Legal Basis

From Data Privacy Vocabularies and Controls Community Group
Jump to: navigation, search

Initial, visualized overview of legal grounds (WIP):

Categories from collected vocabularies

  • Data Protection Ontology by Bartolini et. al
    • Consent
      • Special Consent
        • Parent Consent
    • Contract
    • Legal Obligation
    • Legitimate Interest
    • Public Interest
    • Vital Interest
    • Lawful Basis
      • Contract with Data Subject
      • Employment Law
      • Exempted by National Law
      • Given Consent
      • Historic, Statistical, or Scientific purposes
      • Legal Claims
      • Legal Obligations
      • Legitimate Interests
      • Made Public
      • Medical or Diagnostics
      • Not-for-profit organisation
      • Public Interest
      • Purpose of new processing
      • Vital Interests

Lawfulness of Processing discussion from Mailing List


From the text of GDPR, with proposed terms in bold

Article 6-1. Processing shall be lawful only if and to the extent that at least one of the following applies:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

(explicit or given) Consent - GDPR Art 6(1-a)

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

Contract - GDPR Art 6(1-b)

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

Legal obligation - GDPR Art 6(1-c)

(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

Vital interests of the data subject - GDPR Art 6(1-d)

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes - GDPR Art 6(1-e)

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks.

Legitimate interest - GDPR Art 6(1-f)

Additional basis:

  • Made public by Data Subject GDPR Art 6(1-g)
  • Medical, Diagnostic, or Treatement GDPR Art 6(1-h)