

核心观点丨Core Viewpoint
AI视觉类穿戴设备的合规焦点,已经从“用户是否有权拍摄”转向“企业是否通过硬件、软件、平台、云端和算法,将第三人的影像、声音、位置、行为轨迹转化为可识别、可传播、可训练、可商业化的数据资产”。企业的有效抗辩,不应只依赖隐私政策,而应建立可被审计、可被举证的产品级控制。
The compliance focus for AI visual wearables has shifted from "whether the user has the right to take photos" to whether the enterprise, through hardware, software, platforms, cloud services, and algorithms, turns third-party images, voices, locations, and behavioral traces into data assets that can be identified, disseminated, trained on, and commercialized. An effective corporate defense should not rely only on a privacy policy; it should establish product-level controls that can be audited and proved with evidence.
作者丨Authors

杨夏鸣 律师丨Yang Xiaming
引言丨Introduction
企业真正需要回答的,不是“能不能拍”,而是“如何证明已经尽责”
带摄像头的智能眼镜、AI胸针、运动影像设备和工业巡检类可穿戴终端,正在把“拍摄”从一个主动动作,转化为持续、低感知、可计算的环境感知能力。对智能穿戴设备企业而言,合规问题不再只是用户是否有权拍照,而是企业是否在产品设计上降低了第三人对拍摄行为的感知能力,是否接触、存储、识别、分析、训练或分发了画面中的第三人数据,以及当被拍摄者并非设备用户时,企业能否证明自己已经尽到合理注意义务。
近期“智能眼镜成偷拍神器”的舆论,集中暴露了行业风险的典型结构:拍摄提示灯不够显著,提示机制可能被遮挡或改装配件绕过,品牌社区中出现未经授权拍摄路人、服务人员、乘客等内容,用户上传、平台审核、配件治理和产品防护没有形成闭环。相关报道还提示,监管治理已经从单个偷拍行为扩展到“设备生产—配件销售—App服务—内容传播—数据利用”的全链条治理。
本文以专业律师的实务视角,对AI视觉类穿戴设备的法律定性、裁判规则和企业落地治理进行重构。本文所称AI视觉类穿戴设备,主要包括带摄像头、麦克风、定位、视觉识别、语音交互、云端同步、内容社区或多模态AI能力的消费级和企业级穿戴终端。
What Enterprises Really Need to Answer Is Not "Whether Recording Is Allowed", but "How to Prove Due Care".
Smart glasses with cameras, AI pins, sports imaging devices, and industrial inspection wearables are turning "shooting" from an active act into a continuous, low-awareness, computable environmental sensing capability. For smart wearable device enterprises, compliance is no longer merely about whether users have the right to take photos. It is about whether the product design reduces third parties' ability to perceive recording, whether the enterprise accesses, stores, identifies, analyzes, trains on, or distributes third-party data appearing in images, and whether the enterprise can prove that it has fulfilled reasonable duties of care when the recorded person is not the device user.
Recent public concern that "smart glasses have become sneak-photography tools" exposes a typical structure of industry risk: recording indicators are insufficiently conspicuous; prompt mechanisms may be blocked or bypassed through modified accessories; brand communities contain unauthorized recordings of passersby, service staff, and passengers; and user upload, platform review, accessory governance, and product protection have not formed a closed loop. Related reports also indicate that regulatory governance has expanded from individual sneak-photography acts to full-chain governance covering device production, accessory sales, app services, content dissemination, and data use. See Reference [1].
From the practical perspective of a professional lawyer, this article reconstructs the legal characterization, adjudication rules, and implementation governance for AI visual wearables. In this article, AI visual wearables mainly refer to consumer-grade and enterprise-grade wearable terminals with cameras, microphones, positioning, visual recognition, voice interaction, cloud synchronization, content communities, or multimodal AI capabilities.
PART 01
行业现状:AI视觉穿戴设备的风险,不止是“偷拍”
01
从“主动拍摄”到“持续感知”:产品属性已经发生变化
传统手机拍摄通常具有较强的外部可感知性:用户拿起手机、对准对象、点击拍摄。AI视觉穿戴设备的镜头位置与人的视线方向高度重合,设备可能长期佩戴,拍摄动作可能只体现为轻触、语音、眨眼、手势或后台规则触发。由此,拍摄不再只是用户的一次性行为,而可能成为设备持续感知、记录、理解和生成内容的基础。
这种变化决定了合规审查不能停留在“用户协议中写了不得偷拍”。企业需要回答四个递进问题:第一,设备是否让周围第三人能够合理感知正在拍摄或录音;第二,企业是否接触影像、声音、位置、账号、设备标识和行为日志等数据;第三,企业是否通过算法将画面中的自然人转化为可识别、可检索、可画像的数据主体;第四,企业是否将数据用于推荐、社区分发、广告、模型训练或其他商业化目的。
02
合规风险呈现“民事、行政、刑事、舆情”叠加特征
AI视觉类穿戴设备一旦进入公共空间、办公场所、交通工具、酒店、医院、学校和家庭场景,风险不再单一。民事层面,可能涉及肖像权、隐私权、名誉权、个人信息权益和网络侵权责任;行政层面,可能涉及个人信息保护、网络数据安全、App治理、平台内容治理、消费者权益保护和市场监管;刑事层面,极端情况下可能与侵犯公民个人信息罪、非法控制计算机信息系统罪、非法生产销售使用窃听窃照专用器材犯罪等发生衔接;舆情层面,设备一旦被认知为“偷拍友好型产品”,品牌信任会快速受损。
因此,智能穿戴设备企业应当把这类产品纳入高风险数据产品,而不是普通消费电子产品。产品上市前需要形成数据地图、隐私影响评估、硬件防滥用测试、社区治理方案、训练数据准入规则和应急处置预案;产品上市后需要持续审计,不能把合规工作停留在立项时的一次性审查。

