Data Protection & Privacy

Facebook needs to alert public about recording via smart glasses

The Irish and Italian data protection authority (DPA) have now asked Facebook to confirm if the Ray-Ban stories smart glasses give sufficient notice to third parties that they are being recorded. Further, they have asked the social media giant to alert the public as to how these smart glasses may record people through less obvious means.

Facebook recently launched smart glasses. They allow users to listen to music, take calls, or capture photos and short videos. It also allows users to share content across Facebook’s offerings using a companion app. Last week, the Italian DPA asked Facebook to clarify if these glasses comply with privacy laws. As such, it gave a reference of the case to the Irish Data Protection Authority.

The Issue

The Italian DPA, Garante, said it wanted to be informed on measures Facebook has put in place to protect the privacy of people occasionally filmed, in particular children. It also wants information regarding data anonymization features and the features of the voice assistant available on the smart glasses.

The Irish Data Protection Commission has now issued a statement on the matter. It says that since a camera or phone is visible, it gives notice to any third party being recorded. However, on the glasses, there is a “very small” LED indicator that indicates recording is happening.

It says that Facebook has not demonstrated to both the Irish and Italian DPCs if it undertook comprehensive testing in the field to ensure that the LED light sufficiently gives notice to third parties being recorded.

It is now calling on Facebook to confirm and demonstrate that the LED light effectively gives sufficient notice. Additionally, it will also order Facebook to run an information campaign to alert the public as to how this new consumer product may give rise to less obvious recording of their images.

Reference to the Irish Data Protection Commissioner

The GDPR has a one-stop-shop mechanism. As such, businesses operating in more than one European Union market would need to deal with only one ‘lead’ data protection authority [Article 56]. Facebook has its headquarters in Ireland, so the Irish Data Protection Authority would be the lead authority here.

Hence Garante has referred the issue to the Irish data protection commissioner and urged it to ask Facebook for clarifications.

Facebook said that it has built privacy into the product design and it will answer all queries of the regulators.

Do subscribe to our Telegram channel for more resources and discussions on tech-law. To receive weekly updates, don’t forget to subscribe to our Newsletter.

Rohit Ranjan Praveer

Rohit is a practicing advocate at Delhi. Beginning as a tech enthusiast, Rohit always had a keen interest in computer forensics and information security. Building upon these fundamentals, he has undertaken extensive research on various techno-legal topics and continues his pursuit pass on valuable information to the masses, with a zeal to build something that outlasts him.​

Share your thoughts!

This site uses Akismet to reduce spam. Learn how your comment data is processed.