When the Microphone Lives on Your Face: Smart Glasses in the Workplace and the Clinic

The newest generation of smart glasses, which includes Meta’s Ray-Ban line, the Ray-Ban Display, Google’s Android XR devices, and a growing field of competitors, has quietly changed a legal assumption that decades of privacy doctrine were built on: that recording someone is a visible, deliberate act. When the camera and microphone live on a person’s face, always on and indistinguishable from ordinary eyewear, the social and legal “friction” of pulling out a phone disappears. The gesture that once put a subject on notice is gone.

For lawyers advising employers, especially those in regulated industries, such as healthcare, that shift matters more than it may appear at first. There is no federal statute, and virtually no state statute, that addresses smart glasses as such. Instead, the devices fall under a patchwork of statutes written for earlier technology, wiretap and eavesdropping laws, HIPAA, biometric privacy acts, the National Labor Relations Act, and common-law privacy torts. Each of those frameworks carries embedded assumptions about notice, consent, and conspicuousness that the form factor strains. This article maps the principal exposures and offers practical guidance for counsel drafting policies and advising clients.

1. Wiretap and Eavesdropping Laws

Every analysis of a recording device starts with federal and state wiretap law, and smart glasses are no exception.

The federal baseline. The federal baseline is the federal Wiretap Act, as amended by the Electronic Communications Privacy Act (18 U.S.C. § 2510 et seq.), which prohibits the intentional interception of oral, wire, and electronic communications. Still, it permits recording where at least one party to the communication consents. 18 U.S.C. § 2511(2)(d). A wearer who is a participant in the conversation generally satisfies the federal standard simply by being present. It is worth noting, however, that the federal law is a floor, not a ceiling, leaving states free to impose stricter requirements, and many have.

All-party consent states. Thirteen states require the consent of all parties to record a private conversation, though each state has its own statute with specific qualifications and penalties, including: California (Cal. Penal Code § 632, “confidential communications”); Connecticut (Conn. Gen. Stat. 53a-187 requiring all-party consent for telephonic and electronic communications but follows a one-party rule for in-person conversations); Delaware (Del. Code tit. 11, 1335); Florida (Fla. Stat. § 934.03), Illinois (720 ILCS 5/14-2); Maryland (Md. Code, Cts. & Jud. Proc. 10-402); Massachusetts (Mass. Gen. Laws ch. 272, 99); Michigan (Mich. Com. Laws 750.539c narrowed by judicial interpretation); Montana (Mont. Cod Ann. 45-8-213); New Hampshire (N.H. rev. Stat. 570-A;2); Oregon (Or. Rev. Stat. 165.540); Pennsylvania (18 Pa. Cons. Stat. 5704); and Washington (Wash. Rev. code 9.73.030).

Several others sit on the boundary. For example, Nevada has been read to require all-party consent for telephone calls, and Oregon takes the opposite position, requiring all-party consent for in-person oral communications while allowing one-party consent for electronic communications. Counsel should treat the “thirteen states” shorthand as a prompt to check the specific statute and the specific mode of communication, not as a reliable rule.

Audio versus video.  Whether the recording contains audio or just video is the single most important practical point in the wiretap analysis. Most wiretap and eavesdropping statutes reach oral (audio) communications, not silent video. (This is why most security cameras record just videos and have to have employee acknowledgment and sign off if they record audio.) Pure video capture in a public or semi-public space generally falls outside wiretap law. However, it may implicate video-voyeurism statutes where the recording occurs in a place carrying a strong expectation of privacy, such as restrooms, locker rooms, exam rooms, and fitting rooms (see, e.g., the federal Video Voyeurism Prevention Act, 18 U.S.C. § 1801, on federal property, and analogous state statutes). The critical issue for smart glasses is that the moment a device captures audio alongside video, as most do by default, the entire conversation is pulled back into the wiretap domain, and the all-party-consent analysis applies even where the video alone would have been permissible.

Why does the form factor undermine the usual defenses? Recorders ordinarily rely on implied consent: in a one-party state, a subject who knows a recording is occurring. The speaker continues to speak, and it is generally treated as having consented. That defense is built on visibility. With smart glasses, there is typically no perceptible cue that recording is underway, which means the implied-consent and “reasonable knowledge” theories that ordinarily protect a recorder may be unavailable. The invisibility that makes the devices appealing is the same feature that strips away the wearer’s strongest legal defense.

2. Smart Glasses in the Workplace

The workplace smart glasses present employers with two distinct problems that should be analyzed separately: (1) employees wearing recording-capable devices, and (2) employees using them to record colleagues, supervisors, or management.

