Legitimate Interest

Legitimate interest is one of six lawful bases for processing personal data under GDPR (Article 6(1)(f)). It allows processing when necessary for the legitimate interests of the controller or a third party, except where overridden by the interests, rights, or freedoms of the data subject. A Legitimate Interest Assessment (LIA) should be conducted with three tests: Purpose test (is there a legitimate interest?), Necessity test (is the processing necessary?), and Balancing test (do the individual's rights override the interest?). Common examples of legitimate interest include: fraud prevention, network security, direct marketing to existing customers, and intra-group data transfers. It cannot be used where consent is more appropriate or where processing special category data.