Depending on what site you’re looking at, it may be the GDPR’s definition for “legitimate interest” - which still kinda sucks, because I absolutely define legitimate interest interest differently than some of these companies do. (e.g., “marketing” does not count, fuck off.)
No idea, but if they think giving me ten little boxes to tick before I can click "Reject all" is going to stop me, they're definitely wrong. I know where my legitimate interest lies and it's not with them
"The GDPR required us to rewrite our intent to profit off of you in one of six accepted reasons, and all the other reasons required your consent or public benefit or obligation to apply."
sorry I can communicate like a normal person I swear. 😂 I just mean, "legitimate" as "legal" - they're allowed to do it without your consent because some legislation gives them that permission, in the barest terms. I think it's one potential read on it.
If the site uses a separate company to do things like store your consent record, that other company has a "legitimate interest" in processing your data to store whether you've provided consent for things that do require opt-in. Similarly, data to help protect an account
Under GDPR, all processes (uses) under the legitimate interest legal basis (art 6.1.f) is what I object EVERY TIME I entrust my personal data to a controller (company), after having checked that they are using this basis in their policy.
Troublesome, but then I have the power to file a complaint.
My simplistic non-lawyer understanding is that legitimate interest is use of your personal data that would not be surprising to you given your relationship with the company