Recognised legitimate interest

About this guidance

This guidance discusses recognised legitimate interest in detail. This complements the brief guidance on recognised legitimate interest.

If you haven’t yet read the brief guidance, read that first. It introduces this topic and sets out the key points you need to know, along with practical checklists to help you comply.

Read this detailed guidance if you have questions not answered in the brief guidance, or if you need more information to help you apply recognised legitimate interest in practice. This guidance is aimed at data protection officers (DPOs) and those with specific data protection responsibilities in larger organisations.

Contents

• What is the recognised legitimate interest basis?
  • What does the UK GDPR say about recognised legitimate interest?
  • What counts as a recognised legitimate interest?
  • What are the benefits of using recognised legitimate interest?
  • What’s the difference between recognised legitimate interest and legitimate interests?
  • What does necessary mean?
• When can we use recognised legitimate interest?
  • Why is it important to be clear what our purpose is?
  • Can more than one recognised legitimate interest condition apply at the same time?
  • Can public authorities use recognised legitimate interest?
  • Can we use recognised legitimate interest for children’s information?
  • Can we use recognised legitimate interest for special category data?
  • Can we use recognised legitimate interest for criminal offence data?
  • Can we use recognised legitimate interest to share people’s information?
  • Can we use recognised legitimate interest for automated decision-making?
• What are the recognised legitimate interest conditions?
  • Public task disclosure response condition

    • What is the public task disclosure response condition?

    • When is the public task disclosure response condition likely to be appropriate?

    • What does a valid request for personal information needed for tasks or functions look like?

    • How do we decide what’s necessary for this condition?

    • Can we decide not to share the information requested?

  • National security, public security and defence condition
    • What is the national security, public security and defence condition?
    • Is it appropriate to use recognised legitimate interest for national security, public security or defence purposes in every situation?
    • How do we apply the national security, public security and defence condition?
  • Emergencies condition
    • What is the emergencies condition?
    • Is it appropriate to use recognised legitimate interest in every emergency situation?
    • How do we apply the emergencies condition?
  • Crime condition

    • What is the crime condition?

    • Is it appropriate to use recognised legitimate interest for crime purposes in every situation?

    • How do we apply the crime condition?

  • Safeguarding condition

    • What is the safeguarding condition?

    • Is it appropriate to use recognised legitimate interest for safeguarding in every situation?

    • How do we apply the safeguarding condition?

    • How do we deal with changes in someone’s situation?

• What else do we need to consider?

  • What other data protection obligations apply?

  • What do we need to tell people?

  • Can people object if we use recognised legitimate interest?

  • What happens if our purpose changes?