This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Norton Rose Fulbright logo
  • Global
  • About
    • Back
    • About
    • Our firm
      • Back
      • Our firm
      • Clients
      • Global coverage
      • Vision, culture and people
      • Governance structure
      • Risk management
      • NRF Transform
      • Alumni
    • Diversity, Equity & Inclusion
      • Back
      • Diversity, Equity & Inclusion
      • Our people
      • Recognition
      • Governance
    • Corporate responsibility
      • Back
      • Corporate responsibility
      • Pro bono
      • Volunteering
      • Fundraising
      • Sustainable practice
      • Global charitable initiatives
    • Photo montage
      RE:

      Read our magazine
  • People
  • Services
    • Back
    • Services
    • Services A-Z
    • Key industries
      • Back
      • Key industries
      • Consumer markets
      • Energy, infrastructure and resources
      • Financial institutions
      • Life sciences and healthcare
      • Technology
      • Transport
    • Practices
      • Back
      • Practices
      • Antitrust and competition
      • Banking and finance
      • Bankruptcy, financial restructuring and insolvency
      • Climate change and sustainability
      • Consulting
      • Corporate, M&A and securities
      • Employment and labor
      • Energy
      • Environmental, social and governance (ESG)
      • Financial services and regulation
      • Information governance, privacy and cybersecurity
      • Intellectual property
      • Litigation and disputes
      • Private equity and venture capital
      • Projects
      • Real estate
      • Regulation and investigations
      • Risk advisory
      • Tax
      • Banking and finance
      • Climate change and sustainability
      • Corporate, M&A and securities
      • Energy
      • Financial services and regulation
      • Intellectual property
      • Private equity and venture capital
      • Real estate
      • Risk advisory
    • NRF Transform
    • Transform image

      Find out more
  • Insights
    • Back
    • Insights
    • NRF InstituteProfessional developmentResources and tools
    • PublicationsBlogsVideos
    • EventsWebinarsPodcasts
    • colorful light particles
      Sustainability and ESG

      Visit the hub
  • News
    • Back
    • News
    • Press releases
    • Market recognitions
    • Media information
  • Locations
  • Careers
    • Back
    • Careers
    • Graduates and students
    • Search current vacancies
      • Back
      • Search current vacancies
  • Change
  • Global
    • Back
    • global site
    • North America
      • Canada (English)
      • Canada (Français)
      • United States
    • Latin America
      • Latin America
      • Brazil
      • Mexico
    • Europe
      • Belgium
      • Deutschland (Deutsch)
      • France
      • Germany (English)
      • Greece
      • Italy
      • Luxembourg
      • Poland
      • The Netherlands
      • Turkey
      • United Kingdom
    • Middle East
    • Africa
      • Africa
      • Burundi
      • Kenya
      • Morocco
      • South Africa
      • Uganda
      • Zimbabwe
    • Asia Pacific
      • Australia
      • China
      • Hong Kong SAR
      • Indonesia
      • Japan
      • Singapore
      • Thailand
    • Regional practices
      • India
      • Israel
      • Korea
      • Marshall Islands
      • Nordic region
      • Pakistan
      • Vietnam
Lake in the forest

Connections

Insights, perspectives and viewpoints from our lawyers on topical issues

All Posts Subscribe
print-logo
10/4/2024 3:21:12 PM | 2 minute read

The CJEU’s judgment: Can a commercial interest be a legitimate interest under the GDPR?

1
271

Get in touch

Avatar
Jurriaan Jansen
Partner
Avatar
Rosie Nance
Senior Knowledge Lawyer

Get in touch

Avatar
Jurriaan Jansen
Partner
Avatar
Rosie Nance
Senior Knowledge Lawyer
1
271

The Court of Justice of the European Union (CJEU) has confirmed today that processing of personal data of members of a sports associate in return for payment for the purposes of the pursuit of a commercial interest of the controller can be considered necessary for the purposes of a legitimate interest for the purposes of Article 6(1)(f) General Data Protection Regulation (GDPR). The CJEU explicitly referred to recital 47 GDPR to substantiate that a legitimate interest does not have to have an explicit statutory basis. The processing must be necessary for the legitimate interest and the interests or fundamental rights and freedoms of the data subject must not outweigh the legitimate interest. The interest does not need to be based on a statutory right, such as freedom of speech, but must be legitimate. 

