legitimate-interest-lia

Installation
SKILL.md

Performing Legitimate Interest Assessment

Overview

When a controller relies on Art. 6(1)(f) as the lawful basis for processing, a Legitimate Interest Assessment (LIA) must be conducted and documented before processing begins. The LIA consists of three sequential tests derived from the wording of Art. 6(1)(f) and elaborated in WP29 Opinion 06/2014. If any test fails, legitimate interest cannot be relied upon, and an alternative lawful basis must be found or processing must not proceed.

Part 1: Purpose Test

The purpose test establishes whether the controller (or a third party) has a legitimate interest that is real, lawful, and clearly articulated.

Assessment Criteria

  1. Identify the interest: What specific interest does the controller or third party pursue? The interest must be concrete and articulated, not vague or hypothetical.

  2. Verify legitimacy: The interest must be:

    • Lawful (not prohibited by any law)
    • Sufficiently specific to be assessed
    • Real and present (not speculative or future)
    • Consistent with what data subjects would reasonably expect
Installs
9
GitHub Stars
187
First Seen
Jun 9, 2026
legitimate-interest-lia — mukul975/privacy-data-protection-skills