Providing Internet or other wireless services

You are a private company that wants to use drones to disperse some kind of wireless signal to, for example, remote areas. You are providing access to different kinds of communication services that run through your drone. By doing this, you may inadvertently also collect personal data such as the IP addresses of computers or devices connected to your network, as well as the traffic passing through them. 

Below you will see some of the main privacy and data protection issues that could arise in this situation and tips/ safeguards for how to avoid them. Keep in mind the detailed information provided in the Handbook

Privacy and Data Protection


    Transparency, visibility and accountability: Drones that
    disperse communication signals tend to be large enough to be noticeable. Even
    if people are aware of the presence of the drone, however, they may still not
    be aware what kind of personal information the drone may collect, nor who
    exactly operates it. Generally, people should be aware of who and why is
    operating the drone.

    Privacy of personal communication: Individuals have the
    right to privacy of their communication. The interception, recording or access
    to their private communication is forbidden. If you are offering Internet or
    other wireless communication services through your drone, this aspect of the
    right to privacy may be jeopardized if the transfer of their communication
    through your platform is not secure and private.

    Chilling effect: People may not be aware of exactly what the
    drone is doing or whether or not it can collect visual data. If they feel like
    they are being surveilled, they may change their behaviour. This could apply
    also with regard to their online behaviour, if they believe their use of the
    network could be monitored.


    Remember there are special requirements that apply if you collect
    personal data. The personal data you are most likely to collect in this
    scenario includes the personal communication of the people on the ground
    that passes through the drone, as well as their IP addresses. IP addresses
    may also allow the identification of individuals and, therefore, are
    considered personal data in the EU.

    Lawfulness, fairness, transparency:  Your collection
    and processing of personal data must be lawful, based on one of the options
    laid down by EU law.  It must be fair, meaning that it must not cause any
    harm to the individuals. It must also be transparent – people have to know
    which of their personal data has been collected, by whom and what it will be
    used for.

    Purpose limitation: People have the right to know exactly
    for what purpose their data is collected and, once you inform them of the
    reason (wireless communication), you cannot use their data for a different
    incompatible purpose (e.g. advertising) without informing them again and
    ensuring your actions are lawful (see above).

    Data minimisation:  You should collect the minimum
    amount of personal data possible for your legitimate purpose.

    Accuracy: You should ensure that the personal data that
    passes through your platform is accurate and up-to-date. If there are
    inaccuracies, they should be deleted or fixed without delay. Storage
    limitation: You should not keep any personal data in a manner that would allow
    a person’s identification for longer than necessary. IP addresses can lead to
    the identification of people too.

    Integrity and confidentiality: You should make sure that any
    data on the drone platform is secured and protected both from unauthorised
    access and from possible file corruption. The data should be protected both by
    third parties and your own employees. Accountability: Remember that if you
    collect personal data and can choose what to do with it, you will be
    accountable if you don’t follow any of these principles.


    TIPS - Consider informing the people living in the area
    of the various channels or functions of the drone, what it can and cannot
    do, the information it collects and what it uses it for. Give your own
    contact information to answer any questions the people may have.

    TIPS - Ensure that people are informed of the way their
    data will be processed when they use the wireless network from the drone,
    e.g. by showing them a message when they connect to the wireless services.
    Also, inform them of their rights, including their right to receive access
    to all their data and to request that it be deleted.

    TIPS - Implement strong encryption systems in your drone
    to ensure the security of communication that passes through it and to
    protect the files from being corrupted. Store any data in a secure manner
    and ensure that it is not stored for excessive lengths of time. TIPS – Only
    collect and store data that is relevant or necessary for the purposes for
    which it is being collected, for the task you are carrying out, e.g.
    communication facilitation. Collect the minimum amount of data

    TIPS - Consider taking anonymising steps as soon as
    possible, e.g. giving users pseudonyms, scrambling and encrypting data
    end-to-end, etc. to minimise the amount of personal data collected. Note
    that pseudonyms may also be considered personal data if they may be linked
    to identifiable persons.

    TIPS - Do not share data on identifiable persons with
    third parties without the persons’ consent.

    TIPS - Be aware who the data controller and processor is
    in this case, especially if you are carrying out this activity together with
    another company. Remember that data controllers and data processors are
    subject to various legal obligations in the EU.