Sign Up

What is 8 + 4?

Have an account? Sign In Now

Sign In

What is 8 + 4?

Forgot Password?

Don't have account, Sign Up Here

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

What is 8 + 4?

Have an account? Sign In Now

Please type your username.

Please type your E-Mail.

Please choose an appropriate title for the question so it can be answered easily.
Please choose the appropriate section so the question can be searched easily.

Type the description thoroughly and in details.

What is 8 + 4?

Sign InSign Up

Watercooler by DPOrganizer

Watercooler by DPOrganizer Logo Watercooler by DPOrganizer Logo

Watercooler by DPOrganizer Navigation

Search
Ask A Question

Mobile menu

Close
Ask a Question
  • Home
  • Categories
    • GDPR
    • Privacy Management
    • Professional Development
    • Software tips and tricks
    • Polls
  • Help
  • About Watercooler
Home/ Questions/Q 8293
Next
In Process
Anonymous
  • 0
Asked: October 19, 20212021-10-19T08:50:49+01:00 2021-10-19T08:50:49+01:00In: GDPR

Legitimate Interest v. Soft Opt In

  • 0

Can anyone help me understand the difference between soft-opt in and legitimate interest please?

Is it that soft opt in you must have an existing relationship with the data subject but legitimate interest can be used more widely for marketing purposes?

Thank you.

  • 3 3 Answers
  • 1 Follower
  • 0
Answer
Share
  • Facebook

    3 Answers

    • Voted
    • Oldest
    • Recent
    1. BlueBottle

      BlueBottle

      • 0 Questions
      • 26 Answers
      • 0 Best Answers
      • 27 Points
      View Profile
      BlueBottle Bronze contributor
      2021-10-20T11:27:51+01:00Added an answer on October 20, 2021 at 11:27 am
      This answer was edited.

      While I’m grateful for DP-Pro’s willingness to post an answer, I don’t feel they have satisfied the OP’s query: what is the difference between soft opt-in and legitimate interest?
      Under the [UK] GDPR, processing must be lawful, which is to say, it must be covered by one of the lawful bases in Article 6. The legitimate interests of the controller or a third party is the sixth such basis (Art. 6(1)(f)). Consent is the first.
      When an organisation’s (or a third party’s) interests, often commercial, are both legitimate (not unlawful, false or deceptive) and compatible with individuals’ rights and freedoms, and where processing personal data by the controller is necessary to further those interests, they may rely on this basis.
      The ePrivacy Directive, implemented in the UK by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”) requires consent for direct marketing by email or SMS in Regulation 22.
      (Continued…)

      • 0
      • Reply
      • Share
        Share
        • Share on Facebook
        • Share on Twitter
        • Share on LinkedIn
      • BlueBottle

        BlueBottle

        • 0 Questions
        • 26 Answers
        • 0 Best Answers
        • 27 Points
        View Profile
        BlueBottle Bronze contributor
        2021-10-20T11:32:12+01:00Replied to answer on October 20, 2021 at 11:32 am

        …But there is an exemption from this where you are marketing your own similar products/services to individuals whose contact details were obtained in the course of a sale or negotiations for a sale, AND where they were given the option to opt out of marketing at that point, AND in every subsequent direct marketing communication. This is the “soft opt-in”.

        When you use soft opt-in, you’re not employing consent, so you need another lawful basis. At this point, the lawful basis may very well be legitimate interests. The two, therefore, are not mutually exclusive.

        In *any* case where you are direct marketing, the recipient has the right to object to the use of their personal data for this purpose under Art. 21(2) [UK] GDPR, no matter the lawful basis or whether it’s soft opt-in or otherwise.

        I hope this goes some way towards answering your question.

        • 1
        • Reply
        • Share
          Share
          • Share on Facebook
          • Share on Twitter
          • Share on LinkedIn
    2. DP-Pro

      DP-Pro

      • 0 Questions
      • 15 Answers
      • 0 Best Answers
      • 15 Points
      View Profile
      DP-Pro Bronze contributor
      2021-10-20T10:08:18+01:00Added an answer on October 20, 2021 at 10:08 am

      Interesting. LEGITIMATE INTERESTS is one of the prescribed LAWFUL BASES for data processing. and you are right, it has wider uses, including for marketing, but is subject to the Article 21 Right to Object. SOFT OPT-IN sets up a presumed CONSENT-LED basis and can only be used when an existing relationship exists with the data subject through a purchase or enquiries relating to a purchase, and can only relate to your own similar products/services and must offer the opportunity for the data subject to OPT OUT at the outset and at any time thereafter, perhaps on each marketing mail you send. It too is subject to Article 21; Absolutely – no argument, and also, the withdrawal of consent, making that, too, absolute. It becomes more complex when the data subject opts back in, does that, then, become CONSENT or LEGITIMATE INTERESTS processing and do you need to record the different lawful basis for each type of customer engagement?

      • 0
      • Reply
      • Share
        Share
        • Share on Facebook
        • Share on Twitter
        • Share on LinkedIn

    Leave an answer
    Cancel reply

    You must login to add an answer.

    What is 8 + 4?

    Forgot Password?

    Sidebar

    Ask A Question

    Trending contributors

    Smurf333

    Smurf333

    • 11 Answers
    Bronze contributor
    Dave_Wylie

    Dave_Wylie

    • 28 Answers
    Bronze contributor
    CRodica

    CRodica

    • 6 Answers
    Rising star contributor
    Atis

    Atis

    • 4 Answers
    Andrea

    Andrea

    • 15 Answers
    Bronze contributor

    Recent questions

    • Anonymous

      Instagram!!

      • 0 Answers
    • Olga

      DPO in EU and UK

      • 0 Answers
    • Smurf333

      DBS scenario with HR retaining excessive information for longer than ...

      • 0 Answers
    • CRodica

      Parties role towards employees data for administrative purposes

      • 0 Answers
    • Donna

      ‘serious harm test’ for health data

      • 0 Answers

    Explore

    • Home
    • Categories
      • GDPR
      • Privacy Management
      • Professional Development
      • Software tips and tricks
      • Polls
    • Help
    • About Watercooler

    Footer

    Your privacy

    • Cookie notice
    • Privacy notice

    Terms and policy

    • Acceptable Use Policy
    • Terms of Use

    © 2021 DPOrganizer. All Rights Reserved. With Love by DPOrganizer.