Please also read the updated (January 12th and 14th) post about how the NPRM de facto eliminates most indoor flight of small UAS as Remote ID prevents flying if there is no GPS signal and the FAA asserts in the NPRM that only Remote ID compliant UAS may be sold.
- Where Internet access is available, most flights of small UAS must be recorded, in real time, in an Internet database called a REMOTE ID USS.
- Separately, there is a Federal law named Childrens Online Privacy Protection Act (COPPA) that restricts the collection of data on children under age 13 (there is a bill in in Congress to raise that to under 16). This bill specifically includes geolocation data, and data collected from “toys and Internet of Things” devices as protected information on youth.
- These restrictions apply to businesses, government and government contractors. There is no exemption for the FAA.
- Even if they do not know they are collecting data on children, if a parent or guardian finds out after a flight that data has been collected, the parent has a legal right to request to review the data, request to delete the data and request to suspend further collection of the data. The FAA has no choice. Age restrictions on flight do not solve the problem as kids will still fly anyway and once notified, the REMOTE ID USS has to comply with COPPA.
- We end up with, then, the FAA mandating collection of geolocation data on children while simultaneously another law, COPPA, says they cannot do that. Both cannot be true simultaneously.
- This is a serious problem for the FAA’s NPRM and there are no obvious solutions within their current proposal. I propose a novel solution to eliminate most of the problems with Remote ID logging and COPPA and simplify the ease of compliance and costs for recreational flyers.
Background on COPPA
The FAA’s NPRM for remote ID of all small UAS includes a provision that where Internet access is available, all craft (except those < 0.55 pounds) must subscribe to and log their flight in real time, once per second, into an Internet database called a REMOTE ID USS.
I was tipped off by someone in the legal field who says the mandatory collection of real time flight data – including of flights conducted by children – appears to conflict with a Federal law known as the Childrens Online Privacy Protection Act which restricts the collection of data on children under age 13. This law applies to businesses, the Federal government and any contractors they use – there is no exemption for the government to collect data on children. It specifically restricts the collection of geolocation data and data provided by “toys and Internet of Things” connected devices. Yet the FAA plans for an Internet-connected database tracking all flights, including by children, in an Internet database known as a REMOTE ID USS.
(My background is engineering, not law. However, when designing products or services, if I see possible legal issues, I document them and ask for legal assistance. This post is seeking feedback on these issues and my proposed technical solution .)
If a parent or guardian becomes aware that information has been collected about their child, including geolocation data, the parent or guardian is legally entitled to let the service know – in this case, the REMOTE ID USS. Once notified, the parent is legally entitled to request to review the data, to request suspension of data collection and to request deletion of all collected data. (In effect, essentially anyone could spoof these requests and ask for deletion of data.)
The FAA could, say, ban flights by kids under 13 (Congress is considering raise the age to under 16) but that does not solve this problem. A child could take Mom’s quadcopter out to the backyard and fly it. Once Mom discovers this, COPPA protections kick in – and she can request review, suspension or deletion of the data afterwards.
The FAA knew this in 2015 when they issued a report on registering all pilots of remote UAS. In that report, they stated they would not allow anyone under age 13 to register as they would then have to deal with COPPA, but they noted that children under 13 could still fly under the supervision of an adult who has registered.
What has changed is that under the Remote ID NPRM, the FAA would now be logging all flights by children, which runs into difficulties with COPPA requirements.
(I have pages of supporting quotes from the Federal Trade Commission that describe COPPA in details, and extensive notes on how this relates to the NPRM. The above is only a brief summary of the COPPA issues. This is a real problem for the NPRM.)
I could not identify a workable solution to the “COPPA dilemma” of the FAA logging a child’s geolocation data in real time without coming up with an alternative way of tracking aircraft.
This is the proposed concept I came up with to solve this problem and I am seeking feedback on this idea.
Proposed Technical Solution to the COPPA Restrictions on Data Collection
Continue reading Feeback sought: Draft of a concept to resolve FAA Remote ID conflicts with COPPA Law