No-recording policies and the NLRA. An employer’s instinct to flat-out ban recording-capable devices collides with Section 7 of the National Labor Relations Act (NLRA), which protects employees’ right to engage in protected concerted activity, including, in many circumstances, documenting working conditions, wage discussions, and safety hazards. The Board’s current framework comes from Stericycle, Inc., 372 NLRB No. 113 (2023), which overruled the more employer-friendly Boeing Co. standard. Under Stericycle, a facially neutral work rule is evaluated from the perspective of an economically dependent employee who contemplates engaging in Section 7 activity; if the rule could reasonably be read to chill that activity, it is presumptively unlawful, and the employer must rebut the presumption by showing a legitimate and substantial business interest that a more narrowly tailored rule cannot serve.

The practical news for employers is encouraging at the margins. Recent administrative decisions suggest that narrowly drawn no-recording policies can survive even under Stericycle. In January 2026, an NLRB administrative law judge dismissed a complaint challenging United Parcel Service’s recording policy, finding that the General Counsel had not carried the threshold burden of showing the rule had a reasonable tendency to chill Section 7 rights (United Parcel Service, 12-CA-340701 (2026)); a separate ALJ decision around the same time upheld a “No Recording Devices” policy on similar reasoning. The decisions distinguish surviving policies, those limited in time and place (work areas during work time), tied to articulated confidentiality, trade-secret, and privacy interests, from the broad, unlimited bans the Board has historically struck down. Counsel drafting these policies should tie them to specific business justifications (i.e., protection of PHI, trade secrets, customer data, and the privacy of coworkers and customers), confine them to work time and work areas, and avoid sweeping prohibitions on all recording everywhere at all times.

In addition, in GC Memorandum 25-07 (June 2025), the NLRB’s Acting General Counsel took the position that the surreptitious recording of collective-bargaining sessions is a per se violation of the duty to bargain in good faith under Sections 8(a)(5) and 8(b)(3), a meaningful constraint on glasses-enabled recording at the bargaining table. While the NLRB has at times suggested that federal labor law can preempt state two-party-consent statutes when recording serves a protected purpose, the issue is unsettled and is not reliable.

Surreptitious recording in investigations. For employers conducting workplace investigations, smart glasses cut both ways. A complainant or witness may surface a covert recording as evidence of harassment, retaliation, or a hostile environment, evidence that can be powerful but may itself have been obtained in violation of an all-party-consent statute, raising both admissibility questions and the risk that the recording becomes a separate liability event. Investigators should be alert to the provenance of any recording offered as evidence, document how it was obtained, and weigh the jurisdiction’s consent rule before relying on it. The same analysis applies to an employer that records investigatory interviews: in an all-party state, the interviewee’s informed consent should be obtained and memorialized.

Confidentiality, trade secrets, and BYOD.  Independent of the NLRA, recording-capable wearables threaten trade-secret protection (the reasonable-secrecy measures required under the Defend Trade Secrets Act and state UTSA analogs), contractual confidentiality obligations to customers, and on-screen data that may include third-party personal information. A modern bring-your-own-device or acceptable-use policy should expressly address wearable recording devices rather than leaving them to be inferred from phone-era language.

Safety. In settings involving operating machinery, driving, or other hazardous tasks, an always-on heads-up display poses a distraction risk that may affect OSHA general-duty obligations and distracted-driving exposure for employees who drive. Policies governing safety-sensitive roles should address the devices directly.

Biometric Privacy and Facial Recognition

The capability that most clearly separates AI eyewear from a smartphone is real-time identification. Although mainstream manufacturers have not yet shipped built-in facial recognition, and Meta’s reported internal push to add an opt-in “identification” feature has drawn sharp criticism, the underlying capability has already been demonstrated by independent developers pairing the glasses with public face-search tools to identify strangers on sight. That capability brings the biometric privacy statutes squarely into play.

Three states have dedicated biometric statutes, with Illinois’s being the most significant and consequential. The Illinois Biometric Information Privacy Act (740 ILCS 14) requires informed written consent before a private entity may collect a biometric identifier, including a scan of face geometry, and, critically, provides a private right of action with statutory damages. Texas’s Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001) and Washington’s biometric statute (RCW 19.375) impose related obligations but channel enforcement through the state attorney general. The stakes are not hypothetical. Recently, Meta paid $650 million to settle BIPA claims in Illinois and $1.4 billion to resolve biometric claims brought by Texas.

An employer that deploys, or permits employees to deploy, wearables that process facial geometry can find itself collecting biometric identifiers, including if it is solely by an employee through the doctrine of respondeat superior where an employer is responsible for the actions of its employee. In Illinois, that exposure gives rise to a plaintiff-friendly cause of action that does not require proof of actual harm. Washington’s separately enacted My Health My Data Act adds another layer for any biometric or health-adjacent data that falls outside HIPAA.

