Cybersecurity Alert: FAA Releases New Rules Concerning Drone Use

With over 1.7 million drone registrations recorded at the end of 2020, drones currently represent the fastest-growing segment in the transportation sector.¹ Moreover, the U.S. Department of Transportation’s Federal Aviation Administration (FAA) recently released two finalized rules that will likely further increase the commercial use of drone technology. The FAA’s new rules are the Remote Identification (Remote ID) Rule and the Operations Over People and at Night Rule. Respectively, these rules will require Remote ID of drones, and allow drone operators to conduct flights over people, moving vehicles, and at night under certain circumstances.

Overview of the New FAA Rules

Remote ID provides identification of drones in flight and provides the location of drone control stations. These details will prove to be important in providing crucial information to our national security and law enforcement agencies. Furthermore, the increased airspace awareness will reduce the risk of drone interference with other aircrafts as well as people and property on the ground. The Operations Over People and at Night Rule provides the ability to fly over people and moving vehicles depending on the risk a small drone operation presents to people on the ground. Additionally, this rule will allow for operations of drones at night if certain conditions are met.

Both of these new rules will support technological advancements and innovation in the commercial drone industry while also mitigating risks associated with drone usage. Elaine Chao, the former U.S. Secretary of Transportation, noted that the new rules address “safety, security and privacy concerns while advancing opportunities for innovation and utilization of drone technology.”²  The new FAA rules are major steps toward the full integration of drones into the national airspace system. Both rules will become effective 60 days after they are published in the Federal Register, with language giving drone manufacturers a compliance timeline of 18 months to begin producing drones with Remote ID and giving drone operators an additional 12 months to start using drones with Remote ID.

Issues Regarding Drone Regulation

Although these rules alleviate barriers for commercial drone operators, businesses that use drone technology still face uncertainty over jurisdictional issues related to whether state and local governments can apply their own privacy standards. The agency has taken the view that they possess the authority to make regulatory decisions over navigable airspace, thus state and local authorities that attempt to introduce expansive drone-use regulations may conflict with the FAA. The U.S. Government Accountability Office noted in a September 2020 report that jurisdictional, property, and privacy laws concerning drones are “in a state of flux.”³  Considering the length of time it would take to receive a final resolution on this issue through the U.S. court system, this matter will most likely need to be resolved by Congress.

As the general public becomes more aware of drone usage, the unresolved issues place pressure on Congress to intervene sooner rather than later. Commercial drone operations are expected to increase for routine package deliveries, including the delivery of medical supplies, causing property and privacy right concerns to become progressively more important to the public at large. These privacy implications are most important to individuals who perceive drones to be a form of intrusive surveillance. Although this general perception may be misguided, it will nonetheless drive developing policy considerations in this field.

How Brouse Can Help

Drone technology is becoming increasingly popular in markets and economies throughout the world. Brouse McDowell’s Cybersecurity and Data Privacy team can provide the guidance and tools you need to determine how the FAA’s new rules impact your drone operations and to help your business comply with the agency’s operational requirements. We also provide proactive solutions for companies to defend against cyberattacks and general guidance through the complexities of all data privacy laws and regulations. Our team offers a variety of data privacy and cybersecurity services, including pre-breach and cybersecurity planning, cybersecurity and data privacy transactional services, data regulatory compliance services, breach response and disclosure obligation services, cyber liability insurance review, and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery and response). Please contact us for more information and to learn how we can partner with you.