Skip Navigation

What makes it “Legitimate Interest“?

How would a company decide that something should be “legitimate interest” vs “consent”?

EDIT: Definition of "Legitimate Interest", when hovering over the question mark.

How does legitimate interest work?

Some vendors are not asking for your consent, but are using your personal data on the basis of their legitimate interest.

37 comments
  • Nothing, but if you scroll at the bottom of the form, you have a link to all vendors, and under each one what they consider their legitimate interest is. At least gdpr forced them into transparency, although it is so hidden and there are so many that probably 0.0000001% of people go and check

  • This is a provision of the article 6 of the GDPR, which describes very broadly that you have to justify your legitimate interest with a fair reason to process user data. It is mostly there to allow for IT security, fraud prevention, but also marketing.

    Unfortunately, the way the regulation is written is quite imprecise and subject to interpretation. You can read this page, it will give you an insight on the possible interpretations:

    https://www.gdpreu.org/the-regulation/key-concepts/legitimate-interest/

    My understanding is that you have the choice between the following modes :

    • Consent = you allow for personalized data collection and ads integration can make use of any tracking information saved in your browser and on the servers of the third party provides
    • Legitimate interest = you allow for data collection without personalization, but the provider might still be context aware and provide for example ads based on broad information like your country, language etc
    • Nothing = you refuse any processing and connection to a third party server
37 comments