If I send you a video camera and tell you to put it in your retail store and stream me the video and you put in your changing room and send me the data and I don't tell you to stop, am I free from liability?
Alternate analogy: an IoT thermometer vendor sells you a device to track temperature in your room, but you decide to stick it up someone's butt. Will the IoT vendor know the temperature reading is personal and rectal? Should they be held liable for not proactively attempting to scrub-out numbers which may represent gluteal climate?
It seemed flawed on first reading but I think this analogy holds if one assumes (for the sake of argument) that it’s Definitely Illegal to be accepting these readings. It would be pretty hard to be sure about filtering out arbitrary strings of numbers (ie SSN) when one is also intending to accept such strings.
I certainly hope I'm free from liability from you sending me illegal videos of naked people unless I've explicitly requested illegal videos of naked people.
More to the point, if companies are required to forensically analyse the hashes sent to their API endpoints to check they haven't received anything sensitive, the internet in its modern form would essentially cease to exist.
If you were doing that to millions of people and automatically analysing the video streams you get back for general trends then you wouldn’t really have a way to know that’s happening
If I send you a video camera and tell you to put it in your retail store and stream me the video and you put in your changing room and send me the data and I don't tell you to stop, am I free from liability?