Industry Status: Risks of AI Visual Wearables Are Not Limited to "Sneak Photography"
01
From "Active Shooting" to "Continuous Sensing": Product Attributes Have Changed
Traditional mobile-phone photography usually has strong external perceptibility: the user picks up the phone, aims at the subject, and taps to shoot. The lens position of AI visual wearables highly overlaps with the direction of human sight; the device may be worn for long periods, and the shooting action may be reflected only in a touch, voice command, blink, gesture, or background rule trigger. As a result, shooting is no longer merely a one-time user act; it may become the basis for the device's continuous sensing, recording, understanding, and content generation.
This change means compliance review cannot stop at writing "no sneak photography" in the user agreement. Enterprises need to answer four progressive questions: first, whether the device enables surrounding third parties to reasonably perceive that recording or audio capture is occurring; second, whether the enterprise accesses data such as images, voices, locations, accounts, device identifiers, and behavioral logs; third, whether the enterprise uses algorithms to turn natural persons in images into identifiable, searchable, and profileable data subjects; and fourth, whether the enterprise uses the data for recommendation, community distribution, advertising, model training, or other commercial purposes.
02
Compliance Risks Show an Overlap of Civil, Administrative, Criminal, and Public-Opinion Risks
Once AI visual wearables enter public spaces, workplaces, vehicles, hotels, hospitals, schools, and homes, the risks are no longer singular. At the civil level, portrait rights, privacy rights, reputation rights, personal information rights, and online tort liability may be involved. At the administrative level, personal information protection, network data security, app governance, platform content governance, consumer rights protection, and market regulation may be involved. At the criminal level, extreme circumstances may connect with crimes such as infringement of citizens' personal information, illegal control of computer information systems, and illegal production, sale, or use of special equipment for eavesdropping or surreptitious photographing. At the public-opinion level, once a device is perceived as a "sneak-photography-friendly product", brand trust can quickly be damaged.
Therefore, smart wearable device enterprises should treat these products as high-risk data products, not ordinary consumer electronics. Before launch, enterprises should form a data map, privacy impact assessment, hardware anti-abuse testing, community governance plan, training-data admission rules, and emergency response plan. After launch, continuous audits are needed; compliance work cannot stop at a one-time review at project initiation.
PART 02
法律定性:智能穿戴设备企业可能同时具有四重身份
在争议发生后,企业常见抗辩是“设备由用户自主使用,企业无法控制用户行为”。该抗辩只在有限范围内成立。若企业仅销售离线硬件,且不接触、不存储、不分析、不传播数据,其责任边界相对清晰;但现实中的AI视觉穿戴设备通常同时连接App、云端、社区、算法模型和第三方SDK,企业往往已超出单纯硬件销售者的角色。
01
硬件及软件服务提供者
企业作为设备生产者和软件服务提供者,应当对产品功能、风险提示、权限控制、固件安全和售后更新承担合理注意义务。若企业明知设备可被低成本配件遮挡提示灯、第三方应用可绕过录音录像提示、固件可被破解关闭警示,却不采取合理措施,相关事实会成为认定企业未尽合理安全保障义务、未尽消费者风险提示义务或平台治理义务的重要依据。
02
个人信息处理者
根据《个人信息保护法》,个人信息处理者是自主决定处理目的、处理方式的组织或个人。企业只要通过App、云相册、账号系统、算法服务或后台日志,实际决定用户影像、声音、定位、设备标识、行为数据的处理目的和方式,即可能构成个人信息处理者。拍摄视频中的路人、服务人员、同事、客户、儿童等第三人,一旦能够被识别,相关影像、声音、位置和行为信息也可能属于个人信息。
03
网络平台服务提供者
如果企业运营品牌社区、云相册、短视频发布区、用户作品广场或内容推荐功能,企业还具有平台治理义务。对于明显涉及偷拍、跟拍、未成年人、私密空间、身体部位、侮辱评价、违法改装教程和黑灰产链接的内容,企业不能只以“用户上传”为由免责。平台是否建立审核规则、投诉入口、删除机制、账号处置和证据留存,会直接影响后续民事、行政和舆情责任评价。
04
AI服务或模型能力提供者
如果设备提供自动摘要、人物识别、语义搜索、视频生成、虚拟人、换脸、拟声、内容推荐或模型训练能力,企业还需要接受AI服务治理规则的审查。生成式人工智能服务要求训练数据具有合法来源,涉及个人信息的应取得个人同意或者具备法律、行政法规规定的其他处理依据;人工智能生成合成内容还涉及显式、隐式标识要求。
因此,智能穿戴设备企业应当把这类产品纳入高风险数据产品,而不是普通消费电子产品。产品上市前需要形成数据地图、隐私影响评估、硬件防滥用测试、社区治理方案、训练数据准入规则和应急处置预案;产品上市后需要持续审计,不能把合规工作停留在立项时的一次性审查。

