Swedish journalists have uncovered that Ray-Ban Meta smart glasses automatically transmit audio, photo, and video data to Meta servers, and subsequently to a contractor in Nairobi, Kenya, where it is manually reviewed. The findings raise concerns about the extent of data collection and potential privacy breaches associated with the increasingly popular AI-powered eyewear.
According to reports from Svenska Dagbladet and Göteborgs-Posten, the glasses send data to a company called Sama, where workers are tasked with labeling the material to improve Meta’s artificial intelligence algorithms. Former employees of Sama described reviewing deeply personal content, including footage from bedrooms and living rooms, depicting intimate moments and everyday activities. Sources indicated that faces and bodies were often clearly visible in the recordings.
While Meta claims that such recordings are not intended for use in AI training and that sensitive data like faces and bank cards are automatically obscured, the investigation revealed inconsistencies in the system’s performance. Algorithms sometimes fail to adequately blur images, particularly in low-light conditions, leaving identifiable features exposed. Journalists independently verified that disabling data transmission halts AI functionality, presenting users with a trade-off between privacy, and features.
The investigation also highlighted the working conditions at Sama. Employees are reportedly subject to strict surveillance, with cameras in the office, a ban on personal phones, and a prohibition on discussing perform conditions, under threat of dismissal. Sama previously worked with OpenAI and Facebook, and past reports detailed the exposure of workers to disturbing content, including violent imagery. Compensation at Sama ranged from $1.32 to $2.00 per hour, and the company ceased content moderation in 2023 following complaints of trauma and stress, as reported by Time magazine.
The data transfer practices of Meta and its contractors may conflict with European data protection regulations, including the General Data Protection Regulation (GDPR). The GDPR mandates equivalent data protection standards for data processors, even those located outside of Europe. Sweden’s data protection authority, IMY, has stated that data processing in third countries must meet European standards. Currently, the EU has not recognized Kenya as providing an adequate level of data protection, potentially rendering the transfer of video data to Nairobi a violation of European law.
Meta has stated it utilizes a global infrastructure to support its worldwide operations. Yet, the legality of such data transfers remains contested. The findings raise questions about the security of user data in Europe and the extent to which users are aware of the data being collected and processed. Disabling data transfer effectively neuters the core AI features of the glasses, forcing users to choose between functionality and privacy.
