Definition:
Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Example:
There are three elements to the legitimate interests basis. Before You use this legal basis, you need to:
- identify a legitimate interest; They can be your own (commercial) interests or the interests of third parties.
- show that the processing is necessary to achieve it; and
- balance it against the individual’s interests, rights and freedoms.
Source:
Article 6.1 f GDPR