Risk management is a well-known method to face technological challenges through a win–win combination of protective and proactive approaches, fostering the collaboration of operators, researchers, regulators, and industries for the exploitation of new markets. In the field of autonomous and unmanned aerial systems, or UAS, a considerable amount of work has been devoted to risk analysis, the generation of ground risk maps, and ground risk assessment by estimating the fatality rate. The paper aims to expand this approach with a tool for managing data protection risks raised by drones through the design of flight maps. The tool should allow UAS operators choosing the best air corridor for their drones based on the so-called privacy by design principle pursuant to Article 25 of the EU data protection regulation, the GDPR. Among the manifold applications of this approach, the design of fly zones for drones can be tailored for public authorities in the phase of authorization of new operations, much as for national Data Protection authorities that have to control the lawfulness of personal data processing by UAS operations. The overall aim is to present the first win–win approach to data protection issues, aerospace engineering challenges, and risk management methods for the threats posed by this technology.

1.1 Appendix 1: On LRfo Maps
In addition to the LRdp map presented in Sect. 6, a LRfo map can be created, in order to take into account the Flight Operation Assessment (FOA) and the characteristics of the flight operation. We used the DJI Mavic Pro with a 4 k camera. The LRfo map is computed using a flight altitude of 15 m and 25 m. The resulting maps are reported in Figs. 9 and 10.
The LRfo map of the same area of Fig. 6. The map assumes the use of an UAV at the altitude of 15 m and a 4 k camera
The LRfo map of the same area of Fig. 6. The map assumes the use of an UAS at the altitude of 25 m and a 4 k camera
Flight altitude affects the Level of Risk in the LRfo map. The Level of Risk lowers because the distance between the camera, i.e. the UAV, and the data subject increases. The Level of Risk of 32 defined by the hospital of Fig. 7 decreases to 30.13 with the flight altitude of 15 m. An altitude of 25 m decreases the Level of Risk to a value of 23.05. Accordingly, we may say that the Flight Operation Assessment (FOA) reshapes the Level of Risk LRdp. FOA softens the peak value and inflates risk distribution. Figure 6 of the paper in Sect. 6 illustrated this step using a three-dimensional view of both LRdp and LRfo maps.
The LRfo map evaluates the Level of Risk of a flight operation with a specific flight altitude and payload. According to the mission type, a DPIA threshold determines the areas in which a drone flight is allowed. The case study of Sect. 6 introduced two types of mission: delivery and emergency with threshold values set at 5 and 30, respectively.
1.2 Appendix 2: On NFZ (No Fly Zones)
In addition to the LRdp and LRfo maps, our Data Protection Map Generator casts light on the areas in which flying is not permitted. In particular, Figs. 11 and 12 illustrate two No-Fly Zones (NFZ) maps. They correspond to the altitude of 15 m. Threshold values are applied to the LRfo map of Fig. 8 accordingly. A crucial difference emerges as a consequence: in the map of the delivery mission, there are several no-fly zones; in the map of the emergency delivery mission, there are rare no-fly zones.
Yet, how about the same parameters of Fig. 11 under a delivery mission, but flight altitude of 25 m.? Figure 13 reports this scenario. Again, no fly zones areas decrease. By considering mission and altitude at 25 m, in the case of emergency delivery, the UAS can fly all over the map because all areas have a Level of Risk lower than the DPIA threshold.
Among the manifold applications of this approach to drones and personal data protection, we mentioned in the paper that a NFZ map can also be used as a path-planning algorithm to plan a flight mission in urban areas. Figure 9 above illustrated an example of such a path in the NFZ map, so that UAS can avoid all no-fly zones and every kind of obstacle.
Bassi, E., Bloise, N., Dirutigliano, J. et al. The Design of GDPR-Abiding Drones Through Flight Operation Maps: A Win–Win Approach to Data Protection, Aerospace Engineering, and Risk Management. Minds & Machines 29, 579–601 (2019).
DOI: https://doi.org/10.1007/s11023-019-09511-9