3. Healthcare Settings: The Highest-Risk Environment

Hospitals, clinics, and provider offices concentrate nearly every exposure discussed above and add HIPAA on top of that. This is the setting in which counsel should advise the most conservative posture.

HIPAA reaches visual and verbal PHI, not just records. Protected health information (PHI) under the Privacy and Security Rules (45 C.F.R. Parts 160 and 164; PHI defined at 45 C.F.R. § 160.103) includes information in visual and oral form. A device that incidentally captures a patient’s face, a name on a chart or wristband, a monitor or computer screen displaying results, or a conversation about diagnosis or treatment has captured PHI. For a covered entity, an inadvertent capture and onward transmission can constitute an impermissible disclosure, and the liability runs to the organization, not only to the individual wearer, because the Security Rule obligates covered entities to maintain physical and technical safeguards against exactly this kind of leakage.

Who HIPAA binds, and who it does not.  HIPAA regulates covered entities and their business associates; it does not regulate patients or ordinary visitors. A patient who records their own clinical encounter, or a visitor wearing smart glasses in a waiting room, is generally not violating HIPAA. The provider’s exposure is of a different character: it is the failure to safeguard the environment and the risk that a staff member’s device transmits PHI to a non-compliant platform. This distinction frequently confuses clients, who assume HIPAA prohibits patient recording; in fact, the more reliable basis for restricting patient and visitor recording is facility policy and, in all-party-consent states, the eavesdropping statute itself.

Consumer devices cannot be HIPAA conduits.  A practical reason to keep consumer smart glasses out of clinical workflows is that their data ecosystems are not built for PHI. Meta, for example, does not sign business associate agreements, so routing any PHI through that environment cannot be brought into compliance. Where recording into a covered entity’s environment is contemplated for treatment, education, or telemedicine, the device and its data pipeline must satisfy the Security Rule, encryption of PHI at rest and in transit, access controls, and a BAA with any vendor that creates, receives, maintains, or transmits PHI on the entity’s behalf.

Legitimate clinical use is possible with discipline. This is not an outright prohibition. Provider organizations are increasingly using wearables and ambient documentation for treatment, telementoring, and clinical education, and the better institutional policies (UW Medicine’s published wearable-technology guidance is a useful model) permit it under defined conditions:

• the technology must be vetted as HIPAA-compliant;
• the patient must be informed at the outset of the encounter because the recording may not be apparent;
• the recording should be limited to the clinically relevant subject (the procedure or wound, not the surrounding environment);
• the data must remain within the covered entity and be shared only with authorized personnel; and
• ·only the minimum necessary PHI should be used, stripping identifiers entirely for education and training where identity is not essential.

Notably, recording for treatment purposes is often folded into the general consent-to-care. It does not require separate authorization, whereas recording for marketing, research, or external sharing does.

The ambient-AI-scribe parallel.  The same diligence framework now governs the rapid adoption of ambient AI clinical-documentation tools that listen to and transcribe patient encounters. Whether the microphone sits in a pair of glasses or in a ceiling sensor, the analysis is the same: a signed BAA, vendor security diligence, patient notice, and attention to state all-party-consent rules for the audio capture itself.

Substance-use disorders’ additional layers. It is worth noting that substance-use-disorder records require heightened protection under 42 C.F.R. Part 2, with consent requirements stricter than HIPAA’s. State medical-confidentiality statutes, state genetic- and reproductive-privacy laws, and, in all-party-consent states, the eavesdropping statute applied to exam-room conversations all stack on top of HIPAA. And because OIG and DOJ compliance-program guidance treats documented policies and safeguards as evidence of an effective compliance program, the absence of a wearable-device policy is itself a compliance vulnerability.

4. Disability Accommodation: ADA Title I and Title III

So far, everything discussed provides a mechanism for prohibiting such recording technology; however, the Americans with Disability Act (ADA) and analogous state laws present another perspective. Put another way: smart glasses are not only consumer technology and a surveillance risk; they are increasingly capable assistive devices, and a categorical prohibition that ignores that fact creates its own substantial exposure.

Smart glasses as assistive technology. The current generation of AI eyewear can function as a meaningful accommodation across multiple disability categories. For individuals with low vision or blindness, applications such as Be My Eyes, Aira, and OrCam-style integrations provide live human- or AI-assisted descriptions of the environment, optical character recognition of printed text, and navigation cues; built-in magnification and contrast features serve users with partial vision loss. For deaf and hard-of-hearing users, the devices can display live captions and real-time transcription of nearby speech, providing access to conversations that traditional hearing aids cannot provide. For individuals with cognitive, memory, or attention-related disabilities, smart glasses can deliver task prompts, reminders, and step-by-step guidance. Counsel evaluating a workplace or facility policy should expect to see all of these uses arrive in accommodation requests.

