"Legitimate Interest" is based upon assumptions of expectations that the protected party will have their data processed by a company in their general interest. This could include an active business relationship (I'm emailing you about your products you have purchased), their security or fraud (your password has been compromised), the general wellbeing of people/society ("our gas main has burst in your neighborhood"), or something along those lines. It does NOT include, "You look like someone who would want to hear from me." Also note that the legitimate interest is worded in terms of "may", and not "shall." This is legally meaningful, as "shall" is prescriptive, where "may" is guidance for interpretation. This article is explicitly held to a higher standard of proof if there is a complaint. For GDPR purposes (and CASL, etc.), just don't use names that come from a rented or purchased lists, no matter how legitimate the source seems to be. If you want to take advantage of third party lists, look to a partner who will co-market for you and send those emails on your behalf to their opted-in customers. Also, as a fellow Marketo user, please don't send to a bunch of purchased lists off of Marketo. There are other email providers who specialize in purchased lists. Our IP pool ends up on too many blacklists as it is!
... View more