律师实务提示
判断企业责任边界时,应优先绘制“数据处理事实图”,而不是只阅读隐私政策。核心问题包括:数据是否离开设备;企业是否能够访问原始影像;是否提取人脸、声纹、位置、场景标签;是否用于训练或推荐;是否向第三方提供;用户删除后企业是否同步删除或停止处理。

Industry Status: Legal Characterization: Smart Wearable Device Enterprises May Have Four Identities at the Same Time
After a dispute arises, a common corporate defense is that "the device is independently used by users and the enterprise cannot control user conduct". This defense is valid only within limited boundaries. If the enterprise merely sells offline hardware and does not access, store, analyze, or disseminate data, its liability boundary is relatively clear. But in reality, AI visual wearables are usually connected to apps, cloud services, communities, algorithmic models, and third-party SDKs, meaning that the enterprise often goes beyond the role of a pure hardware seller.
01
Hardware and Software Service Provider
As a device manufacturer and software service provider, the enterprise should bear reasonable duties of care regarding product functions, risk warnings, permission control, firmware security, and after-sales updates. If the enterprise knows that low-cost accessories can block indicator lights, third-party applications can bypass recording prompts, or firmware can be cracked to disable warnings, yet fails to take reasonable measures, these facts may become important bases for finding that the enterprise failed to fulfill reasonable safety protection obligations, consumer risk warning obligations, or platform governance obligations.
02
Personal Information Processor
Under the Personal Information Protection Law, a personal information processor is an organization or individual that independently determines processing purposes and methods. Once an enterprise, through apps, cloud albums, account systems, algorithm services, or backend logs, actually determines the processing purposes and methods for user images, voices, locations, device identifiers, and behavioral data, it may constitute a personal information processor. Third parties appearing in recorded video, such as passersby, service staff, colleagues, customers, and children, may also have personal information in the form of images, voices, locations, and behavioral information once they can be identified. See Reference [3].
03
Network Platform Service Provider
If the enterprise operates a brand community, cloud album, short-video publishing area, user works plaza, or content recommendation function, it also has platform governance obligations. For content clearly involving sneak photography, following shots, minors, private spaces, body parts, insulting comments, illegal modification tutorials, or black- and gray-market links, the enterprise cannot rely solely on "user upload" as an exemption. Whether the platform has established review rules, complaint channels, deletion mechanisms, account handling, and evidence retention will directly affect subsequent civil, administrative, and public-opinion responsibility assessments.
04
AI Service or Model Capability Provider
If the device provides automatic summaries, person recognition, semantic search, video generation, virtual humans, face swapping, voice imitation, content recommendation, or model training capability, the enterprise also needs to be reviewed under AI service governance rules. Generative AI services require training data to have lawful sources; where personal information is involved, individual consent or another processing basis prescribed by laws or administrative regulations should be obtained. AI-generated and synthetic content also involves explicit and implicit labeling requirements. See References [6][7].

