Legitimate Interest in the GDPR
One of the great imponderables of the #GDPR is the question under which conditions a controller may be allowed to process personal data on the basis of the „legitimate interest“ clause of Art. 6 (1) (f). The GDPR itself does not define what a „legitimate interest“ is, nor does it give guidance on how the balancing of controller’s and data subject’s interests has to be done. However, if you read the GDPR carefully, you find a couple of general criteria on how the legitimate interest has to be determined. And, moreover, you find a lot of legitimate interests that are somehow privileged (meaning that in case of doubt they might not be overridden by the interests or fundamental rights and freedoms of the data subject). This mindmap gives an overview of what the GDPR has to say with regard to #legitimateinterest.