The case originated following some controversial guidance published by the Dutch data protection authority (DPA) in 2019 on the interpretation of legitimate interests. In its guidance, the Dutch DPA states that purely commercial interests cannot qualify as legitimate interests. In 2020, the European Commission sent the Dutch DPA a letter setting out why its interpretation of legitimate interests was not supported by the GDPR, CJEU case law, and the EU Charter of Fundamental Rights. Despite this, the DPA started to enforce its guidance and issues various fines as a result of it. One of these was imposed on the Royal Dutch Lawn Tennis Association. The District Court of Amsterdam heard the appeal against the fine and referred the questions to the CJEU on whether legitimate interests are only those which are enshrined in law, and on whether and in what circumstances a purely commercial interest can be regarded as legitimate. 

Our take

Legitimate interests may be the only lawful basis available for some commercial activities, so a narrow interpretation from the CJEU could have had a dramatic impact on processing of personal data for commercial purposes. The GDPR sets a high bar for consent, and for many activities, gaining valid consent will not be practicable or possible, while the contractual necessity lawful basis requires a contract or contractual negotiations with the data subject themself. 

This will be a welcome judgment for controllers, who rely on legitimate interests as a lawful basis for a range of processing, from innovative uses like training AI models, to routine processing of customer data where they have no contract with the data subject. However, it is important to note that although the CJEU recognised that commercial interest can qualify as legitimate, controllers should assess on a case-by-case basis whether the purpose of the envisaged processing could also be achieved in a way that would be less intrusive for the affected individuals. In the case at hand, according to the CJEU, this implied notifying the members of the Royal Dutch Lawn Tennis Association upfront and providing them the option to opt-out. 

Panorama of night city skyline with immersive data protection interface with padlock, fingerprint and shield. Concept of cybersecurity and biometric scanning

Subscribe to our Connections insights Sign-up now

Tags

transport, privacy and cyber security, data privacy

Get in touch

Avatar
Jurriaan Jansen
Partner
Avatar
Rosie Nance
Senior Knowledge Lawyer

Get in touch

Avatar
Jurriaan Jansen
Partner
Avatar
Rosie Nance
Senior Knowledge Lawyer
Key takeaways from MIPIM 2025: Future-proofing data centres
3/25/2025 4:21:32 PM

Key takeaways from MIPIM 2025: Future-proofing data centres

By Kirsty Harrower
As the digital infrastructure landscape continues to evolve, increasing AI workloads present both challenges and opportunities for data...
1
35
36

Latest Insights

Summer reading arrived early: European Commission aims for balancing act in its review of merger guidelines
5/9/2025 8:36:59 AM

Summer reading arrived early: European Commission aims for balancing act in its review of merger guidelines

By Alexandra Rogers Sabine Holinde
22
22
Shaping future successes: My takeaways from "An evening with Annie Vernon"
5/8/2025 1:38:17 PM

Shaping future successes: My takeaways from "An evening with Annie Vernon"

By Emma Humphries
Maritime decarbonisation: Current issues facing shipping companies
5/1/2025 1:36:52 PM

Maritime decarbonisation: Current issues facing shipping companies

By Kelli Bodal Hansen Philip Roche
12
12

Explore our site

  • About
  • Careers
  • Diversity, equity and inclusion
  • People
  • Services
  • Insights
  • News

Key industries

  • Consumer markets
  • Energy, infrastructure and resources
  • Financial institutions
  • Life sciences and healthcare
  • Technology
  • Transport

Locations

  • Global coverage

Norton Rose Fulbright © 2024. All Rights Reserved.

