Smart Glasses and GDPR: Why Europe Is Cracking Down on Camera-Equipped Eyewear

Smart glasses with built-in cameras are now among the fastest-growing categories of consumer electronics worldwide, and European regulators are beginning to ask whether they can be used at all under existing privacy law. Meta alone sold more than 7 million pairs of its smart glasses worldwide in 2025, and Samsung, Google, and Apple are all preparing competing devices.

The problem regulators keep returning to is consent. A smartphone camera is visible and held up deliberately. A camera built into a pair of glasses is neither. Anyone standing near someone wearing smart glasses can be recorded, photographed, or potentially identified, with no realistic way to know it is happening or to object.

This guide covers why Europe’s data protection authorities and lawmakers have moved smart glasses to the top of their 2026 privacy agenda, what the GDPR already requires when a camera is worn rather than held, and what organisations that use or supply this technology should do now.

For the underlying rules on when a photo or video becomes personal data, see GDPR for images.

Key Takeaways

• Data protection authorities, MEPs, and the European Data Protection Board (EDPB) are scrutinising smart glasses because bystanders captured by their cameras have no practical way to consent to being filmed. France’s CNIL and the EDPB both opened dedicated work on the issue in 2026, with an EDPB report on the “social acceptability” of smart glasses due in summer 2026.

• Scrutiny intensified after Swedish broadcaster SVD reported that contractors reviewing footage from Meta’s smart glasses to train its AI models, working from Kenya, had seen recordings of bathroom visits, banking details, and people having sex. The reports led to a US class action against Meta, formal questions from MEPs to the European Commission, and a letter from the Renew Europe group asking what action the EU can take.

• Organisations that deploy smart glasses, or whose staff or customers wear them, face the same GDPR obligations that apply to any camera: a lawful basis under Article 6, additional safeguards under Article 9 if facial recognition is involved, and a data protection impact assessment for higher-risk uses. See GDPR compliance and DPIA best practices for biometric data in AI systems.

What are smart glasses, and why does GDPR treat them differently from a phone?

Smart glasses combine a camera, a microphone, and often an AI assistant inside a normal-looking pair of glasses. Meta’s Ray-Ban models, the best-selling version in Europe, let the wearer record video, take photos, livestream, and ask an AI assistant questions about whatever the camera is pointed at, triggered by a tap or a voice command.

GDPR itself does not single out any particular device. A photo or video that makes someone identifiable is personal data, whether it comes from a phone, a CCTV system, or a pair of glasses. What changes with smart glasses is the practical reality of notice and consent. EDPB chair Anu Talus told POLITICO that the devices “really bring the filming, collecting information from people, into a new level if you compare it with smartphones.”

Why is consent the central problem with smart glasses?

GDPR Article 6 requires a lawful basis before anyone’s image can be captured and processed. For a photographer, a CCTV operator, or an event organiser, that basis usually rests on a notice, a sign, or a moment where the subject can reasonably tell a camera is involved.

Smart glasses remove that moment. Finn Lützow-Holm Myrstad, director of digital policy at the Norwegian Consumer Council, put it directly: “There’s no way that people can, in a meaningful way, consent and understand what they consent to if they’re being filmed.” He added that European authorities have “not been bold enough yet to use all the tools at their disposal” against the technology.

What does Meta say it has done to address this?

A Meta spokesperson told POLITICO that its AI glasses include an LED light that activates when someone records a photo or video that will be saved to the gallery, with tamper-detection technology to stop people covering the light. Unless the wearer chooses to share captured media, the company says it stays on the device. Meta says it has “teams dedicated to evolving these measures.”

Whether an LED indicator meets GDPR’s transparency requirements in practice is exactly the question regulators are now revisiting, and it is not the first time the issue has come up.

What triggered Europe’s regulatory crackdown in 2026?

The immediate trigger was a Swedish media investigation. Earlier in 2026, broadcaster SVD reported that subcontractors working for Meta in Kenya were reviewing “deeply private” footage captured by its smart glasses to help annotate content for AI training. According to the report, the footage included recordings of people’s bathroom visits, banking details, and people having sex.

The story moved quickly from a media scandal to a regulatory and legal one.

How did EU lawmakers respond to the Kenya reports?

MEPs put a formal question to the European Commission asking whether it would take “concrete action” to ensure Meta’s smart glasses and AI training practices comply with EU privacy rules. The Renew Europe group followed with a letter to the Commission on 4 June 2026, asking what could be done at EU level about what it called rapidly evolving technology.

European Justice Commissioner Michael McGrath responded that GDPR enforcement “lies with the national data protection authorities and courts,” pointing the issue back to member states rather than committing to centralised EU action.

