The use of legitimate interests as a justification for processing personal data is controversial for some – I was recently accused of directly destroying privacy in the UK solely because I know what it is – and even rational people sometimes steer clear of it. Consent seems more certain and crucially, it’s ultimately not you who has to decide. But to the fury of some, legitimate interests exists and is an entirely lawful way to justify data processing.
The purpose of this session is to explain how it works – what exactly is allowed by LI? How do you balance your interests (or a third party’s) against the rights of the individual? Can you really just use data for commercial purposes without consent (SPOILER: yes, sometimes you can)? What does a healthy LI process look like? Who is allowed to decide? And what happens when someone objects to your decision? I’ll cover it all for you in an hour and a half.
- When legitimate interests doesn’t apply (other lawful bases)
- Legitimate interests vs consent – why you might use LI
- What is a legitimate interest? Can it be a purely commercial issue?
- The risks of using legitimate interests
- Legitimate interests and safeguarding
- Legitimate interests and dealing with public bodies including the police
- Legitimate interests of third parties – how do they work?
- Documenting a legitimate interests assessment – what records do you need to keep?
- Dealing with objections
- Possible changes in the Data Protection and Digital Information Bill