What is legitimate interest in the GDPR?

Under Article 6 of the GDPR, there are six lawful bases to process personal data. These are – consent, contractual, legal obligation, vital interest, public task and legitimate interest.

The legal basis of legitimate interest means that businesses (the data controller) can process personal data if they have a legitimate interest i.e. a valid reason for doing so. An example cited by Recital 47 of the GDPR says:

“…the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”.

In Case C-13/16, the Court of Justice of the European Union (CJEU) noted that data processing based on “legitimate interests” is lawful only when three cumulative conditions are met:

The interest pursued by the controller should indeed be “legitimate”
The data processed must be necessary
There should be a balance between the controller’s legitimate interests and the fundamental rights and freedoms of the data subject

Start your compliance right away

14-day free trialCancel anytime

Get started for free

View plans

What is legitimate interest in the GDPR?

See also

Start your compliance right away

Get Started

Products

Solutions

Resources

Free Tools

Compare

Company

PartnersJoin us!

Legal

What is legitimate interest in the GDPR?

Related articles

See also

Start your compliance right away