Drones, Data Protection and the COVID-19 Response
March 30th, 2020
We request that all Flying Labs continue following relevant data privacy and data protection guidelines as they respond to the pandemic. We recognize full-well the tension that often exists between speed and ethics during significant emergencies. There is an apparent urgency to act swiftly in response to COVID-19, as there was ten years ago after the Haiti Earthquake. Informed consent, for example, is often difficult to obtain at scale quickly. At the same time, any decision we take now to prioritize urgency over ethics will have immediate and long-lasting consequences. We must not make these decisions lightly. How we choose to respond is equally important as how quickly we respond. These decisions will set precedents. They will have an impact on the distribution or centralization of power. They will inform who we become as a society. This is why the Humanitarian Drone Code of Conduct exists.
Governments around the world are looking to significantly expand their reach in terms of surveillance activities during this pandemic response. Some of these efforts may be warranted, but there is growing alarm within a growing number of circles that this is already leading to overreach, i.e., that governments will use the excuse of the pandemic to expand their control of specific populations and demographics. Flying Labs must be fully aware of this. Flying Labs that chose to partner with their governments must do everything in their power to obtain consent from local communities. At an absolute minimum, they must ensure that local communities are fully aware of their drone flights and why these flights are necessary for the public health response to the pandemic. Also, Flying Labs must do everything in their power to ensure that the data collected using their drones are only used to support legitimate public health surveillance efforts, not government surveillance. This means that any unrelated activities (elicit or otherwise) that are discovered in the process of collecting aerial data cannot be pursued or punished. The right to privacy is a human right.
Flying Labs that partner with governments (and other actors) have the responsibility to ensure that the data they collect, and the products derived from this data, do not reveal Personal Identifying Information (PII) or Community Identifiable Information (CII). The latter relates to data that can be used to identify a community or distinct group, whether geographic, ethnic, religious, economic, or political. As such, we generally recommend against capturing or live-streaming aerial videos. Oblique videos run the risk of capturing PII. As such, we suggest capturing nadir imagery (vertical photos) instead of creating standard geo-referenced maps. This way, people’s faces are not easily identifiable, and the resulting maps can be automatically analyzed. To reduce privacy concerns, we suggest flying at higher altitudes to make the imagery lower resolution if, and only if, this is permissible in terms of safety and regulations. If Flying Labs are having to fly at lower altitudes, and thus capture very high-resolution imagery, we strongly recommend downgrading the resolution of the resulting map to avoid revealing CII before sharing the map with others. The optimal resolution will depend in part on local demographics and the stated reasons for capturing the imagery in the first place. Better yet, we recommend sharing aggregated meta-data derived from the imagery rather than the imagery itself as long as this data does not reveal any CII.
There also needs to be written agreements in place on who gets to access the data, in what format, when and for how long. The same is true regarding access to derived products. A dedicated internal document that lists the specific officials and agencies that have received the data and/or derived products is thus essential. Also, a data retention policy must be in place, e.g., all aerial data collected for surveillance purposes during the pandemic will be deleted entirely regularly, such as once a week.
These are just some of the (minimum) measures that Flying Labs need to take into account as they respond to the pandemic. We invite communities of practice that focus on data protection and privacy to help us expand these guidelines in support of Flying Labs (email@example.com). Please note that additional guidelines must be phrased clearly and simply. They must be practical and directly actionable. Flying Labs do not have the luxury of going through a dozen links or to study 20+page documents on data privacy and protection.