Smart Glasses, Privacy, and Cybersecurity: Why Regulation Must Keep Pace
Wearable technology is moving beyond fitness trackers and smartwatches. The latest wave of AI‑powered smart glasses promises hands‑free navigation, real‑time translation, and augmented‑reality overlays. Yet, as Allan Juma, Senior Cybersecurity Engineer at ESET, explains in the latest Business Day Spotlight podcast, these devices also introduce novel privacy and security challenges that existing laws struggle to address.
How Smart Glasses Change the Privacy Landscape
Unlike a smartphone, which must be held or visibly pointed at a subject, smart glasses can record video and audio discreetly. The wearer’s line of sight becomes the camera’s viewpoint, making covert capture almost invisible to bystanders. Juma cites two recent incidents that illustrate the risk:
- In Kenya, a tourist used a pair of smart glasses to secretly record intimate encounters with local women, later uploading the footage to a public platform.
- A similar case emerged in Ghana, where recordings were shared on social media without the subjects’ consent, sparking public outcry and calls for stricter enforcement of privacy statutes.
These examples highlight a growing trend: the ease of “stealth recording” can facilitate digital abuse, non‑consensual pornography, and harassment. Because the device blends into everyday eyewear, observers often have no visual cue that they are being filmed.
Cybersecurity Vulnerabilities of Wearable Displays
Beyond privacy, smart glasses present a tangible attack surface. If compromised, an attacker could:
- Intercept the wearer’s audiovisual feed in real time, gaining access to confidential conversations or proprietary data.
- Inject malicious overlays that mislead the user—for instance, displaying false financial figures during a boardroom presentation.
- Use the device’s built‑in microphone and camera as a foothold for lateral movement into corporate networks.
Juma notes that such capabilities elevate the risk of corporate espionage, especially for high‑level executives, politicians, and researchers discussing sensitive material. The potential for a “man‑in‑the‑middle” attack on a wearable display is a scenario that traditional endpoint security solutions often overlook.
Current Legal Frameworks in South Africa
South Africa already possesses several statutes that touch on data protection and cybercrime:
- Protection of Personal Information Act (POPIA) – governs the lawful processing of personal data, requiring consent for recording individuals.
- Cybercrimes Act – criminalises unauthorized access to data, interception of communications, and the distribution of harmful electronic communications.
- Upcoming AI Act framework – still under discussion, aims to regulate high‑risk AI systems, which could include AI‑driven image‑processing in smart glasses.
Nevertheless, Juma stresses that “technology trumps legislation.” The rapid evolution of wearable hardware often outpaces the ability of lawmakers to draft precise, enforceable rules. As a result, gaps remain—particularly concerning real‑time data interception and the classification of biometric data harvested by smart glasses.
Toward Proactive, Collaborative Regulation
To close these gaps, the podcast concludes with a call for a multi‑stakeholder approach:
- Governments should draft technology‑neutral statutes that focus on harms (e.g., non‑consensual recording, unlawful interception) rather than prescribing specific devices.
- Technology companies must embed privacy‑by‑design and security‑by‑design principles, offering features such as hardware‑based shutters, encrypted local storage, and clear visual indicators when recording is active.
- Legal experts and academia can provide evidence‑based research on emerging threats, helping regulators anticipate future scenarios.
Juma points to the European Union’s General Data Protection Regulation (GDPR) as a model where principles like data minimisation and purpose limitation have driven manufacturers to adopt stricter safeguards. Similar outcomes could be achieved in Africa through regional cooperation, perhaps under the auspices of the African Union’s Convention on Cyber Security and Personal Data Protection.
Practical Steps for Users and Organizations
While legislative efforts evolve, individuals and businesses can reduce risk today:
- Disable recording functions when not needed and use physical lens covers.
- Ensure firmware is up‑to‑date; manufacturers often patch known vulnerabilities.
- Employ network segmentation so that wearable devices cannot directly access critical corporate systems.
- Conduct regular privacy impact assessments before deploying smart glasses in employee‑facing roles.
By combining proactive policy, responsible design, and vigilant usage, society can reap the benefits of augmented reality without sacrificing fundamental rights to privacy and security.
References
- ESET. “Threat Landscape Report 2023.” https://www.eset.com/int/threat-report-2023/
- Statista. “Smart glasses shipment volume worldwide from 2019 to 2025.” https://www.statista.com/statistics/1104468/smart-glasses-shipment-volume-worldwide/
- African Union. “Convention on Cyber Security and Personal Data Protection (Malabo Convention).” https://au.int/en/treaties/malabo-convention
- South African Government. “Protection of Personal Information Act, 2013 (Act No. 4 of 2013).” https://www.justice.gov.za/legislation/acts/2013-004.pdf
- South African Government. “Cybercrimes Act, 2020 (Act No. 19 of 2020).” https://www.justice.gov.za/legislation/acts/2020-019.pdf


