Smart glasses with AI capabilities have evolved from a futuristic concept to an everyday reality. The market exploded in 2024, with global smart glasses shipments surging 210% year over year, driven primarily by Meta’s Ray-Ban smart glasses. From the consumer Meta Ray-Ban display (with a built-in heads-up display announced in September 2025), to Meta and Oakley’s partnership on athletic glasses, to enterprise solutions like RealWear and Vuzix for industrial use, to developer options like Brilliant Labs’ Frame Glasses, these devices promise to revolutionize the way we interact with the world.
However, innovation comes with risks. Modern AI glasses can record video and audio, process conversations in real-time with AI assistants, perform visual analysis of everything visible, generate meeting summaries, create searchable transcripts, and send data to cloud servers, often without obvious visual indicators. The compliance landscape is precarious for companies deploying these technologies and for individuals using them in professional environments.
Part 1 of this series covers collecting biometric data.
risk
AI glasses are increasingly incorporating biometric data collection features that trigger strict privacy regulations. This includes facial recognition through camera feeds, capturing voiceprints through AI transcription (see the upcoming Part 2 of this series for more on the inherent risks of AI), eye tracking and gaze analysis, and even processing images that can be used to identify individuals. Biometric data enjoys increased protection under laws such as California’s Consumer Privacy Act (CCPA), Illinois’ Biometric Information Privacy Act (BIPA), and the European Union’s General Data Protection Regulation (GDPR).
The 2024 Charlotte Tilbury settlement established that virtual try-on features using facial geometry may constitute biometric data collection under BIPA and may require separate notification and annual reaffirmation of consent. This case and other precedents apply directly to AI glasses that process visual and audio data that may constitute biometric information.
Related use cases
Employees in retail stores using AI glasses that analyze customers’ faces and body language for personalized service recommendations Security guards deploying glasses with facial recognition for identification Healthcare providers using glasses that process images of patients and potentially capture biometric identifiers Workplace uses where AI processes images and voices of employees, customers, and the public Industrial workers where AI glasses capture and analyze the faces and voices of colleagues during recorded training sessions
why is it important
BIPA provides for statutory damages of $1,000 to $5,000 per violation, along with attorney’s fees. Following the Illinois Supreme Court’s 2023 Cothron decision, each scan or transmission could be a separate violation, but the 2024 amendments limited this to one violation per person per method of collection. Clearview AI’s $51.75 million settlement in 2025 illustrates the scale of the damage. Biometric data from millions of individuals exposes companies to bankruptcy-level liability.
BIPA may be the most popular biometric law in the United States, but it’s not the only one. Measures regulating the collection, use, and disclosure of biometric information exist in states such as California, Colorado, Texas, and Washington, as well as several cities such as New York City and Portland, Oregon.
For an overview of these requirements, see the biometrics white paper.
Practical compliance considerations
The compliance challenges surrounding AI glasses are significant, but manageable with proper planning.
Address applicable notice, consent, and policy requirements: Organizations may need to develop detailed written policies governing when, where, and how AI glasses can be used. It supports recording functions, AI processing, and data transmission, and specifies prohibited uses. Include clear guidance on consumer and enterprise devices. And, of course, consider any applicable notice, consent, and record-retention policies. Conduct a privacy impact assessment: Assess the privacy risks specific to your industry, region, and use case before deploying AI glasses. Consider biometric data collection, workplace surveillance, third-party AI processing, and cross-border data transfer. Please note that such a risk assessment may be required. See here and here. Implement technical controls: Use your device management solution to control which features can be activated and where. Consider geofencing to automatically disable recording in sensitive areas such as bathrooms, break rooms, confidential meeting spaces, and medical facilities. Veteran vendors and AI services: Understand where your data is going, who will process it, how long it will be retained, what security controls are in place, and whether the vendor will sign appropriate contracts (e.g., BAA for HIPAA, DPA for GDPR). Negotiate contracts that protect your organization and comply with your obligations. Train rigorously: Ensure all users understand the legal implications of AI glasses, including consent requirements, prohibited uses, data processing obligations, and discovery implications. Training should be role-specific and updated regularly. Monitor regulatory developments: Regulations around biometrics and AI tools that use that information to enable additional functionality are rapidly evolving. The EU AI law will take effect in 2024, California will strengthen its AI regulatory environment in 2024-2025, and federal AI law is being considered. State workplace surveillance laws are proliferating. Stay informed of legal developments. Establish clear lines of responsibility: Designate someone responsible for AI glasses compliance, including legal reviews, privacy assessments, security controls, human resources considerations, policy enforcement, and incident response. Consult legal counsel: Given the complexity and volatility of the regulatory environment, work with an attorney familiar with privacy, employment, biometrics, and AI regulations before deploying these wearables.
conclusion
AI glasses represent a game-changing technology with real business value, from hands-free information access to increased productivity and innovative customer experiences. The 210% increase in smart glasses shipments in 2024 shows its appeal. But legal risks are real and growing.
Organizations that fail to address these compliance concerns face not only regulatory penalties, but also class action lawsuits (BIPA damages alone can reach millions of dollars), reputational damage, loss of customer trust, and diminished employee confidence.
The key is to approach the deployment of AI glasses (and the deployment of similar technologies) with eyes wide open, understanding both the capabilities of the technology and the complex legal framework governing its use. With thoughtful policies, robust technical controls, continuous compliance monitoring, and respect for privacy rights, organizations can leverage the benefits of AI glasses while managing risk.
