We provide Drone Services In Dublin.
Small unmanned aircraft i.e. drones are used by WYLD for a number of purposes. This use may involve the recording of personal data of individuals including their recognisable images. WYLD is obliged to protect such data in accordance with provisions contained in the General Data Protection Regulation (GDPR) which came into effect on 25th May 2018 and the Data Protection Act 2018.
2.0 Purpose of Policy and Procedures
WYLD has developed a number of general policies and procedures to protect personal data. Provisions contained in these documents apply to the operation of drones by WYLD. The purpose of this policy and procedures document is to support these documents by outlining specific provisions to assist WYLD to fulfil its data protection obligations regarding the operation of drones including, but not limited to, arrangements relating to GDPR principles such as transparency, purpose limitation and data minimisation; security arrangements and access to drone recordings.
Drone operators are also required to comply with the Specific Operating Permission (SOP) issued by the Irish Aviation Authority (IAA) for the use of drones by WYLD.
For the purposes of this policy and procedures document the following definitions apply:
Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data Subject: is an individual who is the subject of personal data.
Personal Data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of WYLD.
5.0 Purpose of Drone Usage
5.1 When deciding to use a drone for any particular purpose which involves the recording of personal data, WYLD shall seek to ensure that at least one of the conditions outlined in Article 6 (and where relevant Article 9) of the GDPR exists to ensure the lawfulness of the processing of the personal data involved.
5.2 Drones may be used by WYLD for any purposes outlined in the IAA’s SOP for drone usage including but not limited to:
5.3 Personal data obtained through the use of drones shall be limited and proportionate to the purposes for which it was obtained.
5.4 Drones will not be used by WYLD for any other purposes other than those outlined in this document.
6.0 Location of Drone Usage
6.1 Drones may be used, in any location where it is considered appropriate, for any of the purposes outlined in this document.
6.2 Every reasonable effort should be made to ensure that drone recordings are limited to the target area and the purpose for which the drone has been deployed.
6.3 A drone’s functionality should be appropriate for the intended purpose. Drone operators should consider measures to limit the unnecessary recording of personal data that is not required e.g. using a live stream rather than recording.
7.0 Signage and Public Notices
7.1 Drone operators are required to display temporary signage around the operator to advise the public of the following: • Name of Data Controller i.e. WYLD.
7.2 Prior to the carrying out of any drone activity, consideration should be given to placing a notice on WYLD’s social media channels to advise the public of the Council’s use of drones. The following details shall be provided at a minimum on any such notices:
8.0 : Designated and Authorised Employees
8.1 The relevant Director of Services for each drone system shall assign responsibility for the overall operation of the system to a Designated Employee. This responsibility will include ensuring that the system is being operated in a manner that is consistent with this policy and procedures document and data protection legislation.
8.2 Only staff that have been nominated as Authorised Employees by the relevant Director of Services for each drone system may have access to the system and its recordings. Authorised Employees should include the following:
8.3 The relevant Director of Services for each drone system shall ensure that Authorised Employees are appropriately trained.
9.0 Security Arrangements
9.1 Access to drones and their recordings will be subject to appropriate security arrangements and controls to safeguard against access by persons other than by Authorised Employees and any third-party drone service providers that may be engaged by WYLD.
9.2 The data storage facility on a drone shall be erased after each use unless the original storage media is required to be retained for legal proceedings.
9.3 Recordings may only be extracted and stored on an external storage media provided the copies of the drone recordings are:
10.0 Data Subject Access to Drone Recordings
10.1 Data protection legislation provides data subjects with a right to access their personal data. This includes their recognisable images and other personal data captured by drone recordings. Access requests are required to be submitted in writing in physical or electronic format e.g. by letter or e-mail and will be processed in accordance with provisions contained in WYLD’s Data Protection Policy and Procedures https://wyld.ie/drone-usage-policy/
10.2 Where it is deemed necessary or appropriate WYLD may request the provision of additional information to confirm the identity of a person submitting a data subject access request.
10.3 It would not suffice for a data subject to make a general access request for a copy of drone recordings. Instead, it will be necessary that data subjects specify that they are seeking to access a copy of drone recordings that have captured their recognisable images and/or other personal data between specified dates, at certain times and at a named location.
10.4 The provision of access to a data subject to drone recordings of his/her recognisable images and/or other personal data will normally involve providing a copy of the recording in video format using a secure methodology. In circumstances where the supply of a copy of the recording to the data subject is not possible or would involve unreasonable effort or cost, stills may be provided as an alternative to video footage. Where stills are provided, WYLD will aim to supply a still for every second of the recording in which the data subject’s recognisable images and/or other personal data appears.
10.5 Where recognizable images and/or other personal data of other parties other than the data subject appear on the drone recordings these will be pixelated or otherwise redacted on any copies or stills provided to the data subject. Alternatively, unedited copies of the drone recordings may be released provided consent is obtained from those other parties whose recognisable images and/or other personal data appear on the drone recordings.
