In Electronic Privacy Information Center (EPIC) v. Federal Aviation Administration (FAA),–F.3d—(June 19, 2018), the DC Circuit left unaddressed the question of whether the FAA’s rules governing drone use must address privacy concerns by dismissing the suit on standing grounds.
EPIC, a privacy advocacy group, brought the suit against FAA claiming that the agency did not fulfill its mandated duty and acted in an arbitrary and capricious manner when it neglected to implement any privacy-focused regulations for small unmanned aircraft systems (aka UAS or drones) when it promulgated its first set of UAS regulations in 2016. The 2016 rule focused on the safe integration and operation of small drones in national airspace, but did not address privacy directly. EPIC argued that the FAA was obligated to address privacy concerns in this final rule in order to meet Congress’ mandate to regulate rates. FAA, however, argued that as an agency charged with ensuring the safe and efficient use of national airspace, privacy concerns were beyond the scope of its rulemaking authority. The Court did not squarely address either party’s arguments. Instead, the Court found that EPIC failed to establish that it had suffered a concrete and particularized injury as a result of FAA’s decision not to address privacy in the 2016 rule. While EPIC pointed to generic concerns about its members’ privacy due to the increased use of drones in the United States, it could not point to any non-speculative concerns about those members privacy arising from the promulgation of the 2016 rules. As a result, the Court dismissed the case for a lack of standing.
The EPIC decision means that FAA will continue to stay out of the realm of regulating UAS privacy issues for now. Unless, and until, a party can establish standing to dispute the lack of privacy safety nets in the FAA rule, other federal agencies such as the FCC, and state and local authorities will be left with the responsibility to address this issue. Supporters of a uniform federal privacy law governing drones are likely to complain that this result could lead to a massive increase in privacy breaches and a patchwork of privacy regulations from state to state. After all, drones have provided a method for constant, persistent surveillance which past technology would have found difficult to achieve. On the other hand, one could reasonably ask whether we really need a federal agency like the FAA to promulgate nationwide rules for drones with built-in privacy protections? Even without an overarching federal drone regulation, state and local trespass laws, stalking and peeping Tom laws, and federal and state wiretap laws that criminalize recording without consent will still be in effect and may still provide remedies for victims of invasion of privacy.