  • Amsterdam
  • ●
  • Athens
  • ●
  • Austin
  • ●
  • Bangkok
  • ●
  • Beijing
  • ●
  • Brisbane
  • ●
  • Brussels
  • ●
  • Bujumbura**
  • ●
  • Calgary
  • ●
  • Canberra
  • ●
  • Cape Town
  • ●
  • Casablanca
  • ●
  • Dallas
  • ●
  • Denver
  • ●
  • Dubai
  • ●
  • Durban
  • ●
  • Düsseldorf
  • ●
  • Frankfurt
  • ●
  • Hamburg
  • ●
  • Harare**
  • ●
  • Hong Kong SAR
  • ●
  • Houston
  • ●
  • Istanbul
  • ●
  • Jakarta*
  • ●
  • Johannesburg
  • ●
  • Kampala**
  • ●
  • London
  • ●
  • Los Angeles
  • ●
  • Luxembourg
  • ●
  • Melbourne
  • ●
  • Mexico City
  • ●
  • Milan
  • ●
  • Minneapolis
  • ●
  • Monaco
  • ●
  • Montréal
  • ●
  • Munich
  • ●
  • Newcastle
  • ●
  • New York
  • ●
  • Nairobi**
  • ●
  • Ottawa
  • ●
  • Paris
  • ●
  • Perth
  • ●
  • Piraeus
  • ●
  • Québec
  • ●
  • Riyadh*
  • ●
  • San Antonio
  • ●
  • San Francisco
  • ●
  • São Paulo
  • ●
  • Shanghai
  • ●
  • Singapore
  • ●
  • St. Louis
  • ●
  • Sydney
  • ●
  • Tokyo
  • ●
  • Toronto
  • ●
  • Vancouver
  • ●
  • Warsaw
  • ●
  • Washington DC *associate office **alliance
  • Legal notices and disclaimers
  • Impressum
  • Standard terms
  • Blog network terms and conditions
  • Cookies policy
  • Privacy notice
  • Website access conditions
  • Fraud alerts
  • Modern Slavery Statements
  • Health plan machine readable files
  • Anti-Facilitation of Tax Evasion Statement
  • Suppliers
  • History
  • Remote access
  • Sitemap
Offices and locations

Norton Rose Fulbright © 2024. All Rights Reserved.

  • Amsterdam
  • ●
  • Athens
  • ●
  • Austin
  • ●
  • Bangkok
  • ●
  • Beijing
  • ●
  • Brisbane
  • ●
  • Brussels
  • ●
  • Bujumbura**
  • ●
  • Calgary
  • ●
  • Canberra
  • ●
  • Cape Town
  • ●
  • Casablanca
  • ●
  • Dallas
  • ●
  • Denver
  • ●
  • Dubai
  • ●
  • Durban
  • ●
  • Düsseldorf
  • ●
  • Frankfurt
  • ●
  • Hamburg
  • ●
  • Harare**
  • ●
  • Hong Kong SAR
  • ●
  • Houston
  • ●
  • Istanbul
  • ●
  • Jakarta*
  • ●
  • Johannesburg
  • ●
  • Kampala**
  • ●
  • London
  • ●
  • Los Angeles
  • ●
  • Luxembourg
  • ●
  • Melbourne
  • ●
  • Mexico City
  • ●
  • Milan
  • ●
  • Minneapolis
  • ●
  • Monaco
  • ●
  • Montréal
  • ●
  • Munich
  • ●
  • Newcastle
  • ●
  • New York
  • ●
  • Nairobi**
  • ●
  • Ottawa
  • ●
  • Paris
  • ●
  • Perth
  • ●
  • Piraeus
  • ●
  • Québec
  • ●
  • Riyadh*
  • ●
  • San Antonio
  • ●
  • San Francisco
  • ●
  • São Paulo
  • ●
  • Shanghai
  • ●
  • Singapore
  • ●
  • St. Louis
  • ●
  • Sydney
  • ●
  • Tokyo
  • ●
  • Toronto
  • ●
  • Vancouver
  • ●
  • Warsaw
  • ●
  • Washington DC *associate office **alliance
Policies and disclaimers
  • Legal notices and disclaimers
  • Impressum
  • Standard terms
  • Blog network terms and conditions
  • Cookies policy
  • Privacy notice
  • Website access conditions
  • Fraud alerts
  • Modern Slavery Statements
  • Health plan machine readable files
  • Anti-Facilitation of Tax Evasion Statement
  • Suppliers
  • History
  • Remote access
  • Sitemap
Visit our global site, or select a location
North America
  • Canada (English)
  • Canada (Français)
  • United States
Latin America
  • Brazil
  • Mexico
Europe
  • Belgium
  • Deutschland (Deutsch)
  • France
  • Germany (English)
  • Greece
  • Italy
  • Luxembourg
  • Poland
  • The Netherlands
  • Turkey
  • United Kingdom
Middle East
Africa
  • Burundi
  • Kenya
  • Morocco
  • South Africa
  • Uganda
  • Zimbabwe
Asia Pacific
  • Australia
  • China
  • Hong Kong SAR
  • Indonesia
  • Japan
  • Singapore
  • Thailand
Regional practices
  • India
  • Israel
  • Korea
  • Marshall Islands
  • Nordic region
  • Pakistan
  • Vietnam