Global regulators and courts have intensified scrutiny on data processing, publishing detailed guidance on legitimate interest, data reuse, sector-specific protections, and AI content provenance. Notable outcomes include the EDPB’s legitimate interest case digest, the ICO’s reuse and RLI guidance, CNIL’s limits on audio in video surveillance, the Dutch AP’s cloud rules for health data, Washington’s AI provenance law, Utah’s genetic sequencing restrictions, and the KGM verdict against Meta and YouTube. #EDPB #KGM
Keypoints
- EDPB digest reinforces a three-step legitimate interest test requiring defined interest, necessity, and a balancing assessment.
- ICO guidance mandates documented compatibility assessments for data reuse and restricts Recognized Legitimate Interest to narrow statutory purposes.
- CNIL prohibits audio capture via video surveillance and allows separate audio only in narrowly defined, manually triggered scenarios with strict controls.
- Dutch AP guidance demands lifecycle risk assessments, robust processor contracts, and tested exit strategies for cloud processing of health data.
- US developments—Washington’s AI provenance law, Utah’s genetic sequencing restrictions, and the KGM verdict—increase disclosure, supply-chain, and liability obligations for platforms and AI providers.
Read More: https://keplernewsletter.substack.com/p/privacy-and-cybersecurity-64