Title I: employee accommodations. Under ADA Title I, an employer must provide a reasonable accommodation to a qualified individual with a disability unless doing so would impose an undue hardship. The EEOC’s 2023 Technical Assistance Document, Visual Disabilities in the Workplace and the Americans with Disabilities Act, expressly identifies wearable video magnifiers, digital recorders and apps, smartphone and tablet applications with built-in accessibility features, wayfinding and tracking devices, and prescription versions of workplace equipment as illustrative reasonable accommodations, language broad enough to encompass modern smart glasses configured for accessibility.

There are two logical consequences. First, an employer’s no-recording or no-wearable-device policy cannot serve as a categorical bar to a smart-glasses-based accommodation that is otherwise reasonable. The interactive process required by the ADA is not optional. An employer that refuses an accommodation request without engaging in dialogue and without an individualized assessment of whether the device can be permitted under appropriate conditions has likely violated the ADA, regardless of how lawful the underlying recording policy is in the abstract. The right answer is almost never “no”; it is “yes, subject to defined conditions,” for example, permitting the device but disabling the camera, limiting use to non-confidential areas, requiring transcription to be stored locally and purged, or providing a functionally equivalent device or service.

Second, the Stericycle analysis discussed above and the ADA analysis converge on the same drafting practice: narrowly tailor the rule, articulate the business justification, and build in a documented accommodation pathway. A policy structured that way is more likely both to survive NLRB scrutiny and to demonstrate ADA compliance.

Undue hardship is fact-specific and demanding to establish; cost alone is rarely decisive, and the inquiry considers the employer’s overall resources. Generalized confidentiality or security concerns will not carry the burden; the employer must show why this accommodation, for this employee, in this role, creates a significant difficulty that cannot be addressed through reasonable conditions. Confidentiality of the accommodation itself is also required: under EEOC guidance, an employer may not disclose to coworkers that an employee is receiving an ADA accommodation, which means the notice given to other meeting participants when a transcription device is in use should refer generically to an assistive device, not to the disability.

Title III: patients, customers, and the public. Title III obligates places of public accommodation, a category that expressly includes hospitals, professional offices of healthcare providers, and a broad sweep of retail, service, recreational, and lodging establishments, to make reasonable modifications to policies, practices, and procedures when necessary to afford the goods and services they offer to individuals with disabilities, unless the modification would fundamentally alter the nature of those goods or services. A blanket no-recording-devices rule applied without modification to a patient or customer using smart glasses as assistive technology is exactly the kind of policy that triggers the duty.

The fundamental-alteration defense is narrow and fact-specific, and the “direct threat defense,” which permits exclusion only where the individual poses a significant risk to the health or safety of others that cannot be eliminated by reasonable modification, requires an individualized, evidence-based assessment, not generalized privacy concerns.

In a clinical setting, a provider can almost always identify a reasonable modification that protects other patients’ PHI while still accommodating the requestor: limiting use to the patient’s own exam or treatment room, requiring the camera to be off in shared spaces, or providing an equivalent in-house captioning or interpretation service that achieves the same functional access. The wrong answer, and the one most likely to draw a complaint or an OCR investigation, is a flat refusal.

Section 504 and state-law overlays. Section 504 of the Rehabilitation Act imposes parallel obligations on recipients of federal financial assistance, which sweeps in virtually every hospital that participates in Medicare or Medicaid. Section 1557 of the Affordable Care Act applies analogous nondiscrimination requirements to covered health programs. Many state disability-rights statutes (California’s FEHA and Unruh Act, New York’s State and City Human Rights Laws, and others) impose broader duties or provide more plaintiff-friendly remedies than the federal floor, and their interactive-process expectations sometimes differ as well. Counsel should run the state-law overlay separately in every matter.

Where the ADA collides with HIPAA, wiretap law, and biometric statutes. These regimes appear to pull in different directions, but they can be reconciled if they are addressed at the design stage rather than at the point of refusal:

• HIPAA and Title III in clinical settings. Allow assistive smart glasses, but condition their use on location (the patient’s private exam or treatment room) and on feature limits (camera disabled or directed only at the patient, audio confined to the encounter). Document the modification in the patient record. That satisfies Title III’s reasonable-modification duty without exposing other patients’ PHI and without converting the device into a HIPAA conduit.

