What does "ground of legitimate interest" mean?

Reply

As a company/organization, you often need to process personal data in order to perform tasks related to your business activities. In that context, the processing of personal data may not necessarily be justified by a legal obligation or the processing of that data does not necessarily serve the performance of a contract with an individual. In such cases, the processing of personal data may be justified by a legitimate interest.

When your company/organization collects personal data, data subjects must be notified.

Your company/organization must also verify that the pursuit of its legitimate interest does not seriously prejudice the rights and freedoms of individuals. Where this is the case, your company/organization cannot invoke its legitimate interest as justification for processing the data and another legal basis must be found.

Example

Your company/organization has a legitimate interest when the processing takes place within a customer relationship, when it processes personal data for direct marketing purposes, to prevent fraud or to ensure the network and information security of its IT systems.

References

• Article 6; recitals 47, 48, 49 of the AVG

• Opinion 06/2014 of the Article 29 Data Protection Working Party on the concept of legitimate interest of the data controller in Article 7 of Directive 95/46/EC