The goal of this article, as stipulated by its title, is to bring this complex notion to the understanding of every privacy stakeholder. The protection of personal data has been a major preoccupation of the European legislators in recent years. Apart from data protection being a fundamental Human Right, it is worth noting that almost all the other fundamental Human Rights rely on personal data. For instance, if a person’s personal data such as name, address, bank details and location falls into wrong hands as a result inappropriate data protection policies, the damages may range from financial losses to bodily harm-thus affecting the individual’s right to property, life et cetera. It is for these reasons that the General Data Protection Regulation lays down conditions under which personal data must be processed, grants a list of rights to data subjects and fixes very heavy fines that await defaulters.
Among the lawful grounds for processing personal data, is the legitimate interest pursued by the controller. This ground is mostly used by online marketing companies. Considering that the GDPR gives no clear definition of "legitimate interest", this article provides a clear understanding of such interest, the circumstances under which it may arise, as well as a balancing exercise and guiding factors that would help in understanding whether the legitimate interest pursued by the controller actually overrides the fundamental rights and freedoms of the data subject-a precondition for processing personal data under such grounds.
Inhaltsverzeichnis (Table of Contents)
- INTRODUCTION
- Processing Personal data
- Lawfulness of the processing.
- Legitimate interest: not necessarily that of the controller
- AN UNDERSTANDING OF LEGITIMATE INTEREST..
- The GDPR and the notion of legitimate interest...
- The WP29 and the notion of legitimate interest
- WHEN SHOULD PERSONAL DATA BE PROCESSED UNDER LEGITIMATE INTEREST? ........
- The balancing exercise
- Factors determining the outcome of the balancing exercise
- THE BALANCING TABLE
- CONCLUSION
Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)
This article aims to clarify the complex notion of legitimate interest under Article 6(1)(f) of the GDPR. It provides a comprehensive understanding of the legal framework, focusing on the balancing exercise involved in determining the lawfulness of data processing based on this ground.
- The legal basis of legitimate interest in the GDPR
- The role of the WP29 (Working Party 29) in interpreting legitimate interest
- The balancing exercise: weighing the interests of the data controller against the interests of the data subject
- Factors influencing the outcome of the balancing exercise
- The concept of legitimate interest in relation to third parties
Zusammenfassung der Kapitel (Chapter Summaries)
The introduction lays out the importance of understanding legitimate interest within the context of the GDPR. It emphasizes the GDPR's far-reaching scope and the significance of lawful data processing. The first section defines personal data and processing under the GDPR, highlighting the challenges of identifying indirect identifiers.
The second section focuses on the lawfulness requirement and outlines the various lawful grounds for data processing under the GDPR. Legitimate interest is presented as a specific ground, often utilized by marketing companies.
The third section delves deeper into the concept of legitimate interest, emphasizing that it need not solely represent the interests of the data controller. The WP29's opinion on third-party legitimate interests is explored, including examples like public disclosure of data for transparency and scientific research.
The fourth section covers the crucial aspect of the balancing exercise, where the interests of the data controller are weighed against the interests of the data subject. It examines factors that determine the outcome of this exercise, such as the nature of the data, the purpose of the processing, and the potential risks to the data subject.
Schlüsselwörter (Keywords)
The key focus areas of this text include the GDPR, Article 6(1)(f), legitimate interest, data processing, data subject, data controller, balancing exercise, WP29, third-party interests, transparency, accountability, scientific research, and public disclosure.
- Quote paper
- Mario Egbe Mpame (Author), 2019, Processing personal data under Art. 6.1.f GDPR, Munich, GRIN Verlag, https://www.hausarbeiten.de/document/493853
