Legitimate interests (LI) is one of the lawful basis for processing personal data. The ICO say it is appropriate “where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”. The three parts to the test to identify a LI have been put into a mind map to act as a quick reference.
Click on the image to view the full-size mind map.
You can use the Checklist on the ICO website page to go through the steps for using LI.
The Data Protection Network also has a useful document on LI; you need to register to access it.
Some points to be aware of:
- The processing must be necessary and a targeted and proportionate way of achieving your purpose. You cannot rely on legitimate interests if there is another reasonable and less intrusive way to achieve the same result
- You must balance your interests against the individual’s interests. In particular, if they would not reasonably expect you to use data in that way, or it would cause them unwarranted harm, their interests are likely to override yours. However, your interests do not always have to align with the individual’s interests. If there is a conflict, your interests can still prevail as long as there is a clear justification for the impact on the individual
- include information about LI in privacy notices