Lawyer Practice Note
When determining the boundary of corporate responsibility, a "data processing fact map" should be drawn first, rather than merely reading the privacy policy. Key questions include whether data leaves the device; whether the enterprise can access original images; whether it extracts faces, voiceprints, locations, or scene tags; whether data is used for training or recommendation; whether it is provided to third parties; and whether the enterprise synchronously deletes or stops processing after user deletion.
PART 03
核心法律边界:六类高频场景的合规判断
01
公共场所拍到路人:公共空间不是人格权和个人信息的真空地带
公共场所拍到路人,并不当然构成违法,但也不当然合规。《民法典》保护自然人的肖像权,肖像是通过影像、绘画等方式在一定载体上反映的、特定自然人可以被识别的外部形象。法律允许在特定情形下合理使用肖像,例如为展示特定公共环境而不可避免地制作、使用、公开肖像,但关键限定是“合理”“必要”“不可避免”。
对智能眼镜而言,街景中的人群附带入镜,与对某个陌生人进行近距离拍摄、跟随拍摄、特写拍摄、上传社区、配文评价、商业推广、身份识别或模型训练,在法律评价上完全不同。前者可能属于公共环境中的附带拍摄,后者则可能同时触发肖像权、隐私权、个人信息权益、名誉权和平台治理责任。
企业实务上可以采用五项判断标准:一是是否能够识别到特定自然人;二是被拍摄者是否只是公共环境中的附带元素;三是拍摄和公开是否必要;四是是否存在商业化、标签化、评价性或侮辱性使用;五是传播范围和实际后果是否显著扩大。只要进入“可识别、可传播、可评价、可训练”的链条,企业就不应再以“公共场所”为主要合规依据。
02
进入私密空间、私密活动或私密信息:禁止性边界更加明确
《民法典》将隐私界定为自然人的私人生活安宁和不愿为他人知晓的私密空间、私密活动、私密信息,并禁止非法拍摄、窥视、窃听、公开他人的私密活动、私密部位和私密信息。酒店客房、住宅、卫生间、更衣室、诊疗室、宿舍、家庭空间、涉及身体私密部位或私密活动的场景,均属于AI视觉穿戴设备必须高度警惕的区域。
企业不能简单在用户协议中要求“不得在私密场所拍摄”即认为已经合规。对于消费级设备,可以通过醒目风险提示、敏感场景识别、地理围栏、录音录像持续提示、长时间后台拍摄限制等技术措施降低滥用风险;对于B2B设备,应在合同和产品后台中提供场景禁用、权限审批、拍摄日志、访问控制和自动删除策略。
03
人脸识别、声纹识别与行踪轨迹:高风险敏感个人信息处理
人脸、声纹、行踪轨迹、未成年人信息均可能构成敏感个人信息。处理敏感个人信息,应当具有特定目的和充分必要性,采取严格保护措施;基于个人同意处理的,还通常需要取得单独同意。对于AI视觉穿戴设备来说,从“拍摄影像”升级到“识别具体是谁”,风险强度会发生质变。
《人脸识别技术应用安全管理办法》进一步要求,处理人脸信息应当具有特定目的和充分必要性,采取对个人权益影响最小的方式;基于同意处理人脸信息的,应取得充分知情前提下自愿、明确作出的单独同意;除法律、行政法规另有规定或者取得个人单独同意外,人脸信息应存储于人脸识别设备内,不得通过互联网对外传输;使用前应进行个人信息保护影响评估。
这对消费级智能眼镜具有直接约束意义。若产品默认扫描周围路人、提取人脸特征、云端比对身份、生成陌生人标签或提供“人肉搜索式”检索,企业很难证明每一名被识别者已经知情并单独同意,也很难证明该处理具有充分必要性。企业更稳妥的路径,是将人脸能力限制在用户本人、本地相册内经用户主动管理的对象或特定B2B合规场景,并默认关闭陌生人识别、陌生人检索和公共空间身份推断。
04
云端同步、自动摘要与“个人记忆库”:从采集风险进入二次利用风险
AI视觉穿戴设备的商业价值,往往不在单纯拍摄,而在持续记录后的结构化分析:自动生成Vlog,识别人物和地点,总结会议,提炼消费偏好,形成个人记忆库,或者沉淀为多模态模型训练数据。此时,合规风险已经从“采集是否合法”延伸为“二次利用是否超出原目的”。
用户可以同意企业使用自己的账号数据和拍摄内容,但未必有权代表画面中的路人、同事、客户、乘客、服务人员、儿童或家庭成员同意企业进行人脸识别、语义标注、广告推荐或模型训练。企业若把用户上传的完整影像默认纳入训练集,容易形成授权链断裂:上传者授权不等于全部被摄者授权,用户同意不等于第三人同意,设备协议不等于场景内所有自然人同意。
建议企业在数据架构上设置“用户保存池、云端服务池、模型训练池”三层隔离。用户为个人记录而上传的原始影像,不应自动进入模型训练池;进入训练池的数据应经过来源合法性、权利授权、敏感性、去标识化、留存期限和删除可追踪性审查。即使采用去标识化处理,也应谨慎评估复识别风险,不能把“做过技术处理”当然等同于匿名化。
05
品牌社区与内容传播:平台不是用户自治空间
许多智能穿戴设备企业会建设配套App、云相册、用户社区、创作者平台或内容广场。只要平台允许上传、展示、推荐、评论和转发设备拍摄内容,企业就需要承担相应平台治理责任。对明显涉及偷拍、跟拍、搭讪、未成年人、医患、乘客、空乘、服务人员、私密空间、身体部位、门牌车牌、执法安保场景的内容,应设置更高审核标准。
从诉讼和监管角度看,平台是否“明知或应知”常常取决于具体治理动作:是否设置社区规则,是否有关键词和图像识别审核,是否开放非注册被拍摄者投诉通道,是否在合理时间内下架,是否处理重复违规账号,是否留存审核和处置记录。企业需要把社区治理从运营问题升级为合规问题。
06
隐蔽拍摄、改装配件和破解固件:可能触及行政与刑事风险边界
当设备外观接近普通眼镜、胸针、耳机时,越容易被用于隐蔽拍摄。一旦提示灯可被遮挡、提示音可被关闭、固件可被破解、第三方应用可绕过权限提示,设备就可能被舆论和监管认定为“偷拍友好型产品”。最高人民法院有关窃听、窃照设备犯罪典型案例已提示,窃听、窃照专用器材非法流入社会,不仅可能侵犯公民隐私和商业秘密,也可能危害公共安全和国家安全。
新修订的《治安管理处罚法》自2026年1月1日起施行,其中对非法安装、使用、提供窃听、窃照专用器材设置了行政处罚规则。对智能穿戴设备企业而言,虽然合规产品本身不当然等同于窃听、窃照专用器材,但企业不应在营销、功能设计或配件生态中暗示隐蔽拍摄用途,更不能放任绕过提示机制的配件、教程和软件插件在品牌生态内传播。

