Facebook warned over ‘very small’ indicator LED on smart glasses, as EU DPAs flag privacy concerns

Facebook’s lead privacy regulator in Europe has raised concerns about a pair of ‘smart’ Ray-Ban sunglasses the tech giant is now selling. The glasses include a face-mounted camera which can be used to take pictures and short videos with a verbal cue.

Ireland’s Data Protection Commission (DPC) said Friday that it’s asked the tech giant to demonstrate that an LED indicator light also mounted on the specs — which lights up when the user is taking a video — is an effective way of putting other people on notice that they are being recorded by the wearer.

Italy’s privacy watchdog, the Garante, already raised concerns about Facebook’s smart glasses — but Ireland has an outsized role as a regulator for the tech giant owing to where the company’s regional base is located.

Facebook announced what it couched as the “next step” on the road to making a pair of augmented reality ‘smart’ glasses a full year ago — saying initial specs would not include any AR but announcing a multi-year partnership luxury eyewear giant Luxottica, as it seemingly planned for a pipeline of increasingly feature-loaded ‘smart’ eyewear.

The first Facebook Ray-Ban-branded specs went on sale earlier this month — looking mostly like a standard pair of sunglasses but containing two 5 MP cameras mounted on the front that enable the user to take video of whatever they’re looking at and upload it to a new Facebook app called View. (The sunglasses also contain in-frame speakers so the user can listen to music and take phone calls.)

The specs also include a front mounted LED light which is supposed to switch on to indicate when a video is being recorded. However European regulators are concerned that what the DPC describes as a “very small” indicator is an inadequate mechanism for alerting people to the risk they are being recorded.

Facebook has not demonstrated it conducted comprehensive field testing of the device with a view to assessing the privacy risk it may pose, it added.

“While it is accepted that many devices including smart phones can record third party individuals, it is generally the case that the camera or the phone is visible as the device by which recording is happening, thereby putting those captured in the recordings on notice. With the glasses, there is a very small indicator light that comes on when recording is occurring. It has not been demonstrated to the DPC and Garante that comprehensive testing in the field was done by Facebook or Ray-Ban to ensure the indicator LED light is an effective means of giving notice,” the DPC wrote.

Facebook’s lead EU data protection regulator goes on to say it is calling on the tech giant to “confirm and demonstrate that the LED indicator light is effective for its purpose and to run an information campaign to alert the public as to how this new consumer product may give rise to less obvious recording of their images”.

Facebook has been contacted with questions.

It is not clear whether Facebook engaged with any EU privacy regulators during the design of the smart glasses.

Nor whether or when they might launch in Europe.

The specs sent on sale in the US earlier this month — costing $299. The price to Americans’ privacy is tbc.

Over the years, Facebook has delayed (or even halted) some of its product launches in Europe following regulatory concerns — including a facial tagging feature (which it later reintroduced in another form).

The launch of Facebook’s dating service in Europe was also delayed for more than nine months — and arrived with some claimed changes after an intervention by the DPC.

There are also ongoing limits on how the Facebook-owned messaging platform WhatsApp can share data with Facebook itself in Europe, again owing to regulatory push back. Although plenty of data does still flow from WhatsApp to Facebook in the EU and — zooming out — scores of privacy complaints against the tech giant remain under investigation in the region, meaning these issues are undecided and unenforced.

Earlier this month Ireland’s DPC did announce its first decision against a Facebook company (under the EU’s GDPR)  — hitting WhatsApp with a $267 penalty related to transparency failures. However the DPC has multiple unresolved complaints against Facebook or Facebook-owned businesses still on its desk.

In January the Irish regulator also agreed to “swiftly” resolve a (pre-GDPR) 2013 complaint against Facebook’s data transfers out of the EU to the US. That decision is still pending too.