Abstract
This research paper conducts a comparative analysis of the "legitimate interests" basis for personal data processing under the General Data Protection Regulation (GDPR) and the Saudi Personal Data Protection Law (PDPL). The study aims to explore how each regulatory framework defines and regulates the use of legitimate interests, focusing on the balancing test required to ensure that data subjects' rights are respected. The research methodology involves doctrinal analysis of primary legislation and a comparative approach to identify differences in procedural requirements and safeguards. The analysis reveals that while both the GDPR and the PDPL permit the use of legitimate interests, the GDPR offers a more flexible approach with a detailed balancing test, whereas the PDPL imposes stricter limitations, particularly concerning sensitive data. Key judicial precedents are examined to illustrate the application of legitimate interests in various contexts, emphasizing the importance of proportionality, transparency, and accountability. The paper concludes by suggesting best practices for data controllers in both jurisdictions and advocating for greater harmonization and procedural guidance to ensure consistency and compliance. The findings underscore the need to balance organizational interests with individual privacy rights, especially in light of increasing digital data usage, to foster trust and ensure ethical data processing.
Recommended Citation
Bamashmoos, Ahmed M.
(2025)
"The Legal Framework of Legitimate Interests - A Comparative Analysis,"
Scientific Journal of King Faisal University: Humanities and Management Sciences: Vol. 26:
Iss.
2, Article 9.
https://doi.org/https://doi.org/10.37575/h/law/250030
Available at:
https://sjkfuh.researchcommons.org/journal/vol26/iss2/9
