Legitimate interest is sometimes used for analytics or fraud prevention, but it does not apply to setting non-essential cookies, which still need consent, and it is not a basis recognised the same way under India's DPDPA, which is consent-and-legitimate-uses based. Document a balancing test before relying on it, and never use it to bypass cookie consent.
In ConsentX
Related terms
The GDPR is the European Union's data-protection law, requiring a lawful basis (often consent) to process personal data, with fines up to €20 million or 4% of global turnover.
Cookie consent is the user's permission to set non-essential cookies and trackers, which most privacy laws require you to obtain before those cookies load.
The DPDPA (DPDP Act 2023) is India's national data-protection law, requiring clear notice and free, specific, informed consent before processing personal data, with the DPDP Rules notified on 13 November 2025.