Drones, UAV and Data Protection in the EU

Learn how to deal with the sensitive issue of data privacy in the European Union when planning a drone project.

09 February 2021, by Mario Sabatino RiontinoAsk a question

Figure 1: Drone view, Stockholm. Photo by Mike Kienle on Unsplash
Figure 1: Drone view, Stockholm. Photo by Mike Kienle on Unsplash

Public attention about drones

Due to numerous reports, the public is prudent when it comes to flights by unmanned aerial vehicles (UAV). Often, when people see a UAV above their heads, they feel scared or intimidated. In fact, according to the latest report from the European Aviation Safety Agency (EASA), 40% of surveyed people view drones negatively.

A while ago, we explored this topic in more detail with Christian Walter Franz. We found out that this phenomenon derives from the so-called cognitive dissonance: a discrepancy between what a person expects (“I want to give my consent before someone films me”) and what a person sees (“Someone is filming me, but I didn’t give my consent”).

Would you be happy if a drone passes by and films your body while you’re sunbathing?

Figure 2: People sunbathing. Photo by Remigiusz Wac on Unsplash. Faces and bodies are blurred by Celantur.
Figure 2: People sunbathing. Photo by Remigiusz Wac on Unsplash. Faces and bodies are blurred by Celantur.

Remote pilots can actively help to reduce unfounded fears and reservations:

  • Actively inform people that you are flying in an area and why you are flying here
  • Report any misuse of UAVs to relevant authorities
  • Minimize the data collected for the scope of the project

These measures might be enough to reassure people affected during a drone operation, however they still don’t comply with data protection laws.

Note: Independently from these measures, it is forbidden to fly with an UAV into areas or approach areas where an emergency operation is taking place - unless the responsible emergency service has given express permission.

UAV & Data Privacy

Privacy is a fundamental right that every citizen in the EU has. Data protection is mainly regulated in the EU General Data Protection Regulation (GDPR) and applies to everyone in the European Union and companies that do business with people living in the EU.

Unmanned aerial vehicles (UAV) offer us many new ways to collect data thanks to:

  • Cameras
  • Microphones
  • Infrared cameras
  • LiDAR
  • Thermal imaging cameras

The uses of drones range from surveying, defense, agriculture and real estate to photography, live entertainment, etc. Being remote-controlled, they are a perfect tool for collecting high-definition images (even in inaccessible places).

Unfortunately, they can be also used to break into the privacy of others or for criminal purposes. For this reason, the UAV operator must be registered if the UAV is equipped with a sensor system that can record personal data (unless the UAV falls under the EU Toy Directive - Directive 2009/48/EC).

UAV & Personal data

Data protection only affects ‘personal data’, i.e. only a small part of all available information captured by drones. According to the art. 4 of the GDPR, this is all information that relates to an identified or identifiable natural person.

A natural person is regarded as someone who can be identified by a physical, physiological, genetic, psychological, economic, cultural or social feature of this natural person. Hence, all recordings that show people in principle are protected by data protection.

There are some basic principles for handling personal data:

  • The principle of “data minimization” must be applied: whenever possible, no personal data should be processed or recorded.
  • Consent from the data subject: the data subjects must be informed that their data is being processed (e.g. that they are being photographed, filmed or recorded) and give consent.
  • Data anonymization: anonymized data (e.g. blurring) are not considered as personal information (Recital 26). Therefore, consent is not required.

Why Anonymization is the solution

It seems obvious to start by asking the consent of anyone that might be affected by the drone mission. However, when you consider large image datasets, it could be time-consuming and costly to get explicit consent from hundreds of thousands, or even millions of individuals.

Anonymization is a better solution because it preserves privacy while drastically reducing operational costs. Also, by establishing anonymization as a standard approach, you can effectively discourage negative reactions and mitigate citizens’ distrust.

Figure 3: Drone video blurred by Celantur. ©CBS

Want to know more about image anonymization? Check out:

Latest drone regulations (2021)

On January 1, 2021, the European Union standardized drone regulations across the continent (Regulation (EU) 2019/947 and Regulation (EU) 2019/945). The new rules replace EU state’s existing laws, standardising drone operations for business or leisure across Europe.

A full list of regulations and requirements under the Open category can be found here.

Regardless of these latest regulatory developments, to ensure the safety of all persons concerned, every drone pilot should ask himself/herself the following questions before every flight:

  • Am I flying to pursue a legal, permissible purpose?
  • Will I not endanger anyone with my flight, not even other pilots?
  • How can I avoid invading the privacy of others through my flight?
  • Is it impossible for me to interfere with the work of the authorities, police or rescue services through my flight?

About Celantur


Celantur offers fully-automated image and video anonymization solutions to help companies and organizations comply with privacy laws. Our technology detects several objects to be anonymized such as faces, bodies, license plates, vehicles and facades, and automatically blurs them.

Our product is developed specifically for street-level and aerial imagery, and works well with various systems:

  • DJI
  • Wingtra
  • Parrot
  • Phase One
  • and many more

Data Protection Standards

Data protection is our core business. That's why, to operate as a data processor, we have robust measures in place to comply with the GDPR and other data protection laws:

  • Images are processed in GDPR-certified data centres in the European Union.
  • External Data Protection Officer at service.
  • All data and storage devices are encrypted.
  • Data are deleted after the anonymization.
  • Annual Data Protection Audit.
  • Up-to-date Documentation: Technical and Organizational Measures ("TOMs"), Records of Processing Activities and Data Processing Agreement.

Ask us Anything. We'll get back to you shortly

dronesdata protectiongdprenglish
Start Demo Contact Us

Latest Blog Posts

How to copy XMP metadata between JPEG images (again)

Copying XMP metadata between images isn't straightforward. Read how it's done correctly.

20x Faster Than NumPy: Mean & Std for uint8 Arrays

How to calculate mean and standard deviation 20 times faster than NumPy for uint8 arrays.

Celantur and Virtual Vehicle Collaborate for Privacy Preserving Driving Technology

Enabling automotive companies to develop AD/ADAS systems while respecting privacy.