Core Legal Boundaries: Compliance Judgments in Six High-Frequency Scenarios
01
Capturing Passersby in Public Places: Public Space Is Not a Vacuum for Personality Rights and Personal Information
Capturing passersby in public places does not automatically constitute illegality, but it is not automatically compliant either. The Civil Code protects natural persons' portrait rights; a portrait is an external image of an identifiable natural person reflected on a certain carrier through images, drawings, or other means. The law permits reasonable use of portraits in specific circumstances, such as unavoidably creating, using, or publishing portraits to display a specific public environment, but the key limitations are "reasonable", "necessary", and "unavoidable". See Reference [2].
For smart glasses, incidental inclusion of crowds in street scenes is entirely different in legal evaluation from close-range shooting, following shots, close-ups, community uploads, evaluative captions, commercial promotion, identity recognition, or model training targeting a specific stranger. The former may be incidental shooting in a public environment, while the latter may simultaneously trigger portrait rights, privacy rights, personal information rights, reputation rights, and platform governance responsibility.
In practice, enterprises can use five criteria: whether a specific natural person can be identified; whether the recorded person is merely an incidental element in a public environment; whether recording and publication are necessary; whether there is commercialized, tagged, evaluative, or insulting use; and whether the scope of dissemination and actual consequences are significantly expanded. Once the chain becomes "identifiable, disseminable, evaluative, and trainable", the enterprise should no longer rely primarily on "public place" as its compliance basis.
02
Entering Private Spaces, Private Activities, or Private Information: Prohibitive Boundaries Are Clearer
The Civil Code defines privacy as a natural person's private life peace and private spaces, private activities, and private information that the person does not wish others to know, and prohibits illegal photographing, peeping, eavesdropping, and disclosure of others' private activities, private parts, and private information. Hotel rooms, residences, restrooms, changing rooms, consultation rooms, dormitories, family spaces, and scenes involving private body parts or private activities are all areas where AI visual wearables must exercise heightened caution. See Reference [2].
Enterprises cannot simply require in the user agreement that users "must not record in private places" and assume compliance is complete. For consumer devices, abuse risk can be reduced through conspicuous risk prompts, sensitive-scene recognition, geofencing, continuous audio/video recording prompts, and restrictions on long-duration background recording. For B2B devices, scenario disabling, permission approval, recording logs, access control, and automatic deletion strategies should be provided in contracts and product backends.
03
Face Recognition, Voiceprint Recognition, and Movement Traces: High-Risk Sensitive Personal Information Processing
Faces, voiceprints, movement traces, and minors' information may all constitute sensitive personal information. Processing sensitive personal information requires a specific purpose and sufficient necessity, along with strict protection measures. Where processing is based on personal consent, separate consent is usually required. For AI visual wearables, the risk intensity changes qualitatively when "recording images" is upgraded to "identifying who someone specifically is". See Reference [3].
The Measures for the Security Management of Facial Recognition Technology Applications further require a specific purpose and sufficient necessity for processing facial information, and that the method with the least impact on personal rights and interests be adopted. Where facial information is processed based on consent, separate consent should be obtained voluntarily and explicitly on the basis of full knowledge. Unless laws or administrative regulations provide otherwise or separate consent is obtained, facial information should be stored within facial recognition devices and may not be transmitted externally through the internet. A personal information protection impact assessment should be conducted before use. See Reference [4].
This directly constrains consumer smart glasses. If a product scans surrounding passersby by default, extracts facial features, compares identities in the cloud, generates stranger tags, or provides a "human flesh search" style retrieval function, it will be difficult for the enterprise to prove that every identified person has been informed and has separately consented, and also difficult to prove sufficient necessity. A safer path is to limit facial capabilities to the user themselves, objects actively managed by the user in a local album, or specific B2B compliance scenarios, and to disable stranger recognition, stranger search, and public-space identity inference by default.
04
Cloud Synchronization, Automatic Summaries, and "Personal Memory Libraries": From Collection Risk to Secondary Use Risk
The commercial value of AI visual wearables often lies not in mere recording, but in structured analysis after continuous recording: automatically generating vlogs, identifying people and places, summarizing meetings, extracting consumption preferences, forming personal memory libraries, or accumulating multimodal model training data. At that point, compliance risk extends from "whether collection is lawful" to "whether secondary use exceeds the original purpose".
Users may agree that the enterprise can use their own account data and recorded content, but they may not have the right to consent on behalf of passersby, colleagues, customers, passengers, service staff, children, or family members appearing in the images to the enterprise's facial recognition, semantic annotation, advertising recommendation, or model training. If an enterprise includes full images uploaded by users in training datasets by default, the authorization chain can easily break: uploader authorization is not authorization from all recorded persons; user consent is not third-party consent; and the device agreement is not consent from every natural person in the scene.
Enterprises are advised to establish three layers of data isolation: a user storage pool, a cloud service pool, and a model training pool. Original images uploaded by users for personal records should not automatically enter the model training pool. Data entering the training pool should be reviewed for lawful source, rights authorization, sensitivity, de-identification, retention period, and deletion traceability. Even if de-identification is used, re-identification risk should be carefully assessed; "technical processing has been performed" should not be equated with anonymization.
05
Brand Communities and Content Dissemination: Platforms Are Not User Self-Governance Spaces
Many smart wearable enterprises build supporting apps, cloud albums, user communities, creator platforms, or content plazas. As long as the platform allows uploading, displaying, recommending, commenting on, and reposting content recorded by devices, the enterprise must bear corresponding platform governance responsibility. For content clearly involving sneak photography, following shots, pick-up attempts, minors, doctor-patient scenes, passengers, flight attendants, service staff, private spaces, body parts, doorplates, license plates, law enforcement, or security scenes, higher review standards should be set.
From litigation and regulatory perspectives, whether the platform "knew or should have known" often depends on concrete governance actions: whether community rules are set, keyword and image recognition review is used, complaint channels are open to recorded persons who are not registered users, content is taken down within a reasonable time, repeat violator accounts are handled, and review and disposal records are retained. Enterprises need to upgrade community governance from an operational issue to a compliance issue.
06
Covert Recording, Modified Accessories, and Cracked Firmware: Possible Administrative and Criminal Risk Boundaries
When the device appearance resembles ordinary glasses, pins, or earphones, it is more easily used for covert recording. Once the indicator light can be blocked, prompt sound disabled, firmware cracked, or third-party applications used to bypass permission prompts, the device may be characterized by public opinion and regulators as a "sneak-photography-friendly product". Typical cases from the Supreme People's Court concerning crimes involving eavesdropping and surreptitious photographing devices have indicated that illegal circulation of such special equipment may infringe citizens' privacy and trade secrets, and may also endanger public safety and national security. See Reference [11].
The revised Public Security Administration Punishments Law will take effect on January 1, 2026, and sets administrative penalty rules for the illegal installation, use, or provision of special eavesdropping or surreptitious photographing equipment. For smart wearable enterprises, while compliant products are not automatically equivalent to such equipment, enterprises should not imply covert recording uses in marketing, functional design, or accessory ecosystems, nor allow accessories, tutorials, or software plugins that bypass prompt mechanisms to spread within the brand ecosystem. See Reference [12].
PART 04
审判实务:从裁判规则倒推企业注意义务
AI视觉穿戴设备相关争议尚处于快速发展阶段,但现有个人信息、人格权、AI换脸、人脸信息和窃听窃照设备案件,已经能够为企业合规提供清晰的裁判方向。企业不应只关注最终赔偿金额,而应重点理解法院如何评价“必要性、知情同意、识别性、传播后果、技术措施和证据留存”。