MEP Veronika Cifrová Ostrihoňová framed the stakes in gendered terms, telling POLITICO it is “simply unacceptable for any woman to worry about being filmed in public secretly and then worry about those images being shared online.” She pointed to Meta’s own sales figures, noting that the glasses are reportedly among “the fastest-growing consumer electronics in history,” as the reason to act now rather than later.

What did the US class action allege?

Public interest law firm Clarkson filed a consumer class action against Meta Platforms and Luxottica of America in the US District Court for the Northern District of California in early March 2026 (case 3:26-cv-01897), brought by plaintiffs Gina Bartone and Mateo Canu. The complaint alleges that Meta marketed its AI glasses as “designed for privacy” while sending recorded video to third-party contractors, including the Kenya-based reviewers, for human review and AI training.

Clarkson managing partner Ryan Clarkson told POLITICO: “These products are essentially surveillance products, and they were marketed as tech products centred on user privacy and user control. Those promises turned out to be false.” Clarkson said his firm is recruiting EU consumers who bought Meta smart glasses and is already in contact with European lawyers considering a similar action.

What are data protection authorities doing about smart glasses?

Two parallel tracks are running: a Europe-wide review led by the EDPB and national action, so far led by France.

What did France’s CNIL say about connected glasses?

On 11 May 2026, France’s data protection authority, the CNIL, issued a public alert urging “vigilance” regarding connected glasses. It described the devices as posing a “significant risk” of normalising surveillance that is “almost invisible and omnipresent,” warning this “could lead to a profound transformation of our societies.”

The CNIL backed this with survey data: in a poll of 2,128 French adults conducted between 22 and 29 January 2026, 67% said connected glasses represent a risk to privacy, citing concerns about their right to their own image, consent, the potential for misuse such as deepfakes, and what happens to the data the glasses collect. The CNIL has launched an action plan on connected glasses and says it intends to coordinate this work through the EDPB.

What is the EDPB doing, and when will we know more?

The EDPB has commissioned a report on the “social acceptability of smart glasses,” which its chair, Anu Talus, said should be finalised in summer 2026. Talus told POLITICO the board will decide on further action once the report is complete. Until then, enforcement remains in the hands of national authorities such as the CNIL, Ireland’s Data Protection Commission, and Italy’s Garante.

Could facial recognition turn this into a much bigger compliance problem?

So far, the public debate has centred on ordinary photo and video capture. That changes if facial recognition is added to the mix.

What has been reported about Meta and facial recognition?

Meta is reportedly considering adding facial recognition capabilities to its smart glasses, according to a New York Times investigation from February 2026. Separately, Wired reported finding facial recognition code already built into the mobile app that smart glasses owners use to connect their devices to their phones, even though the feature was not active.

How would facial recognition change the GDPR analysis?

Processing an image to extract a biometric identifier for unique identification turns that image into special category data under GDPR Article 9, which requires explicit consent or another Article 9 condition, in addition to the standard Article 6 basis. For a full breakdown of these thresholds, see biometric data GDPR compliance made simple.

The EU AI Act adds a further layer. It already prohibits AI systems that build or expand facial recognition databases through untargeted scraping of facial images. This practice drew enforcement action against Clearview AI across multiple EU states, and it bans real-time remote biometric identification in public spaces for law enforcement except in narrowly defined cases. A consumer device that could identify strangers on the street by face sits close to the lines EU lawmakers have already drawn elsewhere, which is part of why MEPs specifically asked the Commission about Meta’s AI training and facial recognition plans.

Is this the first time regulators have looked at camera glasses?

No. Smart glasses with cameras have been on European regulators’ radar since their first mainstream launch.

What happened when Meta first launched camera-equipped glasses in Europe?

When Meta launched the first generation of Ray-Ban Stories in September 2021, Ireland’s Data Protection Commission and Italy’s Garante both raised concerns about whether people being recorded would realistically notice. The specific issue was the recording indicator: a small LED light. The DPC said it had not been shown evidence of field testing demonstrating that the LED was an effective way of notifying bystanders, and it called on Meta to either prove the indicator worked or run a public information campaign explaining how the product could record people less obviously than a phone.

In 2023, Meta released an updated version with a larger, more visible blinking light, a change regulators had recommended.

The 2026 debate covers the same underlying question, the adequacy of notice to bystanders, but at a much larger scale and with AI processing of the footage added on top.

What does this mean for organisations that use or supply smart glasses?