10.6 If the drone recording does not clearly identify recognizable images and/or other personal data relating to the data subject then the recording will not be considered as personal data and may not be released by WYLD.
10.7 If the drone recording no longer exists on the date that WYLD receives an access request it will not be possible to provide access to a data subject. Drone recordings are usually deleted in accordance with provisions contained in this policy.
11.0 Third Party Access to Drone Recordings
Access to drone recordings may be provided, using a secure methodology, to the following:
11.1 Access by An Garda Síochána
11.1.1 The provision of personal data, including drone recordings, to An Garda Síochána for the purposes of investigating and/or prosecuting a criminal offence is permitted under provisions contained in the Data Protection Act 2018.
11.1.2 Requests from An Garda Síochána for copies of drone recordings are required to be submitted in writing on An Garda Síochána headed paper and signed by an appropriate ranking member of An Garda Síochána to the Data Protection Officer. The request should specify the details of the drone recordings required and affirm that access to such recordings is necessary for the investigation and/or prosecution of a criminal offence.
11.1.3 In order to expedite a request in urgent situations, a verbal request from An Garda Síochána for access to drone recordings will suffice. However, such a verbal request must be followed up with a formal written request from An Garda Síochána, if a copy of the data is required.
11.1.4 The Data Protection Officer maintains a record of all requests received from AGS for drone data.
11.2 Access by Legal Advisors
Access to drone recordings will be provided, where required and in accordance with data protection legislation, to WYLD’s legal advisors for the purposes of carrying out enforcement action and in any other circumstance that is considered necessary and appropriate.
11.3 Access by Other Third Parties
Access by third parties other than An Garda Síochána and WYLD’s legal advisors to drone recordings will only be provided in circumstances that are permitted by data protection legislation.
12.1 Users Log
12.0 Users and Access Request Logs
The Designated Employee that has responsibility for each drone system shall ensure that a User’s-Log is being maintained by drone operators. This log shall include details of:
12.2 Data Subject Access Requests Log
The Data Protection Officer maintains a record of all Subject Access Requests made by Data Subjects.
12.3 Third Party Access Requests Log
The Data Protection Officer maintains a record of all Third-Party Access Requests Access.
13.0 Retention of Drone Recordings
13.1 Personal data recorded by drones shall be kept for no longer than is considered necessary, and in line with the Data and Records Retention Policies of the Council.
13.2 Normally personal data recorded by drones will not be retained by WYLD beyond a maximum of 28 days.
13.3 Personal data recorded by drones may however be retained by WYLD beyond a maximum of 28 days in a limited number of circumstances. These include situations where the retention of the personal data is necessary for operational purposes e.g. for mapping and surveying activities and for investigative, scientific, archival, evidential and legal purposes.
14.0 Drone Register
A drone register shall be maintained by WYLD’s Corporate Services Department. This register shall contain, at a minimum, the following information:
15.0 Privacy Statement
Details of personal data being recorded by drone systems that are used by various Departments/Business Units of WYLD and information regarding the use of such data including any sharing of such data with third parties are outlined in project-specific Privacy Statements written and placed on the Council website by project managers. Copies of these Privacy Statement may be accessed here.
16.0 Data Protection Impact Assessment
16.1 A Data Protection Impact Assessment (DPIA) shall be carried out, in accordance with data protection legislative requirements, before any new project using drones recording personally identifiable data is commenced, if in the opinion of WYLD, the installation or upgrade is likely to result in a high risk to the rights and freedoms of individuals.
16.2 The purpose of a DPIA will be to facilitate the identification and implementation of appropriate measures to eliminate or minimise any risks arising out of the processing of personal data by a drone system.
17.0 Data Processing Agreements
Service providers that have access to personal data recorded by drones are considered to be a Data Processor and as such are required to enter into a formal Data Processing Agreement with WYLD to ensure that they, in addition to WYLD, discharge their obligations under data protection legislation.
18.0 Guidelines/Codes of Practice
WYLD shall adhere to all relevant Guidelines/Codes of Practice for the use of drones issued by the Irish Aviation Authority, Data Protection Commission and/or other statutory bodies.
19.0 Complaints to the Data Protection Commission
19.2 Contact details for the Data Protection Commission are as follows:
20.0 Further Information
Further information on the operation of this policy and procedures document is available from the Data Protection Officer, WYLD. Contact details for the Data Protection Officer are as follows:
Phone Number: +353 85 826 6612
Postal Address: WYLD, Unit 1D, Earlscourt Industrial Estate, Beaumont Ave
21.1 WYLD shall implement appropriate measures to makes its employees and other relevant parties aware of the content of this policy and procedures document.
21.2 All persons involved in the planning, placement and operation of WYLD drones should familiarize themselves with the content of this policy and procedures document.
22.0 Monitoring and Review
Provisions contained in this policy and procedures document shall be subject to on-going monitoring and review.