Facebook warned over ‘very small’ indicator LED on smart glasses, as EU DPAs flag privacy concerns

Facebook’s lead privacy regulator in Europe has raised concerns about a pair of “smart” Ray-Ban sunglasses the tech giant is now selling. The glasses include a face-mounted camera that can be used to take pictures and short videos with a verbal cue.

Ireland’s Data Protection Commission (DPC) said Friday that it has asked the tech giant to demonstrate that an LED indicator light also mounted on the specs — which lights up when the user is taking a video — is an effective way of putting other people on notice that they are being recorded by the wearer.

Italy’s privacy watchdog, the Garante, already raised concerns about Facebook’s smart glasses — but Ireland has an outsized role as a regulator for the tech giant owing to where the company’s regional base is located.

Facebook announced what it couched as the “next step” on the road to making a pair of augmented reality “smart” glasses a full year ago — saying initial specs would not include any AR but announcing a multiyear partnership with luxury eyewear giant Luxottica, as it seemingly planned for a pipeline of increasingly feature-loaded “smart” eyewear.

The first Facebook Ray-Ban-branded specs went on sale earlier this month — looking mostly like a standard pair of sunglasses but containing two 5 MP cameras mounted on the front that enable the user to take video of whatever they’re looking at and upload it to a new Facebook app called View. (The sunglasses also contain in-frame speakers so the user can listen to music and take phone calls.)

The specs also include a front-mounted LED light which is supposed to switch on to indicate when a video is being recorded. However European regulators are concerned that what the DPC describes as a “very small” indicator is an inadequate mechanism for alerting people to the risk they are being recorded.

Facebook has not demonstrated it conducted comprehensive field testing of the device with a view to assessing the privacy risk it may pose, it added.

“While it is accepted that many devices including smart phones can record third party individuals, it is generally the case that the camera or the phone is visible as the device by which recording is happening, thereby putting those captured in the recordings on notice. With the glasses, there is a very small indicator light that comes on when recording is occurring. It has not been demonstrated to the DPC and Garante that comprehensive testing in the field was done by Facebook or Ray-Ban to ensure the indicator LED light is an effective means of giving notice,” the DPC wrote.

Facebook’s lead EU data protection regulator goes on to say it is calling on the tech giant to “confirm and demonstrate that the LED indicator light is effective for its purpose and to run an information campaign to alert the public as to how this new consumer product may give rise to less obvious recording of their images”.

Facebook was contacted with questions.

A Facebook spokesperson told us: “We know people have questions about new technologies and how they work and it’s important to us that we are part of this conversation. We will be working together with our regulatory partners, including the Irish DPC as our lead regulator, to help people understand more about how this new technology works, and the controls they have.”

The company also claimed that it engaged with the DPC ahead of the launch of the specs and said it continues to do so. It also pointed out that the glasses include an off switch.

The Irish regulator confirmed it was briefed by Facebook regarding the glasses’ compliance with data protection ahead of the launch but Deputy Commissioner Graham Doyle said it was not consulted on product features.

“We were briefed and provided with details on compliance with data protection requirements during the summer but not consulted on the development of the product (design and feature[s] had already been done when they came to us),” he said.

“We shared the info with other DPAs and ourselves and the Garante in particular raised concerns with Facebook — to do with the operation and field testing of the glasses.”

The specs went on sale earlier this month — costing $299 in the U.S. Facebook confirmed they are also currently on sale in Ireland and Italy in the EU and in the U.K.

Over the years, Facebook has delayed (or even halted) some of its product launches in Europe following regulatory concerns — including a facial tagging feature (which it later reintroduced in another form).

The launch of Facebook’s dating service in Europe was also delayed for more than nine months — and arrived with some claimed changes after an intervention by the DPC.

There are also ongoing limits on how the Facebook-owned messaging platform WhatsApp can share data with Facebook itself in Europe, again owing to regulatory push back. Although plenty of data does still flow from WhatsApp to Facebook in the EU and — zooming out — scores of privacy complaints against the tech giant remain under investigation in the region, meaning these issues are undecided and unenforced.

Earlier this month Ireland’s DPC did announce its first decision against a Facebook company (under the EU’s GDPR) — hitting WhatsApp with a $267 penalty related to transparency failures. However the DPC has multiple unresolved complaints against Facebook or Facebook-owned businesses still on its desk.

In January the Irish regulator also agreed to “swiftly” resolve a (pre-GDPR) 2013 complaint against Facebook’s data transfers out of the EU to the U.S. That decision is still pending too.

This report was updated with comment from Facebook and the DPC.