For years, privacy concerns have been centred around computers and mobile devices. Where users are responsible for the app they use, the permissions they grant, and the data trail they leave behind. These dynamics have been changed by the introduction of the AI glasses. They move computation, cameras, microphones, and networked intelligence from a tool you visibly use to an object you can wear all day.
This shift matters because privacy is no longer limited to the person who buys the device. It automatically extends to everyone around them. Mobile phones, unlike AI glasses, announce themselves, which can be seen when someone lifts it, points it, unlocks it, or taps the shutter. On the other hand, AI glasses remove these social cues, as once a user put it on their face, it blends into everyday life and makes data capture feel ordinary. This makes AI glasses different, and this is what makes them difficult. A person can simply be standing in front of you, listening to you, or looking in your direction while a networked system captures audio, images, or contextual data from their perspective.
Studies have found that current designs have been increasingly integrating cameras into conventional eyeglass frames, making them hard to distinguish in public. This is why AI glasses raise layered privacy concerns: their design makes recording less visible, their use affects bystanders, their AI features can turn capture into inference, and their cloud systems can make ordinary moments persistent and reusable.
Weak Privacy by Design
The manufacturer of these glasses often claim to have incorporated ‘privacy by design’ into their devices by incorporating indicators such as LED lights and app-based notices and controls. Researchers have pointed out that these measures are largely symbolic rather than effective.
The capture LED is a useful example. In theory, this light is meant to notify bystanders that a recording is taking place. In reality, studies on wearable devices have shown that such indicators are frequently too subtle, easily obscured, or not widely understood by the public. Research on such devices has found that bystanders often fail to notice or correctly interpret recording signals, leading to ineffective notice in real-world settings. This leads to making ‘capture LED’ more of a minimal warning mechanism than a proper privacy safeguard. Although the manufacturers claim that the ‘capture LED’ cannot be tampered with, news reports have claimed that people have been able to successfully hide/disable this light to film people without their consent.
Article 25 requires data protection by design and by default, meaning safeguards must be effective from the design stage. A small LED light or optional app control may show that privacy was considered, but it may not be enough if it does not actually reduce the risk of unlawful recording or excessive data collection.
The Bystander Problem
To understand privacy concerns around AI glasses, we have to stop thinking only about the buyer and start thinking about the bystander. The person wearing the device chose it, whereas the people around them did not.
The bystander problem has been a key issue with such devices for years. Denning’s 2014 research on the privacy of ‘augmented reality glasses’ stated that bystanders are the largest stakeholder group and that their privacy concerns deserve direct design attention. The recent designs have shown that the issue has become more urgent as the hardware manufacturers have focused on making these devices less conspicuous. Similarly, a study done on the wearer’s perspective of camera glasses found that the burden of protecting others’ privacy falls on users because the built-in privacy indicators are not effective at notifying bystanders. Moreover, the design of such glasses and their privacy indicators has failed to convey this message clearly and unambiguously in day-to-day life. The study on ‘Mapping Wearer-Bystander Privacy Tensions and Context-Adaptive Pathways for Camera Glasses’ found a clear divide between what
The central issue with privacy on AI glasses is it shifts the burden of awareness onto the person with the least information and the least control. As a bystander cannot tell whether a wearable is collecting their data, their moment of choice disappears. This also creates a transparency problem under Articles 12–14 GDPR. These provisions require individuals to receive clear and accessible information about the processing of their personal data. If bystanders cannot realistically notice or understand that recording is taking place, any notice becomes formal rather than meaningful. The consequence is not limited to the fact that their data may be captured but it extends to their inability to manage their own exposure in real time.
The BLR article explains the need to introduce “privacy frictions” for wearable AI devices. Introducing these frictions can make the indiscriminate recording of these devices stricter. AI glasses are designed to blend into everyday life. That may be good product design, but it is often bad privacy design. The author also quotes the CEO of Rewind, who suggested a few privacy frictions for their product, with the first being to only store recordings of individuals who verbally decide to opt in, thereby creating a relevant third-party consent and Second, to only store text summarisation of any conversation happening between the wearer and bystander. These suggestions might not be an optimal solution, but still, such privacy frictions offer better safeguards than what currently the manufacturers are relying on.
From Recording to Inference
The versatility of AI glasses doesn’t stop at ‘recording’. The deeper concern is what comes after it, i.e. identifying individuals around the wearer. The concern is not abstract. Recognition changes the meaning of capture, which makes a momentary encounter a searchable event. That’s why jurisdictions such as EU and UK are treating recognition as more than just another product feature.
The privacy risk around AI glass recordings are broader than simply identifying someone by name. AI-enabled wearables can also infer things about people from their face, voice, movement, or surroundings. A person may never be formally recognised, yet still be analysed in ways that reveal emotion, behaviour, context, or other personal traits. This is what makes AI glasses especially sensitive from a privacy perspective. They do not merely observe the world, but increasingly interpret it. This violates Article 5 GDPR, specifically the principles of fairness, transparency, data minimisation, and purpose limitation. When AI glasses capture faces, voices, movement, and surroundings for later analysis, the processing may go beyond what is necessary or reasonably expected.
