What are common examples of “legitimate interests” that are relied upon by controllers?

Bryan Cave Leighton Paisner

The GDPR prohibits a company from processing personal data unless one of six “lawful purposes” are present.  One of those lawful purposes occurs when processing is necessary for a “legitimate interest pursued by the controller or by a third party.”1

While there are an infinite number of “legitimate interests” that controllers can point to when processing personal information, the following includes a non-exhaustive list of legitimate interests commonly utilized by controllers:

  • Debt collection;
  • Direct marketing;
  • Employee monitoring for management purposes;
  • Employee monitoring for safety;
  • Enforcement of legal claims;
  • Fundraising;
  • Management of whistle-blowing programs;
  • Network security;
  • Physical security;
  • Prevention of fraud;
  • Prevention of misuse of services;
  • Research and development; and
  • Unsolicited non-commercial messages.2

This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

1. GDPR, Article 6(1)(f).

2. WP 217 at 25.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bryan Cave Leighton Paisner | Attorney Advertising

Written by:

Bryan Cave Leighton Paisner

Bryan Cave Leighton Paisner on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.