EU GDPR Art 6 – Global Relay Intelligence & Practice

Welcome to GRIP, Global Relay's new digital information service on practical compliance and regulatory change.

Please enjoy this free trial of our subscription content service, for a limited time only.

EU GDPR Art 6

Sets out the lawful bases on which personal data can be processed. The lawful basis must be determined and documented before processing of the personal data begins.

Rule Overview

Jurisdiction: European Union

Regulator: ESMA

Topic: Data Protection

Overview

Rules in This Collection

Notable

Latest News

Further Reading

Processing of personal data is lawful for the following reasons only:

subject has given consent;
contractual necessity;
legal necessity;
protection of a person’s vital interests;
public interest; and
legitimate interest except where overridden by fundamental rights.

The last point does not apply to public authorities performing their tasks.

Where processing is not based on consent or legal sanction the controller needs to take into account:

link(s) between original collection purpose and intended further processing purpose(s);
context of original collection (relationship between subject and controller);
nature of the data;
possible consequences of intended further processing; and
existence of appropriate safeguards.

Rules in This Collection

EU GDPR Art 6 This Rule

Notable

CJEU makes landmark decision in Meta vs Bundeskartellamt

Privacy

CJEU makes landmark decision in Meta vs Bundeskartellamt

July 27, 2023

Judgment allows GDPR scrutiny through antitrust regulators and imposes limitations on personalized use of consumers’ personal data.

Verena Grentzenberg | DLA Piper, Philipp Schmechel | DLA Piper, Dr. Jonas Kranz | DLA Piper12 min read

Norwegian Data Protection Authority wins against Meta in court

Privacy

Norwegian Data Protection Authority wins against Meta in court

September 8, 2023

The Norwegian authority has put a temporary ban on the social media giant after its illegal behaviour-based marketing.

Martina Lindberg1 min read

Using data protection to counter bias in generative AI

AI

Using data protection to counter bias in generative AI

October 5, 2023

Practical steps to mitigate against bias and hallucinations when using and developing AI models.

Kirsten Ammon | Fieldfisher5 min read

Privacy

CJEU makes landmark decision in Meta vs Bundeskartellamt

Privacy

Norwegian Data Protection Authority wins against Meta in court

AI

Using data protection to counter bias in generative AI

Latest News More on EU GDPR

Privacy

X could face sanctions for training Grok on Europeans’ data

September 10, 2024

The Irish Data Protection Commission has said that it will “examine” complaints received.

Martina Lindberg2 min read
Privacy

Dutch DPA imposes €30.5m fine on Clearview AI over illegal data collection

September 4, 2024

The Dutch regulator found Clearview illegally built a database of over 30 billion faces without consent.

Martina Lindberg3 min read
Privacy

IMY fines Swedish pharmacies Skr 45m for GDPR failures

September 2, 2024

The two pharmacies used the Meta pixel to capture information for marketing purposes, but captured more than required and transferred the data to the social media giant.

Martina Lindberg2 min read
Privacy

Uber fined €290m for unsafe transfer of driver data to US

August 30, 2024

This is the third fine imposed on Uber from the Dutch Data Protection Authority.

Martina Lindberg2 min read
Privacy

Danish municipality Vejen fined for lack of data encryption

August 16, 2024

About 300 computers were found being used for activities other than teaching, and contained unencrypted information about students.

Martina Lindberg1 min read
Privacy

Norwegian court upholds record NKr 65m fine on Grindr

July 4, 2024

Grindr failed to have valid consent from users to share their data and sensitive information with marketing partners.

Martina Lindberg2 min read
Fintech

Bots will revolutionize all aspects of banking, says Citi

July 1, 2024

Firm says regulation can be a barrier to adoption, but is needed to manage some of the negative side effects of AI.

Carmen Cracknell2 min read
Data

Interview: Gaurav Bhalla on data storage and data localization laws in India

June 19, 2024

Gaurav Bhalla, a technology and data protection lawyer at Ahlawat & Associates, discusses data sovereignty and compliance.

Jean Hurley4 min read

Further Reading

ICO guide to lawful basis