EFAMRO's Response to EDPB's Guidelines 01/2024 on processing of personal data based on Article 6(1)(f) GDPR

EFAMRO and ESOMAR have submitted a response to the European Data Protection Board’s Consultation on Guidelines 01/2024 on processing of personal data based on Article 6(1) GDPR

The Consultation Response address:

Summary in Bullet Points:

Processing for Fraud Prevention:

The EDPB guidelines clarify that fraud prevention can be a legitimate interest under Article 6(1)(f) GDPR, but the processing must pass the necessity and balancing tests to be lawful.

Legitimate interest cannot automatically justify any fraud prevention data processing.

Importance of Legitimate Interest in Research:

Fraud prevention is crucial in the research sector for ensuring data authenticity and quality control.

The guidelines emphasise balancing individual rights with the public interest in trustworthy data practices, adhering to data minimisation and storage limitation principles.

Practical Aspects for High-Quality Data:

Large-scale data quality processing is necessary to ensure high-quality research data, making fraud prevention a critical part of producing valuable insights.

Legitimate interest for fraud prevention, if properly safeguarded, helps ensure the integrity and confidentiality of research data.

Proportionality and Safeguards:

The guidelines emphasise proportionality and the need for safeguards to protect individuals’ rights while preventing fraud.

Principles of transparency, data minimisation, and regular review will be important for the research sector in aligning with GDPR.

Further Processing Provisions:

Further processing of pseudonymised or aggregated data for non-intrusive insights (e.g., business decisions, public policy, product improvements) is permitted under legitimate interest, provided transparency and data subject rights are maintained.

The guidelines provide a framework for secondary use of data without negatively impacting individual privacy.

Flexibility in Market and Social Research:

The guidelines clarify when and how data can be further processed for compatible secondary purposes, enabling insights to be repurposed for additional analyses and research validation.

Support for the Guidelines:

EFAMRO appreciate the clarity of the guidelines, which balance data protection with empowering organisations to make responsible decisions while respecting privacy.

EFAMRO supports the guidelines and look forward to further engagement with the EDPB on data processing under Article 6(1)(f) GDPR.

Read full article here

EFAMRO’s Response to EDPB’s Guidelines 01/2024 on processing of personal data based on Article 6(1)(f) GDPR

Related Posts

EFAMRO’s Response to EDPB’s Guidelines 01/2025 Psuedonymisation

Dutch-Cabinet Telemarketing Ban Proposal to EU Commission Policy Position

A Response to the Call for Evidence “Report on the General Data Protection Regulation”

EFAMRO China Cybersecurity Administration of China (CAC) guidelines