裁判规则一:生物识别信息保护从严,便利性不能替代必要性
“郭兵诉杭州野生动物世界案”是人脸识别纠纷的标志性案件。法院认为,生物识别信息作为敏感个人信息,深度体现自然人的生理和行为特征,具有较强人格属性,一旦泄露或非法使用,可能导致个人受到歧视或人身、财产安全风险;经营者处理此类信息,应当遵循知情同意和合法、正当、必要原则。最终,法院支持删除面部特征信息、指纹识别信息等请求。
对智能穿戴设备企业的启示是:产品从拍摄记录升级为人脸识别、熟人提醒、身份比对或场景记忆时,必须重新审查处理目的、必要性、告知内容、单独同意、替代方案、本地化处理和删除机制。企业不能以“提升体验”“提高效率”“行业惯例”替代必要性论证。

裁判规则二:公共场所不是人格权放弃场,核心仍是可识别性和传播后果
在公共场所拍摄产生争议时,司法审查通常不会仅以“地点公开”作出结论,而会进一步考察被拍摄者是否可识别、是否属于画面附带元素、拍摄和公开是否必要、是否存在特写或跟拍、是否附加评价性文字、是否造成传播扩散和人格利益损害。
这意味着,企业在社区治理和产品设计中不能把公共场所拍摄作为低风险场景处理。公共交通、商场、公园、学校周边、医院候诊区、酒店大堂、写字楼、机场和餐厅等地点,虽然具有开放性,但个体仍享有肖像、隐私、个人信息和生活安宁利益。

裁判规则三:AI换脸、拟声和深度合成场景中,“技术中立”抗辩空间有限
最高人民法院发布的利用网络、信息技术侵害人格权典型案例显示,未经授权使用他人肖像进行AI换脸、使用他人声音进行AI合成、非法买卖人脸照片和视频等行为,均可能侵害人格权益或触发刑事责任。司法机关在这类案件中强调,自然人的肖像、声音、人脸信息等人格利益受法律保护,技术服务的AI属性不能免除对人格权益的尊重义务。
对可穿戴设备企业而言,如果产品提供“自动生成视频”“替换人物”“声音克隆”“人物模板”“虚拟人生成”等功能,应当在功能边界、授权验证、内容标识、滥用检测和投诉处置上设置更高控制。尤其不能允许用户从公共空间随意采集他人脸部或声音后生成可传播内容。

裁判规则四:人脸照片和视频可以成为刑法保护的个人信息对象
最高人民法院相关典型案例明确,人脸照片、视频等公民个人信息也是刑法保护的对象;非法获取、出售或者提供人脸照片、视频等公民个人信息,情节严重的,可能构成侵犯公民个人信息罪。
因此,企业不得以“只是图片或视频,不是身份证号码”为由降低保护强度。智能眼镜采集的影像往往包含人脸、服饰、地点、同行关系、消费场所、时间戳和设备信息,经过关联分析后,识别性和敏感性可能高于普通静态信息。

裁判规则五:窃听窃照设备治理强调源头打击和全链条治理
在非法生产、销售、使用窃听、窃照设备犯罪典型案例中,法院强调此类器材非法流入社会的危害,并对改装、销售、使用等行为依法打击。对智能穿戴设备企业而言,即使合规产品与犯罪器材有本质区别,也必须防止产品功能、配件生态、社区内容和营销话术被用户或第三方改造成隐蔽拍摄工具。
实务中,企业应建立“监测—投诉—下架—封堵—取证—必要时报送”的闭环。发现遮挡提示灯配件、破解教程、关闭提示音插件、偷拍内容交易链接时,应及时向电商平台、应用商店或监管部门投诉,并通过固件升级、云端风控和账号限制阻断滥用。

