Employers Face Biometric Privacy Risks From AI-Powered Smart Glasses
Legal experts warn employers about biometric privacy risks from AI smart glasses in the workplace.
Why it matters: Employers adopting AI-powered wearables must understand state biometric laws or risk costly litigation and penalties. Compliance is critical as these devices capture sensitive biometric data covertly.
- AI smart glasses can discreetly capture biometric data like facial geometry and voiceprints.
- Illinois BIPA imposes $1,000 to $5,000 in statutory damages per violation without written consent.
- Texas's CUBI law fines up to $25,000 per violation for unauthorized biometric data capture.
- Colorado’s HB24-1130 effective July 1, 2025, mandates consent and data retention policies for biometric data.
AI-powered smart glasses are gaining traction as workplace tools, but they raise significant privacy and legal concerns. These devices can quietly record audio and video, collecting biometric identifiers such as facial geometry and voiceprints without obvious notice to others. This covert data collection poses risks under state biometric privacy laws.
For instance, the Illinois Biometric Information Privacy Act (BIPA) requires private entities to obtain informed written consent before collecting biometric data. Violations carry statutory damages ranging from $1,000 per negligent breach to $5,000 per intentional breach.
Similarly, Texas's Capture or Use of Biometric Identifier Act (CUBI) prohibits biometric data collection for commercial purposes without consent, with fines up to $25,000 per violation enforced by the Attorney General.
Looking ahead, Colorado's HB24-1130, effective July 1, 2025, will require employers to get written consent and maintain biometric data retention policies.
Employers are also cautioned about recording workplace conversations without all-party consent in states that require it, which could expose them to legal liability. Unauthorized recording can erode workplace trust and harm employee collaboration and communication.
Legal experts advise employers to review and tailor policies on AI glasses to ensure they align with legitimate business needs while respecting employees' rights. As one firm states, policies should be "narrowly tailored and clearly tied to legitimate business justifications" to avoid infringing on employee protections.
The risks go beyond video; an employee wearing these devices could routinely collect confidential audio, video, and biometric information about colleagues, clients, or visitors unknowingly, increasing legal exposure.
By the numbers:
- $1,000–$5,000 — statutory damages under Illinois BIPA per violation
- Up to $25,000 — penalty per violation under Texas CUBI
- July 1, 2025 — effective date of Colorado HB24-1130 biometric privacy requirements
What's next: Employers should prepare for Colorado’s new biometric privacy law effective July 1, 2025, updating policies accordingly.