1. Just because you’re interested, doesn’t make it legitimate.
2. You can’t use LI to avoid getting consent when you suspect the answer will be “No”
3. Whether LI can be applied depends on your own assessment of what you’re doing, why and how – which you will be expected to justify and defend.
4. LI is not ‘unclear’ or ‘ambiguous’; it requires thinking to be done and a decision to be made.
5. Publish your Legitimate Interests Assessments (LIA) if you anticipate/plan to reject objections to processing.
6. If a law says you have to get consent for a processing activity, then forget about LI. You can’t use it. Move on.
7. LI is only a valid lawful basis for processing personal data if you’re adhering to all of the principles. It’s not a loophole around compliance.
8. If your LIA is post-hoc rationalisation of something you won’t consider ceasing to do even though you suspect it’s a bit dodgy; then you wasted your time. Just make sure you have funds set aside to deal with complaints, regulatory action and reputation damage when you get found out.
9. The ICO is not responsible for your continuing professional development
10. No-one else can do your thinking for you