Search our news, events & opinions

31 January 2019 0 Comments
Posted in Dispute Resolution, Opinion

Drones – a new risk to privacy in the office

Author headshot image Posted by , Associate

Management of data risks is an ever-evolving responsibility. With recent media coverage of law firms photographing client documents on the desks of competitor firms the need to manage threats outside the building is now part of the risk management role. The latest threat to privacy faced by business is from the use of drones.

Drone office privacy intrusion

Law firms in the City have reported drones hovering outside their office windows. The issue has become significant enough to be flagged by the Law Society to its members. The risk of course is that these drones, fitted with cameras, are breaching the privacy of the businesses concerned and of their clients. Focussing on the security around office doors may mean that the threats of breach by way of drones filming through windows are neglected.

So what is the regulatory position?

The Information Commissioner, the UK’s data regulator, recommends that the users of drone cameras should operate them in a responsible way to respect the privacy of others. If the drone is used for a “professional purpose”,  then the drone section of the CCTV code sets out various regulatory requirements. The Data Protection Act 2018 also applies to the piloting of live systems that will capture personal data. The lawful use of a drone to capture personal data would require a privacy impact assessment to be carried out in advance. That assessment would require a balance between the benefit to the drone’s data controller and the detriment to the data subjects.

Is spying by drones lawful?

Taking photographs of information on an office desk without the consent of those occupying the office is clearly a breach of privacy regulations and data protection law. The fact that such relatively extreme measures have been taken indicates either the absence of lawful means to obtain the data in question or an attempt to intimidate or unsettle an opponent or business rival.

Adapt policies and procedures

As a practical step towards mitigating any potential privacy threat from drones, businesses should consider amending internal risk policies. Suggesting that papers are not left on a desk when the occupant steps away for more than a couple of minutes is a much easier step to take than trying to capture and trace a drone.  Even with sophisticated equipment it is not easy to track and  locate a drone user and so preventative measures are likely to be more effective and a better use of  business resources.  Furthermore, taking proper steps to  mitigated the potential loss of data will provide some protection if an audit by the data regulator or a claim in damages arises from a privacy breach.

If you have any enquiries, please contact Emma Banister Dean on:

01865 268 370     Email

Leave a comment

Thank you for choosing to leave a comment. Please keep in mind that comments are moderated and please do not use a spammy keyword or a domain as your name or it will be deleted.




Dispute Resolution

Minimise the impact with our dispute resolution solicitors

Learn more


T: 01865 268 386 (DDI)

Search our news, events & opinions