Smart glasses have arrived in the mainstream faster than most employers have noticed. Today’s versions from Meta, Ray-Ban, Xreal, and others are nearly indistinguishable from ordinary eyewear and that invisibility is precisely what creates the problem.
For most tech-savvy individuals, the capabilities won’t come as a surprise: high-definition cameras, built-in microphones, AI-powered OCR, real-time translation, and augmented reality overlays. What may be less familiar is the legal exposure these devices create for businesses when they appear, unannounced, in a meeting room, on a factory floor, or at a client briefing.
The legal framework is already in play
Under UK GDPR and the Data Protection Act 2018, video footage and voice recordings constitute personal data from the moment of capture. The transparency principle is fundamental, and covert recordings may breach UK GDPR where there is no appropriate lawful basis or where the recording is disproportionate to the purpose for which it was made.
Depending on the reason for the recording and how it’s used, employees may become data controllers in respect of that data, with the related obligations under data protection law.
The Human Rights Act 1998 extends Article 8 rights to the workplace. An employee who discovers they have been recorded without consent may, depending on the circumstances and their reasonable expectation of privacy, have grounds to pursue privacy-related claims.
Serious breaches can attract fines of up to £17.5 million or 4% of global annual turnover, whichever is higher. ICO investigations and compensation claims sit alongside that risk, as does reputational damage that no fine schedule adequately captures.
The intellectual property dimension
Smart glasses may significantly increase the risk of unauthorised capture of confidential information. An employee can easily capture product designs, process documentation, financial data, and client information while appearing to do nothing more unusual than wear spectacles. Evidence of that theft typically sits on a personal device, often beyond the reach of routine IT monitoring.
In regulated sectors where confidentiality is fundamental, including finance, healthcare, law and any business handling commercially sensitive data, the ability to covertly record or transmit information creates risks that existing technology policies were not written to address.
What contracts and policies need to say
Employment contracts should explicitly address recording devices, including smart glasses, and specify that covert recording without legitimate justification may constitute gross misconduct leading to summary dismissal.
That said, employers should acknowledge in those same contracts that recording may be justified in specific circumstances, such as capturing evidence of discrimination or serious safety violations, since blanket prohibition without that nuance may not hold at tribunal.
BYOD policies require updating to specifically cover wearable technology. Where use is permitted, written authorisation should be required, with employees confirming they will not activate recording functions on work premises. The practical difficulty, of course, is that compliance is hard to verify, and some devices cannot be configured to selectively disable recording.
For businesses handling highly confidential information, a carefully drafted prohibition, subject to limited and clearly defined exceptions, is likely to be the most defensible position (subject to proportionality and the specific circumstances). Any policy should set out clearly where, when and how wearable technology may be used, how data captured by those devices is handled and what the consequences of a breach are.
Training for managers and HR staff should not be overlooked. They need to understand that covert recordings may be admitted as tribunal evidence and to conduct workplace interactions with that reality in mind.
The window for preparation is now
The technology has developed faster than the regulatory framework designed to govern it and further AI integration will accelerate that gap. Waiting for an incident before updating contracts and policies is the highest-risk strategy available, when the exposure is already present.
