In South African law, drones are called ‘remotely piloted aircrafts’ (RPAs). The sales of RPAs are increasing globally as they have become affordable and are used in a variety of ways, like surveying livestock, environmental disasters, building construction inspections and insurance surveys.

Modern RPAs are equipped with high tech functionality: Wi-Fi, cameras, GPS for real-time location, altimeters and sensors. While the uses are varied, the true value of RPAs lies in the data they collect that may include personal information. That’s why the Protection of Personal Information Act (the Act) applies. The Act defines ‘processing’ broadly enough to include the activities of RPAs. It defines the ‘responsible party’ to mean ‘a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information’. To the point, proceed carefully when using RPAs or relying on the data and personal information collected by them.

To protect a person's rights, they must establish the right to privacy and also the identity of the RPA pilot (the alleged wrongdoer) who used the RPA to invade their privacy. The Civil Aviation Regulations require RPAs to be marked with their identification numbers engraved, etched or stamped and affixed conspicuously on the exterior. Given the nature of these aircrafts, this is not easy to do while they’re in flight. As an aside, the Civil Aviation Regulations do not expressly require pilots to refrain from violating the right to privacy but the Director of Civil Aviation imposes this duty. These regulations do not provide for the enforcement of this right.

This is a short summary of the issues. Time will tell how the courts will interpret these laws and whether the law makers will strengthen the wording.