This is the recording of a one-hour webinar on the practical use of legitimate interest as a lawful basis. Our guest speaker was Daniel Vinerean, Managing Associate at D&B David si Baias and Senior Manager @ PwC - Data Protection Practice.
Main discussion topics
- 00:46 What role does legitimate interest play in the GDPR framework?
- 01:53 Are there differences between EU GDPR and UK GDPR regarding legitimate interest?
- 03:44 Are there exemptions from the balancing test in the EU?
- 04:41 What is the status of the EDPB guidelines on legitimate interest?
- 05:50 What are the key points and controversies in the EDPB guidelines?
- 10:41 How authoritative are EDPB guidelines in practice?
- 12:36 What are the most common situations where organisations rely on legitimate interest?
- 17:04 Can employees object to processing based on legitimate interest?
- 19:10 If someone unsubscribes, but later downloads another resource, can we reply again on legitimate interest to communicate with them?
- 20:17 What are best practices for transparency when using legitimate interest?
- 22:08 What common mistakes should be avoided in legitimate interest assessments?
- 24:27 Who should perform the balancing test to ensure objectivity?
- 26:42 What do regulators expect to see in a balancing test?
- 30:00 How do you get the opinion of data subjects when performing a balancing test and should you?
- 33:27 Have there been situations where legitimate interest could not be applied as expected?
Questions from the audience:
- 36:23 Can insurance expiry notifications be based on legitimate interest?
- 38:04 How far can legitimate interest go in monitoring employees?
- 39:33 Does withdrawing marketing consent also mean opting out of communications under legitimate interest?
- 41:30 Should companies provide a copy of the legitimate interest assessment if consent opt-in is challenged?
- 43:31 Can legitimate interest be invoked for using personal data in AI model training and data analysis?
- 45:56 Is the ICO’s LIA template sufficient, or should it be supplemented?
- 47:26 Could the EU adopt the UK’s “recognised legitimate interest”?
- 49:11 Can legitimate interest in data protection be applied in other areas of law (e.g., sharing confidential information)?
- 50:47 Is a LIA required for a contract with a supplier who provides additional information about the claims process or for the purposes of Know Your Customer process?
- 53:24 Should companies periodically reconfirm interest when relying on legitimate interest for communications?
- 56:01 Can employers use personal phone numbers and emails for work communication?