Whether the question is an employee wearing smart glasses on a shop floor, a retailer trialling the devices for staff, or a technology company building features on top of them, the GDPR obligations are the ones that already apply to any camera capturing identifiable people, just harder to manage because the camera is constantly worn and rarely obvious.

What lawful basis applies to footage captured by smart glasses?

The same Article 6 bases that apply to any image apply here: consent, legitimate interests, contract, or legal obligation, depending on context. The practical difficulty is that smart glasses make it far harder to give the kind of upfront notice that supports a legitimate interests assessment for CCTV-style filming. Organisations considering workplace use should review the same retention, access control, and notice requirements covered in GDPR CCTV compliance, and treat any footage of identifiable colleagues, customers, or members of the public accordingly.

Do organisations need a DPIA before deploying smart glasses?

In most cases, yes. A data protection impact assessment is mandatory for systematic monitoring of a publicly accessible area on a large scale, and for any high-risk processing involving biometric data. Smart glasses used at work, in retail, at events, or in any setting where they routinely capture members of the public will generally meet that threshold, particularly if the device or any connected app has facial recognition or AI analysis features enabled. See DPIA best practices for AI systems for the assessment structure.

What practical steps should organisations take now?

Organisations should map where smart glasses are already in use, formally or informally, including by employees who bought their own. Any deployment should have a documented lawful basis, a clear policy on what gets recorded and why, defined retention periods, and a way for people who are recorded to exercise their GDPR rights. Where the device or an associated app offers AI features that process footage, including any form of automatic identification, that processing needs its own assessment under Article 9 and, where applicable, the EU AI Act.

What happens next?

Three things are moving on separate timelines.

The EDPB’s report on the social acceptability of smart glasses is due in summer 2026, after which the board has said it will decide on further action. National authorities, led by the CNIL, are continuing their own work in parallel, and the Renew Europe letter has put pressure on the Commission to clarify whether it sees a role for EU-level coordination beyond the existing national enforcement model.

Separately, the EU’s Batteries Regulation requires removable batteries in mobile devices from 2027, a requirement that Meta’s display-equipped smart glasses currently do not meet. US Ambassador to the EU Andrew Puzder has criticised this rule as overly restrictive and urged European regulators to act as “business facilitators,” arguing that regulation should not come at the cost of preventing the product from being sold in the EU at all.

Meanwhile, the market keeps growing. EssilorLuxottica’s first-quarter 2026 results described smart glasses sales as ramping up “exponentially” in the US, while distribution across Europe, the Middle East, and Africa remains slow, with more than half of sales points still not carrying the product. Samsung and Google have announced a joint line of “intelligent eyewear” for later in 2026, and Apple is reportedly targeting its own smart glasses for late 2027. Whatever the EDPB and national regulators decide this summer will land just as several more competitors enter the European market.

How can GDPRLocal help with smart glasses compliance?

Smart glasses sit at the intersection of image processing, biometric data, AI training, and workplace monitoring, four areas GDPRLocal already advises on individually. If your organisation is trialling or deploying camera-equipped wearables, or building products that process footage from them, our team can help with lawful basis assessments, DPIA preparation, and policies that hold up as this area of law develops. Visit our AI compliance services page to find out more.

Frequently Asked Questions

Are smart glasses with built-in cameras legal under GDPR?

Owning and using smart glasses is not illegal. GDPR applies to the processing of personal data they capture. Recording identifiable people without a lawful basis, adequate transparency, or appropriate safeguards creates the compliance risk, just as it would with any other camera.

Can someone object to being filmed in public by smart glasses?

In principle, yes, GDPR rights of access, objection, and erasure apply to footage that includes identifiable individuals regardless of the device used. In practice, exercising those rights depends on knowing that a recording occurred and being able to identify the controller, which privacy groups argue smart glasses make very difficult.

Do smart glasses use facial recognition today?

Meta’s current commercial smart glasses are not marketed with facial recognition. However, Meta has reportedly considered adding the capability, and facial recognition code has been found, inactive, in the companion app. If activated, this would trigger GDPR Article 9 special category requirements and likely engage EU AI Act provisions on biometric systems.

When will the EDPB publish its findings on smart glasses?

EDPB chair Anu Talus told POLITICO the commissioned report on the social acceptability of smart glasses should be finalised in summer 2026, with the board deciding on next steps after that.

Should businesses restrict the use of smart glasses in the workplace?

Any organisation where staff might wear camera-equipped smart glasses around colleagues or customers should treat this in the same way as any other recording device: define an acceptable use policy, establish a lawful basis for any footage that is retained, and assess whether a DPIA is required. Doing nothing is itself a compliance gap, given regulators are actively examining this exact scenario.