• Wiretap law and Title I in all-party-consent states. Where a captioning or transcription accommodation is permitted, the employer should provide notice to other meeting participants that an assistive device is in use; their continued participation supports implied consent under most all-party-consent regimes and resolves the apparent tension between the accommodation and the eavesdropping statute. As noted above, the notice should not identify the disability.

• BIPA and accommodation requests. If the assistive functionality requires the processing of face geometry (for example, recognition to identify colleagues for an employee with prosopagnosia), the Illinois statute’s written-consent and notice requirements apply to anyone whose biometrics are processed. Counsel should first evaluate whether the same accommodation can be delivered through a non-biometric pathway and, if not, structure the consent flow with care.

Ultimately, the duty to accommodate does not concede to the duty to protect privacy, and neither concedes to the other. They must be designed together.

5. Other Exposures Worth Flagging

There are also a number of common laws that pose risks, including the common-law privacy torts, including intrusion upon seclusion, public disclosure of private facts, and appropriation or right of publicity, which can support claims where smart glasses capture or distribute someone’s image or private affairs without consent. The right-of-publicity claim is especially relevant where captured footage is used commercially.

On the other hand, the First Amendment protects the right to record public officials performing their duties in public, which can protect glasses-enabled recording of police and government activity even in jurisdictions with restrictive eavesdropping statutes.

Finally, evidentiary admissibility is an analysis in its own right. A recording obtained in violation of an all-party-consent statute may be inadmissible and may expose the proponent to suppression or counterclaims; counsel should never assume that a recording’s evidentiary value cures the illegality of its acquisition. Premises and policy considerations also matter: private property owners, gyms, theaters, casinos, hospitals, and employers may bar recording devices as a condition of entry, and a patron who refuses can be excluded or removed without any wiretap analysis at all.

6. Practical Guidance for Counsel

Because legislation lags behind technology, the most useful advice for clients is to act through policy now. A defensible smart-glasses and wearable-recording policy, whether for an employer, a healthcare provider, or a venue, should address the following:

• Scope by time and place. Define where the devices are permitted and where they are categorically prohibited (restrooms, locker rooms, exam and treatment areas, secure or trade-secret zones), and, in the employment context, confine no-recording rules to work time and work areas to satisfy Stericycle.
• Articulate the business interest. State the specific justifications (e.g., PHI protection, trade secrets, customer data, coworker and patient privacy, and safety). The rule can be defended as narrowly tailored rather than a blanket ban.
• NLRA Section 7.Avoid language that could be read to bar protected concerted activity, and consider an express savings clause.
• Address notice and consent. In all-party-consent states and in any clinical recording, require affirmative, documented consent at the outset of the encounter, recognizing that the device’s recording will not be visually apparent.
• Govern the data.Require encryption at rest and in transit, define retention and access limits, and prohibit transmission of sensitive data to platforms not covered by an appropriate BAA or vendor agreement.
• Vet vendors. For any clinical or PHI-adjacent use, execute a BAA and conduct security diligence; consumer-grade devices and ecosystems that will not sign BAAs should be excluded from PHI workflows entirely.
• Build a defensible accommodation process. Anticipate that smart glasses will arrive as requested assistive technology for vision, hearing, and cognitive disabilities, and design the policy so the answer can be a conditioned yes, permit the device while configuring it (camera disabled, audio confined to the encounter, geographic limits, local-only data storage) to address the underlying privacy and confidentiality concerns. Document the ADA Title I interactive process and, for places of public accommodation, the Title III reasonable-modification analysis. A flat refusal is the single largest source of ADA exposure in this area.
• Set an enforcement ladder. Spell out the consequence, warning, removal of the device, denial of entry, discipline, and apply them consistently.

Take Aways

Smart glasses do not create a new body of law so much as they expose the seams in the existing one. Existing legal frameworks were built around assumptions that AI-enabled eyewear now challenges all at once:

• Wiretap statutes assume a visible act of recording.
• HIPAA assumes safeguards a covered entity can control.
• Biometric statutes assume an identifiable moment of collection.
• The NLRA assumes a rule an employee can read and react to.
• The ADA assumes that accommodating a disability and protecting privacy are problems that can be solved together.

The defining feature of AI eyewear — that it records without anyone noticing, while simultaneously offering some users functional access they have never had before — pressures each of those assumptions at once.

Until legislatures respond with technology-specific rules, the burden falls on counsel to:

• translate aging statutes onto a new fact pattern; and
• help clients manage the exposure through well-drafted, narrowly tailored policies.

The clients who wait for the law to catch up will be the ones explaining, after the fact, why they had no policy at all.