European Union: Closed consultation on EDPB guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR

Description

Closed consultation on EDPB guidelines 1/2024 on processing of personal data based on Article 6(1)(f) GDPR

On 20 November 2024, the European Data Protection Board (EDPB) closes a public consultation on the guidelines for processing personal data under Article 6(1)(f) of the General Data Protection Regulation (GDPR) on the use of legitimate interests as a lawful basis for processing. The guidelines apply to data controllers and processors operating within the European Union. The guidelines require meeting conditions, including pursuing a lawful and clearly defined legitimate interest, proving the necessity of the data processing, and ensuring that the interests of data subjects are not overridden by those of the controller or third party. The guidelines also highlight the need for controllers to conduct assessments, document their decision-making process, and ensure transparency by informing data subjects of the legitimate interests involved. The guidelines explore specific contexts such as fraud prevention, direct marketing, and information security where this legal basis might be invoked.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
supranational
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2024-10-09
in consultation

On 9 October 2024, the European Data Protection Board (EDPB) opened a public consultation on the gu…

2024-11-20
processing consultation

On 20 November 2024, the European Data Protection Board (EDPB) closes a public consultation on the …