There’s a lot for in-house counsel at drone-operating companies to worry about—regulatory compliance, state-by-state legislation, federal oversight and separate rules for commercial and recreational use—but data collection, retention and review remain their top worry.
That’s the sentiment from several in-house counsel who spoke on a panel about drone laws and regulation at the Emerging Technologies and Torts of the Future conference in Menlo Park, California, hosted by the U.S. Chamber Institute for Legal Reform.
Roger Nober, executive vice president of law and corporate affairs at North American freight transportation company BNSF Railway Co., put the concerns into a hypothetical example: His company, he said, has experimented with using drones to inspect railroad tracks for safety issues. BNSF operates more than 30,000 miles of railroad track in the United States and Canada. But if drones were to inspect every inch of that, Nober said, that would be a lot of data to review.
“We’re concerned about if we have just this massive amount of data, of HD video for 30,000 miles, and we inspect it and we miss something on there and have an incident, who will read and evaluate all of that?” Nober said. “Just as with any human inspection, if we miss something that leads to an accident, that could lead to negligence.”
Data retention is an issue, too, Nober said. He said if a drone collects images or videos during track inspection, there’s a policy about how that data is stored.
“The cloud is pretty big,” Nober joked, referring to internet-based storage, “but we could fill up a portion of the sky pretty quickly.”
Co-panelist Katherine Butler, vice president and general counsel for GE Digital, agreed with Nober’s data collection comments, saying, “We think about the same thing.” GE Digital, created in 2015, is the General Electric unit for all of the company’s technology and software developments.
Butler said her company asks itself about how cross-functional teams comply with the internal data collection policy; whether the company can de-identify certain data; and how to handle third-party data requests.
Companies should work together to create best practices around handling data, Butler said. That way, regulators could have more uniform and productive conversations with companies, rather than relying on a company-by-company approach, she said.