|
|
|
|
|
|
by lwyr
2800 days ago
|
|
|
The legitimate interest has been around for a while. It was also a legal basis to process personal data under the 1995 Data Protection Directive which the GDPR replaced. If you are interested in learning more about the notion of legitimate interest and balancing it against the interests of individuals, there is a 2014 opinion from the body of EU data protection regulators that explains the concept with a number of examples. [1] > If a company sells something online they only really need your address & name for delivery + credit card details. That would likely be "necessary for the performance of a contract" which is also a legal basis to process personal data. [2] > I know of multiple companies where they prior to GDPR asked for explicit concent during signup for being allowed to send newsletters, but who post-GDPR dropped the concent and use 'Legitimate intrests' to justify it. Basically leaving the individual worse off. That could be a violation of the ePrivacy Directive which provides that email marketing requires consent. [3] [1] https://ec.europa.eu/justice/article-29/documentation/opinio... [2] See Article 6.1(b) GDPR at https://eur-lex.europa.eu/eli/reg/2016/679/oj [3] For information about how this rule is implemented in the UK, see: https://ico.org.uk/for-organisations/guide-to-pecr/electroni... |
|
|