The General Data Protection Regulation (GDPR), which came into effect in May 2018, gives users the option to opt-out of email communications. However, there may be situations where certain types of emails can bypass these restrictions because the communication is considered to be in the legitimate interest of the data controller. To qualify as legitimate interest it must be considered communication which the user would reasonably expect and have a minimal impact on their privacy.
The GDPR gives an example of legitimate interest as the processing of data to prevent fraud, ensuring network and information security, direct marketing, and disclosing possible criminal acts to the authorities.
An example of legitimate interest in Award Force could be an email sent to shortlisted entrants or winners to let them know the status of their application. It may also be an email sent to judges to let them know judging is ready to begin.
To determine whether the communication falls under legitimate interest you need to consider three questions?
- Purpose: is it a legitimate interest?
- Necessity: is it necessary to achieve the purpose or is there a less intrusive way of getting the same result?
- Balancing: do the user's interests override the legitimate interest and would they reasonably expect their data to be used in this way.
Sending broadcasts and notifications as legitimate interests
To send a broadcast or notification using legitimate interests and therefore bypass the user's preferences you can select from a drop-down menu on new broadcast and notification pages. Choose Legitimate interest of the data controller to bypass the user's preferences.
Freely given consent by user will send the message according to the user's preferences for broadcasts and notifications.