- From: Črt Ahlin <crt.ahlin@datafund.io>
- Date: Thu, 8 Nov 2018 11:12:35 +0100
- To: me@harshp.com
- Cc: public-dpvcg@w3.org
- Message-ID: <CA+Cq4Qt6RNGpm5KYz9dPJvjMFrJXrjW5vumWwZwWMy5irRMBTA@mail.gmail.com>
Hello, There is a detailed description of "legitimate interests" scenarios etc. in : https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/when-can-we-rely-on-legitimate-interests/ Before using it as the basis for data processing, you should weigh benefits you get vs the impact on individual's rights via an "legitimate interest impact assesment": https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/legitimate-interests/how-do-we-apply-legitimate-interests-in-practice/ Hope this helps Best, Crt On Thu, Nov 8, 2018 at 10:53 AM Harshvardhan J. Pandit <me@harshp.com> wrote: > Thanks for the lucid clarifications Eva & Rigo! > So, coming as a non-legal layman, legitimate interest can be defined as > something upon which the provision of business/service/goods is based > on, and without which it cannot be provided/operated. And this should > not override the fundamental rights of the data subject as clarified by > the GDPR. > > However, I have found it very tricky to determine if something can be > classified as legitimate interest as not (makes sense, I don't have a > law degree), especially when looking at privacy policies that specify > some personal data as being "necessary". > > For the DPVCG, would we like to delve deeper to also provide a taxonomy > to specify terms associated with legitimate interest? And thus forth, > for other legal basis? > > I think this would postpone the first draft due to the work involved, > but can be something to note down, and perhaps work later? > > Best, > Harsh > > On 07/11/18 8:48 PM, Rigo Wenning wrote: > > On Wednesday, November 7, 2018 9:11:53 AM CET Eva Schlehahn wrote: > >> Second, they cannot simply diminish the data subject's right to > >> object wrt the direct marketing purposes. Article 21 para. 2 GDPR > >> explicitly says that the data subject *always* has a right to > >> object when data are processed for direct marketing purposes at > >> any time. This also affects any profiles that were built in the > >> context of such direct marketing. > > > > Adding to Eva... > > > > The cool part is that if you send them a DNT:1, you objected > > according to Art. 21 (5) GDPR, which is pretty powerful. In that > > case they can't overwrite the user's will with "legitimate > > interest". > > > > Legitimate interest is certainly not the legitimate interest of one > > party only. That would be easy as that would mean no GDPR > > whatsoever. Or every data collector could just define a "legitimate" > > interest in data collection and ignore the data subject. I don't > > think the main stream interpretation would support that ... > > > > --Rigo > > > > -- > --- > Harshvardhan J. Pandit > PhD Researcher > ADAPT Centre, Trinity College Dublin > https://harshp.com/ > >
Received on Thursday, 8 November 2018 10:18:01 UTC