Part three: Unmanned Aerial Devices in UK construction – key issues, risks and emerging guidance

In our third instalment on unmanned aerial devices in the construction industry, we highlight potential risks from operations and the data collected during flights and the importance of adequate insurance arrangements.

Privacy and data protection

Commercial drone use may result in the collection, use or sharing of personal data, including information about individuals who are not the intended focus of the recordings. Images, footage or audio captured by drones for commercial use may trigger legal obligations under the Data Protection Act 2018, the UK General Data Protection Regulation (“UK GDPR”) and the Data (Use and Access) Act 2025 (“DUAA”).

In summary, the law generally requires that personal data is:

• Processed lawfully, fairly and transparently;
• Collected for specified, explicit and legitimate purposes;
• Adequate, relevant and not excessive for the lawful purposes for which it has been collected and kept accurate and up to date;
• Kept no longer than necessary for the purposes for which it has been collected;
• Processed in a manner that ensures appropriate security of the personal data; and
• The data controller remains responsible for, and able to demonstrate compliance with, the above principles.

In such cases, operators must identify an appropriate lawful basis for processing under the UK GDPR, ensure that individuals are appropriately informed about the collection and use of their data, and that all processing complies with the statutory position.

The Information Commissioner’s Office (“ICO”) has specific guidance on Video surveillance, which includes additional considerations for technologies other than CCTV, including UAS / drones, and deals with many of the principles above.

The ICO guidance also includes practical examples and key takeaways include:

• Conduct a risk-based data protection assessment before deploying a drone, identifying how the operation may affect the rights and freedoms of individuals in the area.
• Apply data minimisation: begin recording only at operational altitude and limit capture strictly to the target subject, avoiding any unintended filming of private property or individuals. Plan flights to minimise intrusion.
• Define and document a clear, purpose-limited scope for each deployment, ensuring the drone is used for its stated objective.
• Display temporary signage at or near the site directing individuals to the organisation’s privacy information or website before and during the operation.
• Store information or data safely (i.e. encrypt it) and for the least amount of time possible.
• Ensure all drone operators are fully trained and registered in accordance with Civil Aviation Authority (“CAA”) requirements prior to any deployment.

Organisations deploying drones must carefully consider and comply with their legal obligations, as well as contractually agreed data protection requirements with clients, contractors or supply chain partners. This may include ensuring that appropriate data protection procedures or policies, privacy notices, security measures, and governance arrangements are in place and properly implemented.

Finally, it is important to consider applicable industry guidance, standards or professional association rules. The ICO has indicated plans for new and updated guidance to reflect the digital information and data protection requirements under the DUAA, and the CAA may also issue further guidance in due course. Industry bodies, such as the Construction Industry Council, have issued guidance to their members, notably a Risk Management Briefing on the professional use of drones[1].

Consequences for failing to comply

Where a data controller breaches data protection legislation, the ICO has power to impose monetary penalties, depending on the seriousness of the infringement and nature of personal data involved or require the data to be deleted. The data controller could also face civil claims from data subjects. Breach of contract claims or indemnities may also be triggered where agreed obligations are not met.

Civil liability risks: trespass, nuisance and third party damage

Although the aviation regulatory regime is primarily focused on traceability and the health and safety and protection of people, property and the environment, other forms of claim may arise from misuse of drones or similar technologies. Case law is still developing in the UK and there are no clear principles tailored specifically to construction‑related drone operations. However, earlier cases illustrate the potential risks or consequences where drones are flown recklessly, intrusively or in a way that causes endangerment.

Flying a drone low over third party land or repeated flights undertaken without permission may expose the operator or organisation to a trespass claim for example, particularly where the drone interferes with the landowner’s reasonable use and enjoyment of their property. Similarly, nuisance claims may arise if the drone causes noise, dust or other disturbances, i.e. hovering close to a property in a noisy or disruptive manner. There may also be liability risks where drone operations disturb wildlife or sensitive habitats, potentially triggering environmental claims or other regulatory enforcement action.

Drone use may give rise to other types of claims, e.g. if a drone collides with a person, building, vehicle or other property, causing damage or personal injury. In such cases, liability will typically rest with the operator or the organisation responsible for the flight. However, commercial UAS operations can involve complex layers of legal and regulatory risk based on the nature of the activity and contractual arrangements in place. Construction sites typically present elevated risks, including proximity to the public, buildings, transport or utility or critical infrastructure. In such situations, the courts will expect robust risk management and mitigation measures, supported by thorough and well documented planning, appropriate equipment selection and the involvement of competent personnel.

It is essential that all flights are carefully planned and managed, with routes designed to minimise intrusion and reduce the risk of harm. Robust risk assessments, appropriate permissions and site‑specific controls should be in place to mitigate the likelihood of claims arising from the drone operations. The applicable contractual mechanisms will also be important for understanding, allocating and managing risk on projects.

Insurance requirements

Given the range of legal and operational risks associated with drone use, it is possible and advisable for construction organisations to obtain specialist drone insurance. Various products are already available on the international market, offering cover including third party liability (see below), public liability, aviation liability, product liability, data liability, war all risks and liability insurance and privacy and trespass. Other coverage available includes equipment cover, non-owned/commercial use of drones, replacement drones, cargo legal liability and wreck removal.

In the UK (at the time of writing), the CAA’s Code requires that for drones under 20kg, third party liability insurance is mandatory if the drone is used for anything other than recreation, sport or hobby flying. This includes activities such as paid photography or videography; surveying or inspection work and any use connected with a business or employment. For drones weighing 20kg or more, third party liability insurance is mandatory regardless of the purpose of the flight.

Mandatory or optional insurance provides an important layer of protection against personal injury and property damage claims (i.e. under third party insurance), but may not eliminate all exposure to risk, such as environmental offences or associated enforcement action. Coverage may be subject to certain policy limits or exclusions, conditions precedent, as well as compliance with the regulatory and operational requirements. Other claims or losses may not be insured, i.e. contractual assumptions of liability or reputational damage.

If an organisation uses drones or similar technology in construction operations, it may wish to consult with a broker or insurer regarding appropriate insurance arrangements or coverage points. Further, construction professionals using drones should view liability risk when considering operational planning and deployment. Effective risk management should bear in mind compliance with the regulatory landscape, training and competence assurance, health and safety obligations, data and information governance, contractual obligations and insurance.

Concluding comments

Drones offer benefits on construction projects including increased productivity, accuracy and safety. However, as outlined in our series of updates, the deployment of equipment is governed by evolving regulatory and contractual frameworks which must be understood and managed. Failures to comply with these create significant legal, operational, reputational and commercial risks, civil claims, insurance complications or even project delays. Organisations should therefore have robust policies and procedures in place and ensure that their employees or third-party operators take proactive steps to identify and mitigate risks, so that the applicable regulatory regimes are complied with, and potential technological and operational benefits are appropriately realised.

For support in considering the above aspects on your construction projects, contracts or operations, please contact Andrew Croft (contracts) or James Hutchinson / Jonathan Booton (data protection).

[1] Professional Use of Drones Risk Management Briefing, Construction Industry Council, February 2026