The ICO states that for legitimate interest to be a valid basis of processing “you must balance your interests against the individual’s… if they would not reasonably expect the processing, or if it would cause unjustified harm, their interests are likely to override your legitimate interests.”
The ICO has identified the following questions as relevant for the necessity test of a legitimate interest analysis, and Censia has answered them as follows:
6.1. What is the nature of your relationship with the individual?
The data subject has made certain information available for career and other public purposes on the expectation that such information may be used by third parties for purposes like matching the data subject with employment opportunities.
6.2. Is any of the data particularly sensitive or private?
No. All data is high-level publicly available personal data, commonly available via the use of basic internet search or through public postings. The data is similar to what might be accessed by a third party recruiting or HR professional.
6.3. Would people expect you to use their data in this way?
In many cases, the data subject may even hope that data is processed by Censia so that they can be matched with a potential employer. Many data subjects made their data public in the hopes of finding a career opportunity. In other cases, data was made public by data subjects who understood that it would be available and accessible to third parties.
6.4. Are you happy to explain it to them?
Yes. Though parts of the processing are complex, the purpose and goal of the processing is not and is easily explainable to a data subject. Censia is happy to do so and is confident that the majority of data subjects would appreciate the chance at additional career opportunities.
6.5. Are some people likely to object or find it intrusive?
It is unlikely that a data subject would find it intrusive, Censia’s processing does not use data that is not widely and publicly available or data types that are more sensitive or not commonly processed by a wide range of entities. It is always possible that a data subject objects to any form of processing, but Censia believes this would be a rare data subject.
6.6. What is the possible impact on the individual?
There is very little negative impact on the individual. In most cases, individuals will not know that an employer has decided not to pursue them for a role. Even in a catastrophic data breach (which Censia has taken significant steps to prevent), the personal data exposed would already be available to bad actors through multiple other channels with less effort..
6.7. How big an impact might it have on them?
Any negative impact would be extremely small. It would likely amount to certain employers having high-level data about the data subject that the data subject would not have spent effort to disclose to the employer on their own, or rejection for a role that the data subject would likely not have even been identified as a possible candidate for without Censia’s services.
6.8. Are you processing children’s data?
No, and have taken reasonable steps to insure so.
6.9. Are any of the individuals vulnerable in any other way?
Not that Censia has identified.
6.10. Can you adopt any safeguards to minimize the impact?
Censia is focused on data protection generally and has taken a variety of measures to minimize impact to data subjects such as securing processed data, data minimization, and data quality initiatives. Censia also reviews its service providers and data enrichment providers, conducting due diligence to help ensure they treat data properly.
6.11. Can you offer an opt-out?
Yes, Censia honors all opt-out requests and would not seek exceptions to the opt-out requirement. Please click here to opt-out.