EDPB Guidelines on Processing Personal Data Based on Legitimate Interests
Summary
The European Data Protection Board (EDPB) has issued Guidelines 1/2024 for public consultation, focusing on the lawful processing of personal data under Article 6(1)(f) of the GDPR, specifically the 'legitimate interests' basis. The guidelines also address the relationship between this legal basis and data subject rights. The consultation period closes on November 20, 2024.
What changed
The European Data Protection Board (EDPB) has released Guidelines 1/2024 for public consultation, detailing the criteria controllers must meet to lawfully process personal data based on legitimate interests, as outlined in Article 6(1)(f) of the GDPR. These guidelines also clarify the interplay between this legal basis and various data subject rights under the GDPR. The document aims to provide clarity on when and how the legitimate interest ground can be applied.
Organizations that process personal data based on legitimate interests should review these guidelines and consider submitting comments by the deadline of November 20, 2024. Failure to align with the EDPB's interpretation could lead to increased scrutiny from data protection authorities and potential enforcement actions. This consultation provides an opportunity to influence the final guidance on a critical aspect of GDPR compliance.
What to do next
- Review Guidelines 1/2024 on processing personal data based on legitimate interests
- Submit comments on the guidelines by November 20, 2024
Source document (simplified)
Start Date: 09 October 2024 End Date: 20 November 2024 Public consultation reference: 10/2024 Public consultation closed These guidelines analyse the criteria set down in Article 6(1)(f) GDPR that controllers must meet to lawfully engage in the processing of personal data that is “necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
The guidelines also explain the relationship that exists between Article 6(1)(f) GDPR and a number of data subject rights under the GDPR.
Guidelines 1/2024 - Version 1.0 705KB English Download file 1 Summary: legitimate interest, when and how to apply it 351.5KB English Download file 2 Publication Type:
- Guidelines
Topics:
- Legal basis
The European Data Protection Board welcomes comments on the *Guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR.*
Such comments should be sent *20th November 2024 at the latest using the provided form.*
Please note that, by submitting your comments, you acknowledge that your comments might be published on the EDPB website.
The EDPB Secretariat staff screens all replies provided before publication (only for the purpose of blocking unauthorised submissions, such as spam), after which the replies are made available to the public directly on the EDPB public consultations’ page. Unauthorised submissions are immediately deleted. The attached files are not altered in any way by the EDPB.
Please, note that regardless the option chosen, your contribution may be subject to a request for access to documents under Regulation 1049/2001 on public access to European Parliament, Council and Commission documents. In this case the request will be assessed against the conditions set out in the Regulation and in accordance with applicable data protection rules.
All legal details can be found in our Specific Privacy Statement (SPS) .
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when EDPB Guidelines & Recommendations publishes new changes.