Smart Glasses and Data Protection
Brussels, January 2019
Smart glasses are wearable computers with a mobile Internet connection that are worn like glasses or that are mounted on regular glasses. They allow to display information in the user’s view field and to capture information from the physical world using e.g. camera, microphone and GPS receiver for augmented-reality (AR) applications.
The initial release of Google’s smart glass gained significant attention worldwide and increased the popularity of those devices. While the target audience has been initially the business sector (e.g. logistics, training simulations, etc.) with unit prices of about EUR 1500, recently competitors such as Snap Inc. address a wider and younger audience with cheaper models for about EUR 150.
While smart glasses may be very useful tools in many fields of application (technical maintenance, education, construction, etc.), their use has been discussed controversially because they also are considered to yield a high potential to undermine the privacy of individuals, especially where not properly privacy-friendly designed. The data protection impact of recording videos of persons in public places has already been discussed in the context of CCTV and dashcams. The sensors may record environmental information including video streams of the users’ view field, audio recordings and localisation data. Furthermore, smart glasses may allow their users to process invisible personal data of others, such as device identifiers, that devices emit regularly in form of Wi-Fi or Bluetooth radio signals. These data may not only contain personal data of the users, but also of individuals in their proximity (non- users). Applications of the smart glasses may process recorded data locally or remotely by third parties after an automated transfer via the Internet. Especially when smart glasses are used in densely populated public areas, existing safeguards to inform data subjects by means of acoustic or visual indicators (LEDs) are not efficient. Smart glasses may also leak personal data of their users to their environment. Depending on the smart glass design, non-users may also watch the smart glass display, which may contain personal data such as private mails, pictures, etc. Like any other Internet connected device, smart glasses may suffer from security loopholes than can be actively exploited to steal data or run unauthorised software.
While smart glasses play so far only a marginal role in everyday life, experts estimate an important potential to increase productivity in the professional sector thanks to AR and the smart glasses initiatives of Facebook, Apple and Amazon will lead to an increasing adoption in the consumer market. Technological improvements in facial or voice recognition and battery life may allow for novel use cases of smart glasses in many sectors. For instance, in the law enforcement field, reports revealed in early 2018 that police officers employ smart glasses to match individuals (in crowds) against a database of criminal suspects using facial recognition. In this dynamic field, data protection authorities are challenged to keep pace with the rapid developments and provide guidelines. Indeed, many aspects have been covered already in the WP 29 Opinion on the Internet of Things.
With the GDPR, a harmonised set of principles and a system of tools have been provided, first and foremost for the controllers, processors and developers of smart glasses to assess and control their impact on data protection and privacy. At the current stage of the development, an urgent need for technology specific legislative initiatives does not appear to be justified. However, the development of smart glasses and similar connected recording devices underlines the need to establish a robust framework for privacy and electronic communications, as proposed with the ePrivacy Regulation.
You can find the full report and the link below: