Legitimate interest is one of the six grounds for processing data under the European Union’s General Data Protection Regulation (GDPR). The flexibility and ambiguity of the term “legitimate interests” can be problematic; coupled with the lack of enforcement from legal authorities and different interpretations from the various data protection authorities, legitimate interests can be taken advantage of as a loophole to collect more user data.
‹ All reading
Investigating Deceptive Design in GDPR’s Legitimate Interest
“Legitimate interest” under GDPR can be a loophole for data collection due to ambiguity and varying interpretations. This research reveals 6 deceptive patterns in privacy notices, and a mismatch with user expectations.