🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

GDPR and legal bases: Understand everything about the public interest mission

Home GDPR and legal bases: Understand everything about the public interest mission

The public interest, or the general interest, is a concept of public law. It may seem quite vague and is not specifically defined. Generally speaking, a mission of public interest can be defined as the pursuit of a goal beneficial to as many people as possible.

But in the context of GDPR, what exactly does this notion mean when invoked as a legal basis? What treatment can be implemented on this basis?

Sit comfortably with your favorite drink, we'll explain everything to you in 5 minutes!

The 6 legal bases provided for by the GDPR

The public interest mission is one of the 6 legal bases provided for by the GDPR. Choosing the legal basis for processing is a mandatory condition for its lawfulness, in accordance with article 6 of the GDPR. This choice also determines the rights that the persons concerned will be able to avail themselves of for the processing in question. The rights will not be the same depending on the legal basis chosen.
There are 6 of them, namely:?

Do you want to know more about each of these legal bases? We invite you to take a look at our recent blog posts and 1 minute episodes to understand everything on the subject. Follow us so as not to miss the rest. Next week we will address the notion of legitimate interest!?‍?

Understand the legal basis for public interest missions?

The public interest mission is one of the legal bases provided for by the GDPR. It bases the processing necessary for the execution of a mission of public interest or a mission relating to the exercise of public authority incumbent on the data controller. It is mainly used by public authorities. These are organizations managed by public authorities (the State). They are endowed with prerogatives of public authorities in order to be able to satisfy their mission of general interest.

This may, for example, be a municipality responsible for organizing parking policies on its territory. She decides to reserve parking spaces on a particular street for local residents. To take advantage of this, residents must apply for a resident card. In order to issue this card, the municipality processes the data of these residents. However, it should be noted that this legal basis may also be applicable by certain private structures, endowed with a mission of public interest or prerogatives of public power.

Under what conditions should the public interest mission be chosen as the legal basis?

1st criterion: the quality of the data controller?

As explained above, the data controller must be a public authority or a private actor, who pursues a mission of public interest or is endowed with public authority prerogatives.

2nd criterion: the strict necessity of the treatment?

The processing must be necessary for the execution of the mission with which the organization is entrusted. In other words, the processing must enable the organization to carry out its mission in a relevant and appropriate manner. The processing must not pursue a goal too far removed from the public interest mission pursued.

The necessity criterion is applicable to all processing of personal data. The GDPR requires that processing be necessary to achieve a predefined purpose. This means that the data controller cannot achieve the aim pursued without carrying out the processing.

The way in which the processing is carried out is also taken into account in the assessment of compliance with this criterion. That is to say, the data controller must choose the most suitable and least intrusive way of processing data for the person.

The processing operations falling under this legal basis are primarily those which concern the data of users of public services, directly concerned by the pursuit of a public interest (the management of municipal parking in the aforementioned example). In its own register which it has published on its site, the CNIL bases a certain number of its processing operations on this legal basis and in particular the management of complaints addressed to it.

It is appropriate to distinguish these treatments from purely internal treatments which do not have a sufficiently close close link with the public interest mission pursued. Thus the processing of a town hall relating to the management of the recruitment of its staff will not fall within the legal basis "mission of public interest", although this processing will be carried out during the pursuit of missions of public interest or in the exercise of public authority incumbent on the town hall. . The appropriate legal basis will be that of the execution of pre-contractual measures.

3rd criterion: the public interest must be defined by European or national law??

The public interest must be provided for by a text. The legal basis for the processing must be drawn from the law to which the data controller is subject. It may be a law, regulation, decree, etc.

What are the consequences for personal rights?

All rights recognized to individuals by the GDPR can be exercised with the exception of the right to portability.

Data Comply One (formerly GDPR Mission) and the public interest mission

Are you having trouble knowing which legal basis to choose? Are you short on time to manage your compliance? You are lost?

✅ With Data Comply One (formerly Mission RGPD) don't panic, you document all the elements of your compliance on the same platform. Enter the legal basis for your processing on each of the files in your register, you can submit as an attachment a copy of the legal basis on which your public interest mission is based.

Don't waste any more time, it's so simple!

Request a demo
Other articles
on the same subject