The satellite industry is in the midst of an evolution. Technological advances have led to the commercial coming-of-age of small satellites and dramatic improvements in the resolution of satellite imagery, spurring the rise of innovative companies that are transforming the industry from the inside. The number of earth observation and remote sensing satellites is growing, and they are gathering massive amounts of data about what is happening on Earth. The data itself is a valuable commodity, and companies with machine learning technology can analyze it with unprecedented efficiency to deliver powerful insights for customers, which generates new revenue streams. For example, some companies apply machine learning to satellite imagery and other data sets to forecast crop yields before official estimates are published, giving customers a competitive advantage.
This transformation within the industry is exciting, but it exposes a growing number of space and satellite-related companies to regulatory action in the areas of privacy, Artificial Intelligence (AI), and cloud computing.
Public concern about privacy and data protection is growing globally, and many administrations have recently implemented or are considering regulations in this area. The European Union’s General Data Protection Regulation (GDPR) is the best-known framework to have emerged lately, and it introduces a new compliance burden on satellite operators that collect data on European Union (EU) citizens. More specifically, GDPR defines location data that relates to an identifiable individual as personal data, which means operators that collect or make available such location data must comply with the law’s requirements to protect users’ privacy, even if no other personally identifiable information is being processed. Collecting or processing satellite imagery that enables the identification of individuals could also subject a company to the law, and as the resolution of geospatial imagery continues to improve, regulators around the world could increasingly come to view it as a privacy concern.
The ITU-T’s Study Group 17 is developing standards on the protection of personally identifiable information and big data analytics. At the 2017 World Telecommunication Development Conference (WTDC), multiple administrations sought — unsuccessfully — to add privacy and data protection references to the conference’s output document, the Buenos Aires Declaration. However, privacy and data protection will likely feature prominently at the ITU Plenipotentiary in October 2018, particularly in the context of developing a global cybersecurity treaty.
AI, specifically machine learning, is a key ingredient in enabling new satellite data applications, and dramatic advances in AI capabilities are prompting legislators’ and regulators’ interest. The European Commission, for example, has created a high-level group on AI to advise on the Commission’s legislative approach. The group will also develop ethics guidelines by end of 2018, part of the Commission’s larger AI strategy to develop a legal framework. Similarly in the U.S., legislators are considering the Future of AI Act, which would require the Secretary of Commerce to establish its own AI advisory committee.
Additionally, standards bodies are attempting to forge consensus on various aspects of artificial intelligence and machine learning.
Many data analytics companies build their services around cloud computing — another area of increased regulatory scrutiny. The ITU-T’s Study Group 13 is developing standards on the cloud computing ecosystem, including deployment considerations and requirements for interoperability and data portability. Study Group 1 of the development arm of the ITU (ITU-D) is studying the economic and policy impact of cloud computing for developing countries. The outcome could oblige member states to regulate cloud service deployment.
Whether you are a satellite operator collecting data from space, a data analytics firm interpreting satellite data for third-party customers, or both, increasing national and international activity in these areas should raise the alarm. But fear not — understanding the landscape of challenges before one’s business is the first step in protecting it. VS