裁判规则六:证据留存决定企业能否证明已经尽责
在个人信息和人格权争议中,企业能否证明已经履行告知、取得同意、采取技术保护措施、及时处理投诉、删除相关数据,往往直接影响责任评价。对AI视觉类穿戴设备企业而言,单纯提交隐私政策文本远远不够,还应保存产品设计评审记录、拍摄提示测试报告、权限调用日志、PIPIA报告、用户同意版本记录、审核和下架记录、训练数据准入记录、删除验证记录以及第三方处理协议。

Judicial Practice: Inferring Corporate Duties of Care from Adjudication Rules
Disputes related to AI visual wearables are still developing rapidly, but existing cases involving personal information, personality rights, AI face swapping, facial information, and eavesdropping or surreptitious photographing devices already provide clear adjudicatory direction for corporate compliance. Enterprises should focus not only on final damages amounts, but also on how courts evaluate necessity, informed consent, identifiability, dissemination consequences, technical measures, and evidence retention.

Rule 1: Biometric information is strictly protected; convenience cannot replace necessity.
The "Guo Bing v. Hangzhou Safari Park" case is a landmark facial recognition dispute. The court held that biometric information, as sensitive personal information, deeply reflects natural persons' physiological and behavioral characteristics and has strong personality attributes. Once leaked or illegally used, it may expose individuals to discrimination or personal and property safety risks. Operators processing such information should follow informed consent and the principles of lawfulness, legitimacy, and necessity. The court ultimately supported requests to delete facial feature information and fingerprint identification information. See Reference [9].
The implication for smart wearable enterprises is that when a product upgrades from recording to face recognition, acquaintance reminders, identity comparison, or scene memory, the processing purpose, necessity, notice content, separate consent, alternatives, localized processing, and deletion mechanisms must be re-reviewed. Enterprises cannot replace necessity analysis with "improving experience", "enhancing efficiency", or "industry practice".

Rule 2: Public places are not places where personality rights are waived; identifiability and dissemination consequences remain central.
When disputes arise from recording in public places, courts usually do not conclude solely based on the fact that the location is public. They further examine whether the recorded person is identifiable, whether the person is merely an incidental element in the image, whether recording and publication are necessary, whether there are close-ups or following shots, whether evaluative text is added, and whether dissemination and personality-interest harm have occurred.
This means enterprises cannot treat public-place recording as low-risk in community governance and product design. Public transport, shopping malls, parks, school surroundings, hospital waiting areas, hotel lobbies, office buildings, airports, and restaurants are open, but individuals still enjoy interests in portrait, privacy, personal information, and peace of life.

Rule 3: In AI face swapping, voice imitation, and deep synthesis scenarios, the space for a "technology neutrality" defense is limited.
Typical cases released by the Supreme People's Court on infringement of personality rights through networks and information technology show that unauthorized use of others' portraits for AI face swapping, use of others' voices for AI synthesis, and illegal trading of facial photos and videos may infringe personality rights or trigger criminal responsibility. Judicial authorities emphasize that natural persons' personality interests in portraits, voices, and facial information are protected by law; the AI nature of technical services does not exempt respect for personality rights. See Reference [10].
For wearable device enterprises, if products provide functions such as "automatic video generation", "person replacement", "voice cloning", "person templates", or "virtual human generation", stricter controls should be set for functional boundaries, authorization verification, content labeling, abuse detection, and complaint handling. In particular, users should not be allowed to casually collect others' faces or voices in public spaces and generate disseminable content.

Rule 4: Facial photos and videos may be objects of personal information protected by criminal law.
Relevant typical cases from the Supreme People's Court make clear that citizens' personal information such as facial photos and videos is also protected by criminal law. Illegal acquisition, sale, or provision of facial photos, videos, and other citizens' personal information may constitute the crime of infringing citizens' personal information if the circumstances are serious. See Reference [10].
Therefore, enterprises may not lower protection intensity on the ground that the data is "only images or videos, not identity card numbers". Images collected by smart glasses often include faces, clothing, locations, companion relationships, consumption venues, timestamps, and device information. After association analysis, their identifiability and sensitivity may be higher than ordinary static information.

Rule 5: Governance of eavesdropping and surreptitious photographing devices emphasizes source control and full-chain governance.
In typical criminal cases involving illegal production, sale, and use of eavesdropping or surreptitious photographing equipment, courts emphasized the harm caused by illegal circulation of such devices and punished modification, sales, and use in accordance with law. For smart wearable enterprises, even if compliant products are fundamentally different from criminal equipment, they must prevent product functions, accessory ecosystems, community content, and marketing language from being transformed by users or third parties into covert recording tools.
In practice, enterprises should establish a closed loop of monitoring, complaint, takedown, blocking, evidence preservation, and reporting where necessary. When accessories that block indicator lights, cracking tutorials, plugins that disable prompt sounds, or trading links for sneak-photography content are found, the enterprise should promptly complain to e-commerce platforms, app stores, or regulators, and use firmware upgrades, cloud risk control, and account restrictions to block abuse.

