Ready for Takeoff: The Promise and Challenges of Restaurant Drone Delivery

As the ongoing COVID-19 Pandemic and state government orders restricting dine-in restaurant operations have rendered restaurants largely dependent on takeout and delivery operations, restaurants seeking an alternative to partnering with third party delivery applications such as UberEats and GrubHub are presented with novel technology that could transform food delivery in the 21st Century while decreasing restaurants’ overhead-namely drone delivery. During a pandemic, drone delivery may also enable restaurants to serve customers who feel uncomfortable picking up food from a restaurant or having a delivery drivers come to their homes.  

Drone delivery may become a viable cost-effective means for restaurants to increase delivery capacity and reduce dependence on third-party applications without significantly increasing overhead.

In recent years and months, numerous businesses, including restaurants, have begun using unmanned aerial vehicles, commonly known as drones, to delivery products to consumers. In November of 2016, Domino’s began experimental drone pizza deliveries in New Zealand.  Amid the COVID-19 Pandemic, CVS partnered with UPS to use drones to deliver prescription medication to The Villages, a densely populated retirement community in Central Florida.  In June of 2020, a Buffalo Wild Wings franchisee based in Mobile, Alabama announced that it would partner with Deuce Drone to demonstrate a drone delivery system in August of 2020.  

Given that drones capable of making food deliveries can be purchased for several thousands of dollars if not less, drone delivery may become a viable cost-effective means for restaurants to increase delivery capacity and reduce dependence on third-party applications without significantly increasing overhead.  However, restaurants seeking to capitalize on this new technology must navigate the aviation and privacy laws governing commercial drone operations.  

Federal Aviation Administration (FAA) regulations require that drone obtain a remote pilot certificate.  In order to obtain a remote pilot certificate, an individual must pass an online knowledge test administered by the FAA, be at least 16 years old, be able to write, speak, and understand English, and be medically and medically capable of safely operating a drone.  Drone operators must also register each drone online with the FAA and mark the drones with their distinct FAA-issued registration numbers.  

However, restaurants seeking to capitalize on this new technology must navigate the aviation and privacy laws governing commercial drone operations.  

Restaurants seeking to conduct drone deliveries will need to apply for and obtain four critical waivers from the FAA.  The first is a waiver of Part 107.31 which generally prohibits drone operation outside the operator’s line of sight.  The second is a waiver of Part 107.29 which generally limits drone operations to daylight hours.  The third is a waiver of Part 107.39 which generally prohibits drone operations over people.  The fourth is a waiver that prohibits a single operator from flying more than one small drone at a time.  In applying to the FAA for these waivers, restaurants must describe their operations, the geographical areas in which they plan to make drone deliveries, their drones, and proposed drone operators.  As the FAA is largely concerned with maintaining public safety and ensuring drones do not collide with manned aircraft, restaurants would be well advised to consult with an aviation attorney with experience in FAA regulatory matters in preparing their waiver applications in order to ensure that they satisfactorily address potential safety concerns.  

The federal Drone Operator Safety Act makes it a federal crime to operate a drone in a way that interferes with a manned aircraft including operating a drone in an airport’s runway exclusion zone.  Violations of the statute, which was enacted to prevent drones from colliding with manned aircraft, are punishable by up to a year in prison and up to life in prison if a violator causes or intends to cause death or serious bodily injury.  Furthermore, FAA regulations prohibit operations near airports without prior FAA approval.  Therefore, restaurants should not offer drone delivery to locations in close proximity to airports’ runway exclusion zones and design drones’ flight paths to avoid such areas at all times and restaurants located near airports should not offer drone delivery.  Developing and documenting stringent compliance protocols for this statute may increase a restaurant’s likelihood of success on its FAA waiver applications. 

Restaurants should consult their insurance brokers and attorneys to ensure that their liability insurance policies will cover any property damage or personal injuries caused by their drones and if necessary, purchase additional drone insurance to cover claims related to drone usage.  

In addition to federal aviation law, the FAA Reauthorization Act of 2018 in combination with a series of state information privacy and security laws impose information privacy requirements on commercial drone operators, including restaurants engaged in drone delivery.  Collectively, Sections 357, 375, and 378 of the Act require commercial drone operators to maintain publicly available privacy policies governing the collection, use, retention, dissemination, and deletion of data collected during drone operations and protect individual privacy consistent with state and local law as well as federal law.  Violations of a commercial drone operator’s required privacy policy are subject to enforcement by the Federal Trade Commission (FTC).  

A number of state statutes such as those in New York, California, Pennsylvania, and Texas require businesses to use proactively protect any personally identifiable information they possess or collect from unauthorized disclosure including data breaches.  Some such statutes, such as the New York SHIELD Act, which was enacted in 2019, have broad extraterritorial applicability to any entity that possesses the personally identifiable information of state residents regardless of where they are located or operate.  The California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, also requires covered entities to disclose what personal identifiable information they collect upon a California resident’s request and give all California residents give the right to opt out of any sale of their personally identifiable information and demand deletion of their personally identifiable information.

Although video and photographs of people or their property or vehicles taken by a drone may not constitute personally identifiable information for the purpose of state privacy statutes, it is possible that such information could be held to constitute personally identifiable information under such state laws that have yet to be extensively interpreted by courts and administrative agencies.  If possible, restaurants should not equip delivery drones with cameras capable of recording video or photographs of people or property and provide in their privacy policies that their drones do not do so.  If a delivery drone must be equipped with cameras for navigational purposes, it should be configured so not to record video or photographs and such configurations should be expressly disclosed in a restaurant’s privacy policy.  Drones equipped with cameras should not be equipped with technology capable of capturing thermal imaging or other biometric data which is subject to stringent laws in Illinois, Washington, and Texas prohibiting the collection of state residents’ biometric data without their prior express informed consent.  Restaurants should also provide in their privacy policies that their drones do not collect biometric data under any circumstances.   Given that multiple states have expressly prohibited drone voyeurism, restaurants should provide in their privacy policies that drones will not be used for any purpose other than food delivery and supervise and conduct background checks on all employees with access to drones to ensure that they are not used for voyeuristic or other potentially illegal purposes.

Restaurants must also keep abreast of and prepare to comply with drone delivery privacy legislation being considered at the state level, namely California Assembly Bill 2787, which limits collection, use, and retention of audio, geolocation, or visual information to that which is reasonably necessary and proportionate to make deliveries and delete any such information after each delivery is completed.  

Although drone delivery may pose legal and regulatory challenges, restaurants who partner with knowledgeable aviation and data privacy attorneys to effectively and efficiently navigate such challenges can develop a competitive and logistical advantage that could enable them to increase their delivery business without significantly increasing overhead, thereby enhancing their profitability during the COVID-19 Pandemic and beyond.