Today in Surveillance:
- Texas AG Paxton opened an investigation into Meta's Ray-Ban smart glasses. He issued a Civil Investigative Demand after reports that subcontractors at Sama in Kenya had access to users' private moments (including bathroom visits). Meta plans to add facial recognition through a feature called "Name Tag." Paxton previously won a $1.4 billion settlement from Meta over unauthorized facial recognition on Facebook.
- Surveillance pricing bans are sweeping the country. Maryland, Colorado, and Connecticut have passed bans. California's AB 2564 is heading to a floor vote. Half of US states are considering legislation. Target already paid $5 million in a settlement.
- New York is advancing a BIPA-style biometric privacy act. Senate Bill S 1422 cleared committee and would require written consent before companies collect facial geometry, fingerprints, or iris scans. The state also passed a Facial Recognition Technology Study Act.
- California wants to lock your privacy settings in place. AB 2561 would ban apps and operating systems from undoing your privacy choices without explicit consent. It passed the Assembly unanimously.
- The Trump administration is fighting over who controls AI regulation. The national cyber director wants an AI evaluation center inside the Office of the Director of National Intelligence. Commerce Department officials want to keep it. The Washington Post calls it a "knife fight."
- FISA Section 702 expires in 22 days. Congress is back from recess with no reform bill advancing.
Texas AG Paxton Wants to Know What Meta's Glasses Are Really Watching
Texas Attorney General Ken Paxton launched a formal investigation into Meta's Ray-Ban smart glasses on May 20, issuing a Civil Investigative Demand (essentially a pre-lawsuit subpoena) to the company [1][2].
The investigation focuses on three concerns. First, the glasses' cameras and microphones collect video, audio, and facial geometry data. The small LED light that's supposed to signal recording is "easily hidden" and doesn't activate in the glasses' always-on mode, according to Paxton's office [1][2].
Second, and this is the ugly part, workers at Sama, Meta's subcontractor in Kenya, reportedly have access to users' private footage. One Sama employee told reporters that data annotators can see intimate moments including bathroom visits. Meta claims faces are automatically blurred, but Sama workers say that's inconsistent [1][3].
Third, Meta is developing a facial recognition feature internally called "Name Tag" that would let the glasses identify people captured by the cameras. That would turn every Ray-Ban Meta wearer into a walking surveillance camera that can put names to faces [1][4].
Paxton is the right AG to be filing this. In 2023, he won a $1.4 billion settlement from Meta over unauthorized facial recognition on Facebook, still one of the largest privacy settlements in history. Meta said it "respects and protects guests' personal information" and would address Paxton's questions [1][2].
The glasses start at $399 without displays, $799 with. That's a lot of money for a device that might be streaming your life to annotators in Nairobi.
Related: Meta's Kenya Contractor Footage Scandal | Senators Pressure Meta on Smart Glasses
Surveillance Pricing Bans Are Sweeping the Country. Your Grocery Bill Might Actually Get Fairer.
The idea is simple and infuriating: companies use your personal data (age, location, browsing history, app data) to figure out the maximum you'll pay, then charge you that. A Bay Area resident might pay $500 more per night for the same hotel room than someone booking from a cheaper zip code [5][6].
States are finally cracking down. Maryland became the first state to ban surveillance pricing on food when Governor Wes Moore signed the Protection From Predatory Pricing Act on April 28. Large grocery retailers and delivery services can't use personal data to set individual prices. Fines start at $10,000 [5][7].
Colorado and Connecticut have passed their own bans. California's AB 2564, authored by Assemblymember Chris Ward (D-San Diego) and backed by Consumer Reports, cleared committee with a 10-4 vote on May 14 and is heading to the Assembly floor. Michigan's HB 5771 is moving through committee. Roughly half of US states are considering similar legislation [5][6].
The practice isn't theoretical. Target paid a $5 million settlement over location-based pricing. An investigation into Instacart in December 2025 found the company was charging different prices for the same groceries based on user data. Instacart stopped after it was caught. The FTC is examining whether food delivery platforms disclose personalized pricing [5][6].
California AG Rob Bonta launched a formal investigation into surveillance pricing in January 2026. The House Oversight Committee followed with its own probe in March [6].
"This practice hits hardest for low-income individuals and shoppers," Ward told CalMatters. Algorithms target first-time parents, people in food deserts, and anyone whose data signals desperation [5].
New York Is Building Its Own BIPA. Companies Should Be Nervous.
New York Senate Bill S 1422, the Biometric Identifier Privacy Act, cleared the Consumer Protection Committee and was referred to the Internet and Technology Committee on May 12. It's modeled directly on Illinois' Biometric Information Privacy Act: the law that produced billions in settlements against Facebook, Google, and others [8][9].
The bill would require private companies to get written consent before collecting biometric identifiers: fingerprints, facial geometry, iris scans, voiceprints. Companies would need to publish retention and destruction policies. They'd be banned from selling, leasing, or profiting from biometric data. Violations would carry a private right of action, meaning individuals can sue directly [8][9].