Rule 6: Evidence retention determines whether an enterprise can prove due care.
In disputes involving personal information and personality rights, whether the enterprise can prove that it provided notice, obtained consent, adopted technical protection measures, handled complaints in time, and deleted relevant data often directly affects responsibility assessment. For AI visual wearable enterprises, merely submitting privacy policy text is far from enough. They should also retain product design review records, recording prompt test reports, permission call logs, PIPIA reports, user consent version records, review and takedown records, training data admission records, deletion verification records, and third-party processing agreements.
PART 05
未来趋势:可信感将成为AI视觉设备的准入条件
从监管趋势看,AI视觉类穿戴设备的合规要求大概率会从“软件告知”走向“硬件强制”,从“用户自行负责”走向“企业共同治理”,从“隐私政策披露”走向“产品级可审计控制”。拍摄提示灯、录音录像状态、抗遮挡设计、物理开关、第三方应用权限、端侧模糊化、训练数据追溯、生成内容标识和投诉删除机制,将逐渐成为行业基本配置。
从商业竞争看,未来的AI穿戴设备市场不会只奖励“看得更清楚”的产品,也会奖励“让他人更放心”的产品。对企业而言,隐私保护不是创新的刹车,而是AI视觉设备进入公共空间、企业场景和长期用户关系的准入条件。
企业真正需要回答的问题,不是法律是否抽象禁止智能眼镜拍摄,而是:被拍摄者能否感知,用户能否控制,企业是否少收数据,敏感数据是否本地化,路人能否投诉和删除,平台是否阻止偷拍视频传播,模型训练是否有合法来源,一旦发生争议,企业能否拿出产品设计、技术措施、审核记录、同意记录和影响评估报告证明自己已经尽到合理义务。

Future Trends: Trustworthiness Will Become a Market Access Condition for AI Visual Devices
From the regulatory trend, compliance requirements for AI visual wearables are likely to move from "software notice" to "hardware enforcement", from "users are responsible for themselves" to "enterprise co-governance", and from "privacy policy disclosure" to "product-level auditable control". Recording indicator lights, audio/video recording status, anti-blocking design, physical switches, third-party app permissions, on-device blurring, training data traceability, generated content labeling, and complaint and deletion mechanisms will gradually become basic industry configurations.
From the perspective of commercial competition, the future AI wearable market will not only reward products that "see more clearly". It will also reward products that "make others feel safer". For enterprises, privacy protection is not a brake on innovation; it is a market access condition for AI visual devices to enter public spaces, enterprise scenarios, and long-term user relationships.
The real question enterprises need to answer is not whether the law abstractly prohibits smart glasses from recording, but whether recorded persons can perceive recording, users can control it, the enterprise collects less data, sensitive data is localized, passersby can complain and request deletion, the platform prevents the spread of surreptitious videos, model training has lawful sources, and, once a dispute occurs, the enterprise can produce product design materials, technical measures, review records, consent records, and impact assessment reports to prove that it has fulfilled reasonable obligations.
结语丨Conclusion
AI音乐不是法外之地,创作自由必须建立在权利边界之上
AI视觉类穿戴设备的价值不应被否定。它可以帮助用户记录生活、辅助无障碍沟通、提升工业巡检效率、优化远程协作和改善安全生产。但这类设备进入公共空间后,天然会与第三人的肖像、隐私、生活安宁和个人信息权益发生交叉。
对智能穿戴设备企业而言,合规不应被理解为法务部门在产品上市前补一份文件,而应被理解为贯穿硬件设计、固件权限、App交互、云端架构、算法训练、社区运营、第三方合作和售后处置的产品治理能力。真正稳健的企业,不是等到偷拍事件发生后再删除帖子、升级提示灯,而是在产品被滥用之前,就已经用技术、制度和证据链降低滥用空间。
The value of AI visual wearables should not be denied. They can help users record life, assist accessibility communication, improve industrial inspection efficiency, optimize remote collaboration, and improve safety production. But once such devices enter public spaces, they naturally intersect with third parties' portrait, privacy, peace of life, and personal information rights and interests.
For smart wearable device enterprises, compliance should not be understood as the legal department adding a document before launch. It should be understood as a product governance capability running through hardware design, firmware permissions, app interaction, cloud architecture, algorithm training, community operations, third-party cooperation, and after-sales handling. A truly robust enterprise does not wait until a sneak-photography incident occurs before deleting posts or upgrading indicator lights; before the product is abused, it has already used technology, systems, and an evidence chain to reduce the space for abuse.

作者简介丨About the Authors
杨夏鸣律师Yang Xiaming
极律工坊联合创始人ELW CO-Founder
领域:AI、数据合规、民商事、非诉

作者往期文章丨More from the Authors
极律工坊简介丨About ELW
特别声明丨Disclaimer
本文仅供一般信息参考,不构成针对具体案件的法律意见。如您需要就相关法律问题获得专业建议,请咨询执业律师。
如需转载或引用该等文章的任何内容,请私信沟通授权事宜,并于转载时在文章开头处注明来源于公众号“极律工坊ELW”及作者姓名。未经本团队书面授权,不得转载或使用该等文章中的任何内容。如您有意就相关议题进一步交流或探讨,欢迎与本团队联系。


夜雨聆风