Press Release 30 March 2017
Organisations need to know the “how, when and why”of Legitimate Interests under the General Data Protection Regulation
The Data Protection Network to offer new guidance for commercial and not-for-profit organisations on Legitimate Interests and GDPR
To offer support to the ICO in the run up to May 2018, and in the spirit of Industry and Regulator partnership, the Data Protection Network (DPN) has set up a Working Party, which includes the DMA, ISBA and cross-sector data protection and privacy specialists, to produce guidance for commercial and not-for-profit organisations on the use of Legitimate Interests under the General Data Protection Regulation (GDPR). An initiative that has been warmly welcomed by the Information Commissioner, Elizabeth Denham.
Guidance will include practical advice on:
• Understanding what Legitimate Interests are;
• Identifying areas of processing where Legitimate Interests may apply;
• Making Legitimate Interest Assessments (LIAs) that meet the crucial ‘Balance of Interests Condition’ threshold;
• Effectively and transparently communicating Legitimate Interests to consumers; and
• Supporting the individual’s right to object to processing under Legitimate Interests.
The guidance will cover a broad spectrum of uses of personal data to highlight potential risks and give clarity to individuals on why Legitimate Interests may be good for them as well as for businesses.
Members of the Working Party feel it is crucial for industry to step up and support the Regulator.
Robert Bond, Partner at Bristows LLP and Chairman of the Working Group said, “a cross-industry guide to using the Legitimate Interests condition to lawfully process personal data is both timely and necessary in order to support the work of the ICO in creating practical advice on consent and other lawful data processing mechanisms both now and under GDPR.”
Michael Bond, Data Protection Officer at GLH Hotels said, “the ICO has always been upfront in saying that it would need help from Industry to deliver practical and timely GDPR guidance. The message was clear; the ICO just wouldn’t have the time to do everything itself and Industry would need to roll up its sleeves and get stuck in. ISBA, DPN, and the DMA have dutifully listened to that message and turned up for work with a stellar line-up of experts”.
The DMA’s Managing Director Rachel Aldighieri said, “specifics for using legitimate interest are currently conspicuous by their absence from the ICO’s guidance. Marketers need to know the “how, when and why” of legitimate interests as a legal basis for contacting potential customers so they can better understand and better prepare their businesses to operate properly and compliantly under the GDPR from May 2018. The Information Commissioner, Elizabeth Denham, said she wants to work with industry to develop practical guides, which is why the DMA joined the Data Protection Network’s Legitimate Interests Working Party to work with the ICO and draft practical guides to help the industry.”
The Working Group’s draft guidance is expected to be submitted to the ICO for their review and comment in early April. (Update: the draft was submitted 10.04.17)
The DPN Legitimate Interests Working Group is producing the guidance on the basis of Article 40 (2) of the GDPR which states: “associations and other bodies representing categories of controllers or processors may prepare codes of conduct, or amend or extend such codes, for the purpose of specifying the application of this Regulation, such as with regard to … (b) the Legitimate Interests pursued by controllers in specific contexts.”
For further information contact – E: email@example.com
Robert Bond, Partner, Bristows LLP
Rosemary Smith, Owner, Opt-4
Michael Bond, Data Protection Officer, GLH Hotels
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance to the Data Protection Act 1998 or other statutory measures referred to in the document.