Legitimate Interest
A legal basis under GDPR for processing personal data when an organization has a justified business reason that doesn't override the individual's rights.
What Legitimate Interest means
Legitimate interest is one of six legal bases for processing personal data under GDPR Article 6. It allows data processing when the organization has a genuine and lawful reason (legitimate interest), the processing is necessary for that purpose, and the individual's fundamental rights and freedoms don't override the interest. In advertising, legitimate interest is sometimes claimed for direct marketing to existing customers, B2B marketing, and analytics — but its applicability to programmatic advertising and behavioral targeting is highly contested. Regulatory guidance generally indicates that legitimate interest is insufficient for cross-site tracking, profiling for ad targeting, and data sharing with third-party ad networks. A legitimate interest assessment (LIA) must be documented, balancing the organization's interests against the data subject's rights. Over-reliance on legitimate interest without proper assessment is a common compliance failure.
Related terms
Consent
A user's explicit or implied permission for data collection, processing, or advertising targeting, required by privacy regulations.
GDPR
The General Data Protection Regulation — the EU's comprehensive data protection law governing how personal data is collected, processed, and stored.
Data Controller
The entity that determines the purposes and means of processing personal data, bearing primary responsibility under GDPR.
Data Protection Impact Assessment
A formal assessment required by GDPR for data processing activities that pose a high risk to individuals' privacy rights.