Legal grounds guide

Make sure you first read the label structure page about the legal part of the label first. It explains the six possible legal grounds. To recap, European privacy law provides six options:

  • Permission (consent)
  • Contract
  • Legitimate interest
  • Legal obligation
  • Vital interest
  • Public task

It should be very clear what the legal grounds are for any data that you proces.

Order of display

The legal grounds listed in a privacy label should not be placed in a random order. They should be arranged by how often they occur. The most commonly used ground should be at the top, followed by the next most common one, and so forth.

Let's look at a very basic example. Imagine an online shop that collects these pieces of data:

Data type Purpose Legal ground Explanation
Email address Providing goods and services
Contract The email address is needed to send the receipt
Email address Marketing, sales and customer relations Permission To send coupons and updates about new products
Bank account number Providing goods and services Contract This is required by law

In the example above the 'contract' legal ground is used twice, and 'permission' once. Therefore, in the legal grounds list 'contract' should be placed above 'permission'.