What Is Legitimate Interest?
Legitimate Interest is a legal basis under the GDPR permitting the processing of personal data where it is necessary for interests pursued by the controller or a third party, provided those interests are not overridden by the individual's rights and freedoms.
Legitimate Interest — a legal basis under the GDPR permitting the processing of personal data where it is necessary for interests pursued by the controller or a third party, provided those interests are not overridden by the individual's rights and freedoms.
Legitimate interest is the most flexible of the GDPR's six lawful bases, but it requires a documented three-part balancing test (purpose, necessity, and balancing against the individual's rights). It is frequently relied on for AI model training, but regulators expect a genuine assessment and an easy way for people to object. Public authorities cannot use it for their core tasks.
Source: GDPR (Regulation (EU) 2016/679), Article 6(1)(f)
Plain-language explanation
Legitimate interest is the most flexible of the GDPR's six lawful bases, but it requires a documented three-part balancing test (purpose, necessity, and balancing against the individual's rights). It is frequently relied on for AI model training, but regulators expect a genuine assessment and an easy way for people to object. Public authorities cannot use it for their core tasks.
Related terms
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →