The use of legal grounds 'public interest' and 'consent' when collecting personal data



When doing research with human participants, researchers typically request consent from the participant before collecting any data. When collecting personal data, this consent is twofold. You request consent for:

  • Participation in research. This is where you ask the participant to agree to take part in the study. You ask this permission on ethical grounds.
  • Processing of personal data. Hereby you ask the participant for permission to process his or her personal data. This is a permission you have to obtain under the European privacy legislation (GDPR).

For both types of consent, you must provide sufficient information tailored to the participant so that they can make a free decision based on the necessary knowledge.


In some exceptional circumstances, however, seeking consent from participants may be problematic. For example, in research with (young) children, consent is given by the parents or guardians. However, with older children, ‘passive consent’, or ‘opt-out consent’, is sometimes used. In this case, the parents or guardians are given all the necessary information, and if no objections are reported, the researcher assumes consent. For some sensitive issues, the consent of the parent or guardian is even not requested at all, as this could violate the privacy of the minor.

From an ethical point of view, this choice can sometimes be justified. When the justification allows for it, deviations from active consent to participate can be approved by the ethics committee.

However, there is a problem with the legal approach. The privacy legislation (GDPR) prescribes that any consent to collect personal data must be given ‘active’. This cannot be deviated from if one wants to work with 'consent' as the ‘legal basis’ for processing personal data. Moreover, the GDPR does not provide that minors themselves can consent to have their personal data processed in the context of research.


If asking (active) consent for the processing of personal data is problematic, consider the following solutions:

  • Anonymous data: A first possibility is to design your research in such a way that you do not collect or process personal data. You will then be working with anonymous data, which means that the GDPR privacy legislation does not apply. Note: when you collect personal data and later anonymise it, the GDPR does apply. For more info see this research tip.
  • Reorganise: See if you can organise your research so that the use of active consent is feasible.
  • Public interest: according to the GDPR, you need a legal ground for the lawful processing of personal data (see this research tip). For research at UGent, the preferred legal ground for collecting and processing personal data is ‘consent’. This means that you have to ask the persons concerned (or their parents/guardians in the case of minors) ‘active’ permission for the processing of their personal data. In exceptional circumstances, however, it could be considered to process personal data based on the legal ground of ‘public interest’. However, there must be a detailed justification as to why this is necessary. With this legal ground you do not need to ask permission for the processing of personal data. Mind you: from an ethical point of view it will usually still be appropriate to ask for consent to participate in the research. This can for example be done on the basis of passive consent by the parents/guardian when the research involves minors.


The procedure for using public interest as a legal ground for processing personal data in the context of your research starts with an application to the ethics committee. The faculty ethics committee has no legal authority. It is therefore important to make a clear distinction between the ethical part and the legal part in your application.

Because a positive ethical opinion is necessary to invoke ‘general interest’ as a legal ground, the ethics committee follows the following procedure:


  1. If you want to use public interest as a legal ground instead of consent, you first have to draw up a comprehensive justification. In this justification you try to explain from an ethical point of view why the legal ground of public interest is necessary and appropriate for carrying out the research. You add this justification to your application file for the EC
  2. Then, the EC takes on the task of evaluating whether a positive ethical opinion can be given for the entire application and the use of public interest in particular. The researchers may need to answer additional questions from the EC during this evaluation
  3. If the EC gives a positive opinion (meaning also for the use of general interest), the Data Protection Officer (DPO) is asked for an opinion.
  4. There are then two possible outcomes
    • The DPO gives a positive opinion about the use of 'public interest' as a legal ground. After that, the EC gives its final approval of the entire file and the research can be carried out.
    • The DPO gives a negative advice: in this case, the ethics committee will request additional advice from the faculty research director. The research director can decide to follow the negative advice of the DPO, or decide not to follow the DPO’s opinion. In the latter case, the research can continue with public interest as a legal ground for the collection of personal data.
Depending on the complexity of your file, the procedure to use public interest can significantly delay the handling of your application by the EC. It is therefore a good idea to request support from Jan Lammertyn before submitting your file.

Interesting links and examples