When going through the cookie settings for a website or an app, some of the cookies are marked as “legitimate interest”. What exactly does that mean?

  • @[email protected]
    link
    fedilink
    43 months ago

    The GDPR prohibits processing of personal data, unless there is a legal basis for it. Personal data covers a lot more than you think, as does processing.

    What counts as a legal basis may be seen in Article 6 of the GDPR. Consent is one option, but it must be informed and freely given; a very high bar. If you have a legitimate interest, you may process data without prior consent. However, you must still provide the “data subject” with information and give them the option to opt out. They must tell you the legal basis, which they have done, but also what exactly that their interest is. (And a couple more things.) There should be a statement somewhere containing that information.

    The GDPR gives “direct marketing” as an example of a legitimate interest. Some DPOs interpret the term extremely narrowly, though. It’s a contentious issue. The courts will work it out over the next few years.