?

Lastly, established European Court of Human Rights Article 8 jurisprudence on the reasonable expectation to ‘privacy in public’ is also pertinent. In Peck v UK it was held that monitoring an individual in a public place with photographic equipment, but not recording, does not interfere with an individual’s private life. [12] However, if it is recorded or permanently stored, it might.[13] Von Hannover expanded Peck further, acknowledging that private life includes, inter alia, physical and psychological integrity, including a ‘zone of interaction of a person with others, even in a public context‘.[14] What is the situation if a drone operated over a public space with a live audio-visual feed to a ground station, but not actually creating a systematic or permanent record? Is Article 8 triggered?

Even if these issues with the current framework are adequately solved, upcoming European data protection reforms  will change the legal landscape and reassessment of drone regulation will again be necessary.

With so many unanswered questions regarding the emerging technologies and applications, it remains critical to continually question if existing UK laws adequately address the privacy and surveillance concerns raised.

However, irrespective of legal interpretative issues and problems with jurisdiction specific regulation, a 2011 American Civil Liberties Union report has provided general public policy guidance that could provide more immediate, flexible solutions. They recommend privacy protective tools including government auditing of drone usage, establishment of image retention restrictions, creation of clear public notices for overhead aircraft and increasing transparency in drone policy.[15] On this basis, it may be increasingly common in the future to see signs declaring ‘smile, you are being recorded by an overhead drone!’ – a discomforting notion in any case.

Lachlan Urquhart is a PhD Researcher, University of Nottingham (Horizon Digital Economy Research): e-mail:; Twitter: @mooseabyte 

[1] R. Calo, (2011) “‘The Drone as Privacy Catalyst”‘ Stanford Law Review Online at 29

[2] See The Guardian Drones portal

[3] A Greenberg, (2011) ‘Flying Drone can crack Wifi and snoop on cell phones’ Forbes Security

[4] See (2012) ‘Ecology drones to track endangered wildlife’ The Guardian

[5] L Peter (2012) ‘Spying on Europe’s Farms with Satellites and Drones’ BBC News

[6] Proposal for a Regulation of the European Parliament and of the Council Establishing the European Border Surveillance System (EUROSUR) COM/2011/0873 final Chapter II – Article 12(3)(c). Drones within Phase 2 of the programme as originally outlined in Communication from Commission Examining the Creation of a European Border Surveillance System (EUROSUR) COM 2008 68 see


[8] European Commission Staff Working Document (2012) ‘Towards a European Strategy for the development of civil applications of Remotely Piloted Aircraft Systems (RPAS)’ SWD 259 final p9-11

[9] Federal Aviation Administration (2010) ‘FAA Aerospace Forecast: Fiscal Years 2010-2030’ p48 see

[10] R.L Finn and D. Wright (2012) ‘Unmanned aircraft systems: Surveillance, ethics and privacy applications’

Computer Law and Security Review, pp 184-194 have documented the general importance of privacy impact assessments in addressing concerns from drones. 

[11]See Information Commissioner Office PIA Handbook

[12] Peck v UK [2003] EMLR para 59; in Murray v Big Picture [2008] EWCA Civ 446 para 54, it was stated, ‘In the absence of distress or the like caused when the photograph is taken, the mere taking of a photograph in the street may well be entirely unobjectionable..’

[13] Amann v Switzerland (2000) 30 EHRR 843 paras 65–67.

[14] Von Hannover v Germany [2005] 40 EHRR 1 para 50-51

[15] J Stanley & C. Crump (2011) ‘Protecting Privacy from Aerial Surveillance: Recommendations for Government

Use of Drone Aircraft’ American Civil Liberties Union