The use of legitimate interests as a justification for processing personal data is controversial for some – I was once accused of directly destroying privacy in the UK solely because I know what it is – and even rational people sometimes steer clear of it. Consent seems more certain and crucially, it’s ultimately not you who has to decide. But to the fury of some, legitimate interests exists and is an entirely lawful way to justify data processing.
The purpose of this session is to explain how it works – what exactly is allowed by LI? How do you balance your interests (or a third party’s) against the rights of the individual? Can you really just use data for commercial purposes without consent? SPOILER: yes, sometimes you can. What does a healthy LI process look like? Who is allowed to decide? And what happens when someone objects to your decision?
We’ll look at recent European court decisions and guidance from both the ICO and European Data Protection Board.
As part of the course, we’ll get some practice running LIAs, so bring your suggestions along.