Separately, the New York Senate passed the Facial Recognition Technology Study Act, sponsored by Senator James Sanders Jr., which would commission a study of how facial recognition is used across the state, a precursor to potential regulation [10].
The timing matters. May 29 is the deadline for bills to pass out of their chamber of origin in many state legislatures. New York, California, and New Jersey all have biometric and privacy bills racing the clock [11].
If New York passes a BIPA-style law, it would be the second state with a strong private right of action for biometric violations, and given New York's population and corporate density, the litigation wave would make Illinois look like a warm-up.
California Wants to Stop Apps From Secretly Undoing Your Privacy Settings
California's AB 2561 passed the Assembly unanimously and would do something deceptively simple: ban operating systems and apps from changing your privacy settings without asking [12][13].
You've dealt with this. You turn off location sharing, and an update quietly turns it back on. You opt out of personalized ads, and the next software version resets your preferences. AB 2561 says that's illegal. If you configured a privacy setting, no one gets to undo it without your explicit consent [12].
The bill also requires default privacy settings to be the most protective option available. Instead of opting out of tracking, you'd have to opt in [12][13].
This pairs with California's existing Opt Me Out Act, which went into effect January 1, 2026. Together, they create a framework where privacy is the default and companies need permission to weaken it, the opposite of how most tech products work today.
US Spy Agencies Want to Control AI Regulation. The Commerce Department Says No.
The Washington Post reported on May 11 that the Trump administration is "sharply split" over a proposal to give US intelligence agencies a central role in evaluating new AI models before they're released to the public [14][15].
The national cyber director pitched creating an evaluation center within the Office of the Director of National Intelligence. The logic: advanced AI models pose national security risks, so national security agencies should vet them. Commerce Department officials argue the evaluation role belongs with the Center for AI Standards and Innovation, which has already signed agreements with Google DeepMind, Microsoft, and Elon Musk's xAI for pre-deployment testing [14][15][16].
The stakes are significant. Whoever controls AI evaluation controls the pipeline: what gets released, what gets flagged, what gets delayed. Put that power inside the intelligence community, and you've created a mechanism for classifying AI capabilities assessments and blocking public scrutiny of the process [14].
Meanwhile, the broader numbers are staggering. Fortune reported on May 15 that US legislators have introduced over 1,200 AI-related bills with no coherent federal framework. States are filling the vacuum: Colorado sent four AI bills to the governor's desk, Georgia signed an AI chatbot safety law, and California has dozens in the pipeline [17].
What to Watch
- FISA Section 702 expires June 12 (22 days out). Congress is back from recess. The 45-day extension is ticking. Reform advocates want a warrant requirement; the White House wants a clean reauthorization. No bill is advancing in either chamber. Our Section 702 coverage.
- Take It Down Act: Day 3 of enforcement. The FTC portal at TakeItDown.ftc.gov is live. No public enforcement actions announced yet. Civil liberties groups remain concerned about the law's impact on encrypted platforms. Day 1 coverage.
- CPDP Brussels runs through May 22. GDPR's 10th anniversary conference continues with tracks on digital youth, IT security, and engineering privacy.
- May 29 state legislative deadline. Biometric privacy bills in New York, California, and New Jersey must pass their chambers of origin. Surveillance pricing bills in California and Michigan face the same clock.
- Disney facial recognition lawsuit. No hearing date set yet in the $5 million class action. Our full report.
Sources
- CBS Texas: Texas AG investigates Meta over AI glasses, citing privacy concerns (May 20, 2026)
- WFAA: Texas AG Ken Paxton launches investigation into Meta AI glasses over privacy concerns (May 20, 2026)
- National Law Review: Texas AG Opens Investigation Into Meta Glasses, Reviving Biometric Privacy Pressure (May 2026)
- Investing.com: Meta faces Texas privacy probe over smart glasses (May 2026)
- CalMatters: Why surveillance pricing bans are suddenly gaining traction (May 2026)
- California Legislature: AB-2564 Surveillance pricing
- NPR: Maryland becomes the first state to ban surveillance pricing for groceries (April 23, 2026)
- NY State Senate: S1422: Biometric Identifier Privacy Act
- Troutman Pepper: Proposed State Privacy and AI Law Update: May 18, 2026
- NY Senate: Passage Of Facial Recognition Technology Study Act (May 2026)
- Troutman Pepper: Proposed State Privacy and AI Law Update: May 11, 2026
- California Legislature: AB-2561 Operating systems and applications: privacy settings
- CalMatters Digital Democracy: AB 2561: Operating systems and applications: privacy settings
- Washington Post: In Trump administration battle over AI, U.S. spy agencies seek more power (May 11, 2026)
- Lawfare: The AI Regulation Knife Fight (May 2026)
- CNBC: Trump admin moves further into AI oversight, will test Google, Microsoft and xAI models (May 5, 2026)
- Fortune: The U.S. has 1,200 AI bills and no good test for any of them (May 15, 2026)