Facebook needs to alert public about recording via smart glasses
The Irish and Italian data protection authority (DPA) have now asked Facebook to confirm if the Ray-Ban stories smart glasses give sufficient notice to third parties that they are being recorded. Further, they have asked the social media giant to alert the public as to how these smart glasses may record people through less obvious means.
Facebook recently launched smart glasses. They allow users to listen to music, take calls, or capture photos and short videos. It also allows users to share content across Facebook’s offerings using a companion app. Last week, the Italian DPA asked Facebook to clarify if these glasses comply with privacy laws. As such, it gave a reference of the case to the Irish Data Protection Authority.
The Issue
The Italian DPA, Garante, said it wanted to be informed on measures Facebook has put in place to protect the privacy of people occasionally filmed, in particular children. It also wants information regarding data anonymization features and the features of the voice assistant available on the smart glasses.
The Irish Data Protection Commission has now issued a statement on the matter. It says that since a camera or phone is visible, it gives notice to any third party being recorded. However, on the glasses, there is a “very small” LED indicator that indicates recording is happening.
It says that Facebook has not demonstrated to both the Irish and Italian DPCs if it undertook comprehensive testing in the field to ensure that the LED light sufficiently gives notice to third parties being recorded.
It is now calling on Facebook to confirm and demonstrate that the LED light effectively gives sufficient notice. Additionally, it will also order Facebook to run an information campaign to alert the public as to how this new consumer product may give rise to less obvious recording of their images.
Reference to the Irish Data Protection Commissioner
The GDPR has a one-stop-shop mechanism. As such, businesses operating in more than one European Union market would need to deal with only one ‘lead’ data protection authority [Article 56]. Facebook has its headquarters in Ireland, so the Irish Data Protection Authority would be the lead authority here.
Hence Garante has referred the issue to the Irish data protection commissioner and urged it to ask Facebook for clarifications.
Facebook said that it has built privacy into the product design and it will answer all queries of the regulators.
Do subscribe to our Telegram channel for more resources and discussions on tech-law. To receive weekly updates, don’t forget to subscribe to our Newsletter.