ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Cookie Files

Can personal data be processed through cookies based on legitimate interest?

ANSWER

Yes.

A distinction should be made between the obligation to obtain consent for the storage and reading of cookies in a user's browser (arising from telecommunications law) and the processing of personal data through cookies (e.g., analytics, profiling, etc.), which is fully subject to the GDPR.

Therefore, the controller must correctly identify the legal basis for processing personal data. In the context of cookies, this legal basis may be:

  • the consent of the data subject;
  • the controller's legitimate interest;
  • processing necessary for the performance of a contract.

However, if the user does not consent to the storage and reading of cookies for specific purposes, those cookies cannot be used to achieve those purposes, regardless of the legal basis relied upon for the subsequent processing of personal data.

Show all
PreviousNext

Read also:

07 June 2026

Przygotuj się na atak phishingowy, nim będzie za późno

07 June 2026

TikTok a RODO w sektorze publicznym – czego urzędy mogą dowiedzieć się z niemieckich zaleceń dla instytucji

02 June 2026

Czy do spełnienia wymogów ustawy o krajowym systemie cyberbezpieczeństwa (KSC / NIS2) potrzebne jest Security Operations Center (SOC)?

Kalkulator wagi naruszeń

Sprawdź, które naruszenia wymagają zgłoszenia do PUODO

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Using cookies based on legitimate interest | ODO 24 | ODO 24