Spreading and handling data properly – integrity and data protection

The General Data Protection Regulation (GDPR) is a regulation for everyone in the EU. Its purpose is to protect everyone's integrity from being violated and to ensure that information about people is used properly.

When it comes to drone use, it is important to take the GDPR into account, because so much can be pictured from the air during a flight.

Those who handle personal data, such as companies, associations and authorities, have accountability. This means that they must comply with the GDPR principles – but also show how they comply.

More information on GDPR (in Finnish) is available on the Office of the Data Protection Ombudsman website: https://tietosuoja.fi/en/data-protection.

The principles means among other things that data controller must be sure that GDPR supports handling of personal data. It is important to bear in mind that personal data can only be collected for specifically stated and legitimate purposes.   You are not allowed to handle more personal data than what is needed for the purpose. Personal data shall be correct and shall be deleted as soon as it is not needed any more. Personal data must be protected of unauthorized access and must not be lost or destroyed inadvertently.

What counts as personal data?

Personal data is anything that can be linked to a natural person who is alive. It is anything that can be used to identify a person, from names, addresses, e-mails, phone numbers and ID cards to different registration numbers, photos, voice recordings and character descriptions so that a person can be identified.

More sensitive information relating to a person's health, ethnic origin, political opinion and sexual orientation has special protection and may only be collected and used if the person concerned approves of it or if the country's law allows it.

To avoid violating GDPR principles while flying, avoid taking pictures or video with the drone's camera until you are at a high altitude, so that people on the ground cannot be identified. Don’t take any pictures or video when you are at a crowded places. Generally, it is good to fly at times when fewer people are out and to avoid flying in much frequented areas.

The data protection regulation is only valid if you photograph identifiable people or record other personal data. The data protection regulation is not applied to photographs and video taken by private individuals, but you must acquire permission from the people depicted in the images for publication. As a rule, photography is permitted in public places in Finland, whereas people in places protected by provisions concerning invasion of domestic and public premises may not be photographed or observed through the drone videolink. Private homes and gardens may not be photographed so that a person can be identified in the images, nor may people inside workplaces be photographed without their consent. Section 24 of the Criminal Code of Finland lays down provisions on these matters.

The data protection regulation also applies to geographical information, meaning that location data of an image is also considered personal data that warrants protection.

In addition to abiding by the GDPR, the remote pilot must also be aware of other restrictions on photography. The most significant restriction is outlined in section 14 of the Territorial Surveillance Act and concerns the operations and premises of the Defence Forces. According to this section, taking photographs and making videos and using any imaging methods to monitor areas or record information is prohibited in areas where aviation is permanently restricted under the Aviation Act, fortified areas, fortresses or garrison areas, naval ports or military airports, depots or storage areas of the Finnish Defence Forces, signal stations, antenna farms or defence equipment or devices of the Defence Forces, and field exercises of the Defence Forces or the Frontier Guard. Areas with prohibited aerial photography have been stipulated in separate decrees in areas designated to the Defence Forces. These areas are specified in the www.aviamaps.com service, for example. The Defence Forces website contains more detailed information on aerial photography and applying for an aerial photography permit: https://puolustusvoimat.fi/en/instructions-for-aerial-photographers.

This material concerns privacy in Finland. Regulations concerning privacy and photography may be significantly different in other EU member states. Study privacy regulations in the country in question carefully before photography outside Finland!