European regulators have taken this seriously. In their 2021 joint opinion on the AI Act, the EDPB and EDPS warned that remote biometric identification in publicly accessible spaces poses a high risk to private life and to people’s expectation of anonymity in public. They also went further, calling for a ban on AI-based automated recognition of human features in public spaces, including not only faces but also gait, voice, and other biometric or behavioural signals. Such data is always being recorded by the AI glasses.
The UK ICO, in its surveillance guidelines, states that audio recording of is generally more privacy-intrusive than purely visual recording, and that conversations between members of the public should not normally be recorded unless there is a much stronger justification. For AI glasses, the issue is not whether audio is recorded by the user with a click of a button, but rather whether it can quietly preserve fragments of speech, background conversations, or voice interactions in everyday spaces.
AI glasses are not self-contained devices, they rely heavily on companion apps, cloud storage and broader AI ecosystems. This symbiotic relation violates basic privacy principles for example, where is it stored? how long is it kept? who can access it? and does it remain tied only to the original purpose for which it was captured?
The Electronic Frontier Foundation’s analysis of Meta’s smart glasses highlighted all the issues with such technologies. The footage recorded on the AI glasses is auto-imported into Meta’s mobile app, and this feature is on by default on Android 13+ and IOS devices. Further, unless the user changes these default settings, it shall be stored on “cloud media” for up to 30 days unless the user changes that setting. This processing is alarming, as a recent investigation done by a style="color: #000000" href="https://www.svd.se/a/K8nrV4/metas-ai-smart-glasses-and-data-privacy-concerns-workers-say-we-see-everything" >Swedish Newspaper (Svenska Dagbladet) found that Meta had contracted a sub-processor to conduct a human review before the data was used to train its AI model. The investigation found that human reviewers had access to the recordings of Meta glasses, including users’ bank card details, private messages, and intimate moments that had been inadvertently captured by the device. So, the privacy issue is no longer just visible capture in public, it is the much less visible transformation of ordinary social moments into stored, reusable, and analysable data inside a larger commercial AI ecosystem, violating the principles of necessity and purpose limitation.
AI glasses represent a fundamental shift in how data is collected and processed. Unlike traditional devices, they blur the boundary between user and environment, turning everyday interactions into potential data sources. As discussed above, the privacy concerns are not limited to one issue but spread across multiple layers, like weak privacy by design, lack of meaningful transparency for bystanders, the shift from recording to inference, and the transformation of captured data into persistent, reusable assets within AI ecosystems.
The core problem is structural. Existing privacy frameworks, particularly those based on individual consent and user control, are incapable of addressing technologies that affect people who are not direct users. AI glasses expose the loopholes in the current legal approaches by shifting control away from those most affected (i.e., the bystanders). If left unaddressed, these devices risk normalising a form of ambient and continuous surveillance where individuals are observed, analysed, and stored without clear awareness or control. The challenge, therefore, is not simply to regulate AI glasses as another gadget, but to rethink how privacy law applies to technologies that operate seamlessly within our social life.
Ultimately, the future of AI glasses will depend on whether privacy is treated as a core design principle or an afterthought. Without imposing stronger safeguards, both technical and legal, the balance is likely to tilt in favour of surveillance rather than privacy protection.
We at Data Secure (Data Privacy Automation Solution) DATA SECURE - Data Privacy Automation Solution Solution can help you to understand Privacy and Trust while lawfully processing the personal data and provide Privacy Training and Awareness sessions in order to increase the privacy quotient of the organisation.
We can design and implement RoPA, DPIA and PIA assessments for meeting compliance and mitigating risks as per the requirement of legal and regulatory frameworks on privacy regulations across the globe especially conforming to GDPR, UK DPA 2018, CCPA, India Digital Personal Data Protection Act 2023. For more details, kindly visit DPO India – Your outsourced DPO Partner in 2025 (dpo-india.com).
For any demo/presentation of solutions on Data Privacy and Privacy Management as per EU GDPR, CCPA, CPRA or India DPDP Act 2023 and Secure Email transmission, kindly write to us at info@datasecure.ind.in or dpo@dpo-india.com.
For downloading the various Global Privacy Laws kindly visit the Resources page of DPO India - Your Outsourced DPO Partner in 2025
We serve as a comprehensive resource on the Digital Personal Data Protection Act, 2023 (Digital Personal Data Protection Act 2023 & Draft DPDP Rules 2025), India's landmark legislation on digital personal data protection. It provides access to the full text of the Act, the Draft DPDP Rules 2025, and detailed breakdowns of each chapter, covering topics such as data fiduciary obligations, rights of data principals, and the establishment of the Data Protection Board of India. For more details, kindly visit DPDP Act 2023 – Digital Personal Data Protection Act 2023 & Draft DPDP Rules 2025
We provide in-depth solutions and content on AI Risk Assessment and compliance, privacy regulations, and emerging industry trends. Our goal is to establish a credible platform that keeps businesses and professionals informed while also paving the way for future services in AI and privacy assessments. To Know More, Kindly Visit – AI Nexus Your Trusted Partner in AI Risk Assessment and Privacy Compliance|AI-Nexus
.png)
Regus Elegance, Level 2, Elegance Tower, Mathura Road, Jasola, New Delhi – 110025, INDIA
Copyright 2025, AI-Nexus All Rights Reserved.