How do “consent” and “legitimate interest” differ in practice?

Consent means the subscriber has explicitly agreed to receive your communications, typically through an opt-in action like checking a box or submitting a signup form. It must be freely given (not bundled with unrelated agreements), specific (about what they're agreeing to), informed (they understand what they're signing up for), and unambiguous (a clear affirmative act). The key characteristic is that the subscriber has control. They udecided to opt in, and they can withdraw consent at any time with equal ease.

Legitimate interests allows processing without explicit consent when you have a genuine reason to process the data, processing is necessary to achieve that purpose, and the individual's rights don't override your interests. For email marketing, this might apply when marketing similar products to existing customers. They uhave a relationship with you, would reasonably expect relevant communications, and the processing serves your legitimate commercial interests. However, legitimate interests requires a documented balancing test (Legitimate Interest Assessment) weighing your interests against the individual's rights.

The practical differences are significant. With consent: you need explicit opt-in before sending; subscribers can withdraw easily; you need proof of consent if challenged; consent must be specific to each purpose. With legitimate interests: you can send based on relationship/expectation without explicit opt-in; subscribers have a right to object (which you must honor); you need documented LIA showing the balancing test; you must provide easy opt-out in every message. Consent is permission-based. They usaid yes. Legitimate interests is expectation-based. They uwould reasonably expect this. Both require different evidence and offer different subscriber rights.