Legitimate interest of the data controller and third party is one of the valid reason for legitimate data processing. The concept of legitimate interest is one of the highly debated and confusing subject in the scope of the data protection practices in both Europe and Turkey. The Turkish Data Protection Act (hereinafter referred to as “KVKK”) has been articulated by taking into account the provisions of the former EU Directive 95/46/EC (“Directive”) which is also the basis of General Data Protection Regulation (“GDPR”). Legitimate interest was first found in the Directive. However, since the wording of the corresponding articles in KVKK and GDPR are dissimilar, shedding some light on the the notion has become indispensable.
This paper will present a comparative analysis regarding one of the legal grounds based on “legitimate interest” stated under KVKK and GDPR and is structured as follows. First part of the paper will examine two different provisions separately by reflecting the differences and similarities of conditions for processing personal data without receiving explicit consent of the data subject provided that the legitimate interests are necessary.