[ad_1]
The Data Protection Commission has ruled that the Wexford County Council failed to comply with the law by using drones to monitor public movement during the Covid-19 lockdown.
The ruling sets a notable precedent, given the prevalence of drone use by Irish local authorities, in the sense that any use of unmanned aerial technology responds to data protection law and the General Data Protection Regulation (GDPR) of the EU.
In April this year it emerged that the Wexford council had been reallocating its UAV drones from monitoring illegal spills to monitoring caravan parks and vacation homes.
That move was designed to ensure compliance with the two-kilometer Covid-19 travel limits that were in effect at the time.
However, when it became clear that no Data Protection Impact Assessment (DPIA) had been carried out prior to the start of the project, a prerequisite for any project that might have privacy implications under the GDPR, a complaint to DPC against advice by local data protection consultant Daragh O’Brien.
In its investigation, the Commission learned that the county council had captured 13 hours of drone footage between April 10 and April 29, related to drone observations on beaches, caravan parks and vacation home properties.
The local authority had told the DPC that it had no case to respond to, as the people or vehicles filmed were not identifiable.
“The captured images were distant and of low image quality, so they did not contain any personally identifiable information,” the council said in its presentation to the DPC.
“As no personal data was captured in the drone deployment, the Council is of the opinion that no data processing took place.”
However, the DPC said it was satisfied that the use of drones fell under the law enforcement provisions of the Data Protection Act 2018.
“While the commissioner, after examining the available drone images, agreed that the film captured by design did not contain any personal or vehicle registration data, he said a DPIA should still have been conducted.
“The DPC believes that the drones deployed by WCC constituted a surveillance system that had the potential to collect personal data and therefore the WCC should have conducted a DPIA prior to the deployment of the drones,” said Eunice Delaney, Commissioner assistant. in your decision.
However, he said that since the county council had moved to amend its drone policy so that a DPIA would be conducted prior to future drone purchase or use, and since no identifiable images had been recorded, no further action would be taken. .
Wexford County Council could have been liable for a hefty fine for breach of the GDPR.
However, in the two years since the GDPR was launched, the DPC has only applied two fines, both to the child and family agency Tusla.
.
[ad_2]