Smart Glasses GDPR

Smart glasses are becoming increasingly common and can be difficult to distinguish from ordinary glasses. This makes the technology convenient, but it also raises questions about privacy, responsibility and personal data. When smart glasses are used to film, take photographs or record audio, there may therefore be reason to understand how the rules apply, and in some situations an assessment with a GDPR lawyer may be relevant.

The issue is not only what the technology can do, but how it is used in practice. For private individuals, the question is often what is permitted and appropriate in everyday situations. For organisations, the same technology may also raise issues concerning data protection, internal procedures and responsibility for recorded material.

Why smart glasses raise specific GDPR issues

Filming with smart glasses can, in many situations, be compared with filming using a mobile phone. The difference is that smart glasses make recording less visible to those nearby. This can create uncertainty for other people, as it is not always possible to tell whether the camera or microphone is actually being used.

Many models also have several functions operating at the same time. They can not only record images and sound, but also process location data, connect to apps or store material in cloud services. This means that the privacy issue is often broader than the recording itself. Other information linked to the use of the device may also be sensitive.

The legal position depends on the situation

There is no general ban on smart glasses. The assessment instead depends on where they are used, what is recorded, how the material is handled and whether it is shared further. In many everyday situations, the use of smart glasses is not prohibited in itself, but that does not mean it is always appropriate.

In certain environments, recording may be expressly unlawful. This may, for example, apply to covert filming in particularly private spaces or filming protected sites where photography or recording is prohibited. The dissemination of recorded material may also be criminal if the content is highly privacy-sensitive. Where material is shared with a wider audience, for example online, the rules under GDPR may also become relevant.

The Data Protection Agency has highlighted the issue

The Data Protection Agency has highlighted the use of smart glasses as a relevant issue. It is not difficult to see why. The technology can make it easier to collect images, audio and other information without those nearby clearly noticing it. The Agency’s focus on the issue shows that smart glasses are not merely a technological development, but also a matter of personal privacy, respect for others and responsible information management.

Ten points to consider when using smart glasses

• The same basic principle as mobile phone filming: If it would feel inappropriate to film with a mobile phone, it will often also be inappropriate to film with smart glasses.
• People nearby may feel uncomfortable: Even when you are not recording, others may feel uncertain because it can be difficult to know whether the glasses’ recording function is active.
• Audio may be captured unintentionally: Microphones may record background conversations, even where this is not intended.
• Material may be shared further: Recordings may be stored in apps or cloud services and, in some cases, become accessible to more people than the user alone.
• Metadata may also be sensitive: Location data and other technical information may reveal a great deal about both the user and people nearby.
• Certain filming may be criminal: Use must be assessed carefully, particularly in private spaces or where specific prohibitions apply.
• Dissemination may also be unlawful: A person who shares privacy-sensitive material about others may, in some cases, commit a criminal offence.
• Online sharing may trigger GDPR issues: If material is published to a wider audience, rules on personal data may become relevant.
• Organisations need to think one step further: Where smart glasses are used at work or within organisations, requirements concerning procedures, information and secure handling will often arise.
• Certain environments may prohibit the technology: Schools, preschools and other organisations may have their own rules on smart glasses.

What is lawful is not always the same as what is appropriate

An important practical starting point is that the law does not always provide the full answer. Even if a particular recording is not expressly prohibited, it may be perceived as intrusive or inappropriate. This applies particularly in social contexts, in interactions with strangers or in environments where people have reason to expect protection from being documented.

For private individuals, this is therefore often a matter of sound judgement and respect for others. For organisations, it is also about weighing benefit against risk and considering whether the same purpose can be achieved using methods that are less privacy-sensitive.

How to reduce GDPR and privacy risks when using smart glasses

Anyone using smart glasses should consider both the use and the consequences before any recording takes place. This applies whether the user is acting privately or within the framework of an organisation.

• Avoid recording in situations where people would typically expect privacy.
• Be clear about whether recording is taking place and why it is being done.
• Check how material is stored, shared and potentially used by the supplier.
• Do not share material further without carefully considering the privacy risks.
• Carry out a specific assessment if recording takes place within an organised activity or is published to a wider audience.

Final comment on smart glasses and GDPR

Smart glasses illustrate how new technology can quickly blur the line between what is practical and what is privacy-sensitive. Both private individuals and organisations therefore need to consider not only what is possible, but also what is responsible. At morlings.se, our GDPR lawyers and business lawyers advise on data protection, privacy and new technology across Europe.