How would a company decide that something should be “legitimate interest” vs “consent”?

EDIT: Definition of “Legitimate Interest”, when hovering over the question mark.

How does legitimate interest work?

Some vendors are not asking for your consent, but are using your personal data on the basis of their legitimate interest.

  • morgunkorn@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    8
    ·
    5 months ago

    This is a provision of the article 6 of the GDPR, which describes very broadly that you have to justify your legitimate interest with a fair reason to process user data. It is mostly there to allow for IT security, fraud prevention, but also marketing.

    Unfortunately, the way the regulation is written is quite imprecise and subject to interpretation. You can read this page, it will give you an insight on the possible interpretations:

    https://www.gdpreu.org/the-regulation/key-concepts/legitimate-interest/

    My understanding is that you have the choice between the following modes :

    • Consent = you allow for personalized data collection and ads integration can make use of any tracking information saved in your browser and on the servers of the third party provides
    • Legitimate interest = you allow for data collection without personalization, but the provider might still be context aware and provide for example ads based on broad information like your country, language etc
    • Nothing = you refuse any processing and connection to a third party server