Webinar recording:⚖️Legitimate interest in practice

This is the recording of a one-hour webinar on the practical use of legitimate interest as a lawful basis. Our guest speaker was Daniel Vinerean, Managing Associate at D&B David si Baias and Senior Manager @ PwC - Data Protection Practice.

Main discussion topics

• 00:46 What role does legitimate interest play in the GDPR framework? 
• 01:53 Are there differences between EU GDPR and UK GDPR regarding legitimate interest? 
• 03:44 Are there exemptions from the balancing test in the EU? 
• 04:41 What is the status of the EDPB guidelines on legitimate interest? 
• 05:50 What are the key points and controversies in the EDPB guidelines? 
• 10:41 How authoritative are EDPB guidelines in practice? 
• 12:36 What are the most common situations where organisations rely on legitimate interest? 
• 17:04 Can employees object to processing based on legitimate interest? 
• 19:10 If someone unsubscribes, but later downloads another resource, can we reply again on legitimate interest to communicate with them? 
• 20:17 What are best practices for transparency when using legitimate interest? 
• 22:08 What common mistakes should be avoided in legitimate interest assessments? 
• 24:27 Who should perform the balancing test to ensure objectivity? 
• 26:42 What do regulators expect to see in a balancing test? 
• 30:00 How do you get the opinion of data subjects when performing a balancing test and should you? 
• 33:27 Have there been situations where legitimate interest could not be applied as expected? 

Questions from the audience: 

• 36:23 Can insurance expiry notifications be based on legitimate interest? 
• 38:04 How far can legitimate interest go in monitoring employees? 
• 39:33 Does withdrawing marketing consent also mean opting out of communications under legitimate interest? 
• 41:30 Should companies provide a copy of the legitimate interest assessment if consent opt-in is challenged? 
• 43:31 Can legitimate interest be invoked for using personal data in AI model training and data analysis? 
• 45:56 Is the ICO’s LIA template sufficient, or should it be supplemented? 
• 47:26 Could the EU adopt the UK’s “recognised legitimate interest”? 
• 49:11 Can legitimate interest in data protection be applied in other areas of law (e.g., sharing confidential information)? 
• 50:47 Is a LIA required for a contract with a supplier who provides additional information about the claims process or for the purposes of Know Your Customer process? 
• 53:24 Should companies periodically reconfirm interest when relying on legitimate interest for communications? 
• 56:01 Can employers use personal phone numbers and emails for work communication?