Legal grounds guide
Make sure you first read the label structure page about the legal part of the label first. It explains the six possible legal grounds. To recap, European privacy law provides six options:
- Permission (consent)
- Contract
- Legitimate interest
- Legal obligation
- Vital interest
- Public task
It should be very clear what the legal grounds are for any data that you proces.
Order of display
The legal grounds listed in a privacy label should not be placed in a random order. They should be arranged by how often they occur. The most commonly used ground should be at the top, followed by the next most common one, and so forth.
Let's look at a very basic example. Imagine an online shop that collects these pieces of data:
Data type | Purpose | Legal ground | Explanation |
Email address | Providing goods and services |
Contract | The email address is needed to send the receipt |
Email address | Marketing, sales and customer relations | Permission | To send coupons and updates about new products |
Bank account number | Providing goods and services | Contract | This is required by law |
In the example above the 'contract' legal ground is used twice, and 'permission' once. Therefore, in the legal grounds list 'contract' should be placed above 'permission'.